Edit tour

Windows Analysis Report
http://www.rr8844.com

Overview

General Information

Sample URL:	http://www.rr8844.com
Analysis ID:	1583168
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious Javascript

Performs DNS queries to domains with low reputation

Connects to several IPs in different countries

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1996,i,11860038956780945597,535589302757175344,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.rr8844.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://www.xtpag.top:2087/images/672e3dcf290341902fe11411.gif

Avira URL Cloud: Label: malware

Phishing

AI detected suspicious Javascript

Source: 1.13..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://xmad.7wzx9.com/pangda/tbad.js... This script demonstrates several high-risk behaviors, including data exfiltration, redirects to suspicious domains, and the use of obfuscated URLs. The script appears to be generating a list of links and images, many of which point to untrusted or potentially malicious domains. This suggests the script may be part of a phishing or scam operation, and it should be considered a high-risk threat.

Source: unknown

HTTPS traffic detected: 23.145.136.94:443 -> 192.168.2.4:49760 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 61MB

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: go.imgmimi.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: go.imgmimi.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: go.imgmimi.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: go.imgmimi.xyz

Source: unknown

Network traffic detected: IP country count 10

Source: global traffic

TCP traffic: 192.168.2.4:49746 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/style.css?v=19 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/jquery.min.js HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/common15.js?v=100087799 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /header.html?v=9999999 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/html, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /footer.html?v=9999999 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/html, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pangda/base.js?v=9999999 HTTP/1.1Host: xmad.7wzx9.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/search2.js HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/jquery.min.js HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/common15.js?v=100087799 HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /header.html?v=9999999 HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /footer.html?v=9999999 HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pangda/tbad.js HTTP/1.1Host: xmad.7wzx9.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/images/bgg.png HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/images/logo.jpg HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/fonts/iconfont1.woff2 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.rr8844.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.rr8844.com/css/style.css?v=19Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/1kkky_1300x240.gif HTTP/1.1Host: ig23.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/Fky_1300x240.gif HTTP/1.1Host: ig72.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_67f016f8ae5948e4a82fbfedd1ad400a~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/GYyh_1300x240.gif HTTP/1.1Host: ig32.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_4314275b0467418ab4bd32c8da4d6358~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/fftyc_1300x240.gif HTTP/1.1Host: ig38.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/search2.js HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pangda/base.js?v=9999999 HTTP/1.1Host: xmad.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /318d22cf923239b38dec8c9337224fb4.gif HTTP/1.1Host: go.imgmimi.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wns1300x200.gif HTTP/1.1Host: sezhang.s3.ap-southeast-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/996a_180x180.gif HTTP/1.1Host: ig79.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/FF98t_180x180.gif HTTP/1.1Host: ig82.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1300x200.gif HTTP/1.1Host: 5967.5967007.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /11.gif HTTP/1.1Host: 5967.5967007.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/1KKky_150x150.gif HTTP/1.1Host: ig23.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_34be67cd0dc34bedbba06a4a787cba19~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pangda/tbad.js HTTP/1.1Host: xmad.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_b1d6c5504d164c40835d918239dcd10e~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/GYyh_180x180.GIF HTTP/1.1Host: ig55.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f3dab33316b44c64a6f119272fb4489e.gif HTTP/1.1Host: 555ww666yy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dd611258bd2c4f1a9cd4bcf648f7ef2e.gif HTTP/1.1Host: 555ww666yy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2828/qqww-1300-240.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/1616/PPJJ-200-200.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2828/qqww-200-1.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/1616/PPJJ-1300-240.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z.js?id=1281318611&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/11/08/1300x200.gif HTTP/1.1Host: hongniu.getehu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/11/09/150-150.gif HTTP/1.1Host: hongniu.getehu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/12/05/1300-200.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/10/28/10ss8i9.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/08/11/u98s7t.gif HTTP/1.1Host: 69vvnstttaaa888.dzlndygh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/LD/SH131.gif HTTP/1.1Host: tycjb777.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/images/bgg.png HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655358e6aaad94a5e9fe6a141b3bc5ef.gif HTTP/1.1Host: we.zz17377.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7bd578c706a9f8fb6f46da207b46e618.gif HTTP/1.1Host: we.zz17377.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/07/26/12872no.gif HTTP/1.1Host: 69vvnstttaaa888.dzlndygh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/12/05/200-200.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /00165139bb76d845bfa39bde42b929c5.gif HTTP/1.1Host: go.imgmimi.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/10/28/1300-200_1.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/images/logo.jpg HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/LD/SH132.gif HTTP/1.1Host: tycjb777.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdbcb1b08e2d9dc97758d1ca7b53357b.gif HTTP/1.1Host: vnsimg.hfzkgw.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /150x150w.gif HTTP/1.1Host: sezhang.s3.ap-southeast-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yhgifjiami/xyh/150x150.js HTTP/1.1Host: yh88812345qwerasdf.lzaotw.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tyc-4hu1300x200.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tyc-sihu150x150.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b9fb3076983380cf2d30af608afa0f94.gif.js HTTP/1.1Host: vns2.ezrent.hkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/Fky_1300x240.gif HTTP/1.1Host: ig72.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/tyxsc/xmspggTT2-1300X240.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/168sc/168-1300x240.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_67f016f8ae5948e4a82fbfedd1ad400a~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6d1a62e98f7abc0ea4a7ac9760cb2e97.gif HTTP/1.1Host: img.qxwoiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/1kkky_1300x240.gif HTTP/1.1Host: ig23.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b38048b5589bcfb538c627481211202f.gif HTTP/1.1Host: img.qxwoiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/168sc/168-200x200-2.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/tyxsc/xmspggTT2-200X200.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/GYyh_1300x240.gif HTTP/1.1Host: ig32.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/fftyc_1300x240.gif HTTP/1.1Host: ig38.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/ny.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /318d22cf923239b38dec8c9337224fb4.gif HTTP/1.1Host: go.imgmimi.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /00165139bb76d845bfa39bde42b929c5.gif HTTP/1.1Host: go.imgmimi.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yhgifjiami/xyh/1300x240.js HTTP/1.1Host: yh88812345qwerasdf.lzaotw.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_34be67cd0dc34bedbba06a4a787cba19~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_4314275b0467418ab4bd32c8da4d6358~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /11.gif HTTP/1.1Host: 5967.5967007.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf1300-200.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/GYyh_180x180.GIF HTTP/1.1Host: ig55.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf150-150.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202401/30/a2146fa33ff3/cy1300.js HTTP/1.1Host: x-hweu2.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202401/30/a2146fa33ff3/cy150.js HTTP/1.1Host: x-hweu2.hccoeutg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2828/qqww-200-1.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2828/qqww-1300-240.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/1616/PPJJ-1300-240.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/FF98t_180x180.gif HTTP/1.1Host: ig82.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/1616/PPJJ-200-200.gif HTTP/1.1Host: amjs.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7bd578c706a9f8fb6f46da207b46e618.gif HTTP/1.1Host: we.zz17377.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/uu-rt150x150.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655358e6aaad94a5e9fe6a141b3bc5ef.gif HTTP/1.1Host: we.zz17377.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/1KKky_150x150.gif HTTP/1.1Host: ig23.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/996a_180x180.gif HTTP/1.1Host: ig79.vipConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/dd9a87_b1d6c5504d164c40835d918239dcd10e~mv2.gif HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1300x200.gif HTTP/1.1Host: 5967.5967007.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: X-SUDUN-WAF-R-C=0001695112
Source: global traffic	HTTP traffic detected: GET /6d1a62e98f7abc0ea4a7ac9760cb2e97.gif HTTP/1.1Host: ylg1.duyunfk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f3dab33316b44c64a6f119272fb4489e.gif HTTP/1.1Host: 555ww666yy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dd611258bd2c4f1a9cd4bcf648f7ef2e.gif HTTP/1.1Host: 555ww666yy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/10/28/10ss8i9.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/12/05/1300-200.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z.js?id=1281318611&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/12/05/200-200.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/10/28/1300-200_1.gif HTTP/1.1Host: cc777img.dqsldz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wns1300x200.gif HTTP/1.1Host: sezhang.s3.ap-southeast-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /150x150w.gif HTTP/1.1Host: sezhang.s3.ap-southeast-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/11/09/150-150.gif HTTP/1.1Host: hongniu.getehu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/11/08/1300x200.gif HTTP/1.1Host: hongniu.getehu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tyc-sihu150x150.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tyc-4hu1300x200.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b38048b5589bcfb538c627481211202f.gif HTTP/1.1Host: ylg1.duyunfk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/LD/SH132.gif HTTP/1.1Host: tycjb777.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b9fb3076983380cf2d30af608afa0f94.gif.js HTTP/1.1Host: vns2.ezrent.hkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/LD/SH131.gif HTTP/1.1Host: tycjb777.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/07/26/12872no.gif HTTP/1.1Host: 69vvnstttaaa888.dzlndygh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/2024/08/11/u98s7t.gif HTTP/1.1Host: 69vvnstttaaa888.dzlndygh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/tyxsc/xmspggTT2-200X200.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/168sc/168-1300x240.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202401/30/a2146fa33ff3/cy150.js HTTP/1.1Host: x-hweu2.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yhgifjiami/xyh/150x150.js HTTP/1.1Host: yh88812345qwerasdf.lzaotw.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/tyxsc/xmspggTT2-1300X240.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdbcb1b08e2d9dc97758d1ca7b53357b.gif HTTP/1.1Host: vns3.ezrent.hkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/uu-rt150x150.gif HTTP/1.1Host: monkey.p2ld58.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf150-150.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf1300-200.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202401/30/a2146fa33ff3/cy1300.js HTTP/1.1Host: x-hweu2.hccoeutg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b38048b5589bcfb538c627481211202f.gif HTTP/1.1Host: ylg1.duyunfk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jiamigif/168sc/168-200x200-2.gif HTTP/1.1Host: www12.pengxunfei.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/ny.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281318611&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdbcb1b08e2d9dc97758d1ca7b53357b.gif HTTP/1.1Host: vns3.ezrent.hkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/2.ico HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UM_distinctid=194256e0475528-0a57ea5506af81-26031e51-140000-194256e0476637; CNZZDATA1281318611=1014212052-1735794755-%7C1735794755
Source: global traffic	HTTP traffic detected: GET /6d1a62e98f7abc0ea4a7ac9760cb2e97.gif HTTP/1.1Host: ylg1.duyunfk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281318611&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/images/2.ico HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UM_distinctid=194256e0475528-0a57ea5506af81-26031e51-140000-194256e0476637; CNZZDATA1281318611=1014212052-1735794755-%7C1735794755
Source: global traffic	HTTP traffic detected: GET /getDataInit HTTP/1.1Host: data.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnnjgp.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnn7uf.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unc7yj.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnnjgp.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnn7uf.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unbndf.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /forward HTTP/1.1Host: data.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unc7yj.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unae56.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/una04o.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unbndf.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/un9cdm.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/7ef7e0773c6f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ae7abced1eae/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/una04o.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unae56.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/un8bpb.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/705c2afa5b91/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/dd212f88e75a/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/60fb0c129ef8/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/d26727ebd6a5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/un8bpb.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2zdy8.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/un9cdm.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2yjhe.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2y5vq.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2zdy8.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/umz9e7.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2yjhe.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2y5vq.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/umz9e7.jpg HTTP/1.1Host: mtu.slinpic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/094f2e05c08b/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/7e6af903fba5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/bf094940c1b9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/dd504259fce9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/705c2afa5b91/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/7ef7e0773c6f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ae7abced1eae/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/dd212f88e75a/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/d26727ebd6a5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/60fb0c129ef8/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/594a71024e23/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/dff801d16405/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/2f1cae3a3b29/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/be0657958f85/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/4f4f2ebcdda9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/094f2e05c08b/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/7e6af903fba5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/bf094940c1b9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202412/31/dd504259fce9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/471c43d96fe9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/594a71024e23/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/8fa79f499219/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/dff801d16405/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/b27072fa42df/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ddf6cafcea0f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/6d4fba52e3fe/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/2f1cae3a3b29/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/be0657958f85/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/4f4f2ebcdda9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/128ca5d2c073/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/471c43d96fe9/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/8fa79f499219/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ddf6cafcea0f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/d57e9b0e172a/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/a933eaf511ef/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/6d4fba52e3fe/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/b27072fa42df/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/0ae2048d140c/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/128ca5d2c073/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/9bafe24706b5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/d57e9b0e172a/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/981ed809e1e1/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/a933eaf511ef/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ecfa86b60f78/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/3606672dc09e/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/0ae2048d140c/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/98521a9331a5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/9bafe24706b5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/981ed809e1e1/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/3606672dc09e/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/ecfa86b60f78/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/c56b3842c616/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/98521a9331a5/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202501/01/c56b3842c616/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video.html?typeId=21&typeMid=1 HTTP/1.1Host: www.rr8844.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UM_distinctid=194256e0475528-0a57ea5506af81-26031e51-140000-194256e0476637; CNZZDATA1281318611=1014212052-1735794755-%7C1735794755
Source: global traffic	HTTP traffic detected: GET /cdbcb1b08e2d9dc97758d1ca7b53357b.gif HTTP/1.1Host: vnsimg.hfzkgw.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b38048b5589bcfb538c627481211202f.gif HTTP/1.1Host: img.qxwoiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6d1a62e98f7abc0ea4a7ac9760cb2e97.gif HTTP/1.1Host: img.qxwoiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf150-150.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "2873-6293dfea22d2b"If-Modified-Since: Sat, 14 Dec 2024 17:08:22 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yhgifjiami/xyh/150x150.js HTTP/1.1Host: yh88812345qwerasdf.lzaotw.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "66f6d93d-464e7"If-Modified-Since: Fri, 27 Sep 2024 16:11:41 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getDataInit HTTP/1.1Host: data.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /forward HTTP/1.1Host: data.7wzx9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/ny.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "121a00-6266293ae6576"If-Modified-Since: Fri, 08 Nov 2024 08:31:26 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsgif/yf1300-200.js HTTP/1.1Host: 2024hwus1.heibanwa.mobiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "82dbf-6293dfeb2c32a"If-Modified-Since: Sat, 14 Dec 2024 17:08:23 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/22/214c28054d30/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/23/fb1f13f7ea29/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/19/3f0e5a99be3b/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/18/1e6931ef5c8d/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/23/fb1f13f7ea29/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/17/314e2e628318/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/16/6b45b6b1daec/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/19/3f0e5a99be3b/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/15/b0422eef5536/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/22/214c28054d30/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/14/588b8dbc8bfb/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/12/5ef689465f78/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/18/1e6931ef5c8d/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/11/4600ac64a9aa/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/10/8eceeb2a583c/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/02/7256ef6b536e/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/16/6b45b6b1daec/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/01/4ac1fe3ea9de/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/17/314e2e628318/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/15/b0422eef5536/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/14/588b8dbc8bfb/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/30/babde3de6685/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/28/80c39ec0e790/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/12/5ef689465f78/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/27/f72a7fdb7fea/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/26/647e63b246a0/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/24/87dc8d74df0f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/23/1e66f25c9133/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/02/7256ef6b536e/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/10/8eceeb2a583c/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/01/4ac1fe3ea9de/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/21/85ffd4f6e6d7/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202410/11/4600ac64a9aa/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/28/80c39ec0e790/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/30/babde3de6685/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/27/f72a7fdb7fea/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/26/647e63b246a0/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/24/87dc8d74df0f/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/23/1e66f25c9133/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/m3u8/202409/21/85ffd4f6e6d7/1.jpg HTTP/1.1Host: x-hweu5.rdfzsjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.rr8844.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.rr8844.com
Source: global traffic	DNS traffic detected: DNS query: xmad.7wzx9.com
Source: global traffic	DNS traffic detected: DNS query: data.7wzx9.com
Source: global traffic	DNS traffic detected: DNS query: v1.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: cc777img.dqsldz.com
Source: global traffic	DNS traffic detected: DNS query: x-hweu2.hccoeutg.com
Source: global traffic	DNS traffic detected: DNS query: yh88812345qwerasdf.lzaotw.com
Source: global traffic	DNS traffic detected: DNS query: 69vvnstttaaa888.dzlndygh.com
Source: global traffic	DNS traffic detected: DNS query: amjs.hccoeutg.com
Source: global traffic	DNS traffic detected: DNS query: static.wixstatic.com
Source: global traffic	DNS traffic detected: DNS query: hongniu.getehu.com
Source: global traffic	DNS traffic detected: DNS query: img.qxwoiv.com
Source: global traffic	DNS traffic detected: DNS query: sz.ggshezhantc.com
Source: global traffic	DNS traffic detected: DNS query: _8686._https.sz.ggshezhantc.com
Source: global traffic	DNS traffic detected: DNS query: 5967.5967007.com
Source: global traffic	DNS traffic detected: DNS query: ig23.vip
Source: global traffic	DNS traffic detected: DNS query: ig38.vip
Source: global traffic	DNS traffic detected: DNS query: ig72.vip
Source: global traffic	DNS traffic detected: DNS query: w0083.com
Source: global traffic	DNS traffic detected: DNS query: _33236._https.w0083.com
Source: global traffic	DNS traffic detected: DNS query: we.zz17377.com
Source: global traffic	DNS traffic detected: DNS query: sezhang.s3.ap-southeast-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: 2024hwus1.heibanwa.mobi
Source: global traffic	DNS traffic detected: DNS query: 555ww666yy.com
Source: global traffic	DNS traffic detected: DNS query: www12.pengxunfei.site
Source: global traffic	DNS traffic detected: DNS query: vnsimg.hfzkgw.com
Source: global traffic	DNS traffic detected: DNS query: ig32.vip
Source: global traffic	DNS traffic detected: DNS query: go.imgmimi.xyz
Source: global traffic	DNS traffic detected: DNS query: tycjb777.hccoeutg.com
Source: global traffic	DNS traffic detected: DNS query: www.xtpag.top
Source: global traffic	DNS traffic detected: DNS query: _2087._https.www.xtpag.top
Source: global traffic	DNS traffic detected: DNS query: monkey.p2ld58.com
Source: global traffic	DNS traffic detected: DNS query: ig79.vip
Source: global traffic	DNS traffic detected: DNS query: ig55.vip
Source: global traffic	DNS traffic detected: DNS query: w0082.com
Source: global traffic	DNS traffic detected: DNS query: _33236._https.w0082.com
Source: global traffic	DNS traffic detected: DNS query: vns2.ezrent.hk
Source: global traffic	DNS traffic detected: DNS query: ig82.vip
Source: global traffic	DNS traffic detected: DNS query: vns3.ezrent.hk
Source: global traffic	DNS traffic detected: DNS query: ylg1.duyunfk.com
Source: global traffic	DNS traffic detected: DNS query: z6.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: c.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: x-hweu5.rdfzsjs.com
Source: global traffic	DNS traffic detected: DNS query: mtu.slinpic.com

Source: unknown

HTTP traffic detected: POST /stat.htm?id=1281318611&r=&lg=en-us&ntime=none&cnzz_eid=1014212052-1735794755-&showp=1280x1024&p=https%3A%2F%2Fwww.rr8844.com%2F&t=%E6%9C%80%E6%96%B0%E7%83%AD%E9%97%A8%E7%94%B5%E5%BD%B1%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%EF%BD%9C%E5%85%8D%E8%B4%B9%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%E8%B5%84%E6%BA%90%EF%BD%9C%E7%94%B5%E5%BD%B1%E7%BD%91%E7%AB%99-%E5%85%8D%E8%B4%B9%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%E7%83%AD%E9%97%A8%E7%94%B5%E5%BD%B1%EF%BD%9C%E9%AB%98%E6%B8%85%E7%94%BB%E8%B4%A8...&umuuid=194256e0475528-0a57ea5506af81-26031e51-140000-194256e0476637&h=1 HTTP/1.1Host: z6.cnzz.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.rr8844.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.rr8844.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: http://locked5-723840144.ap-east-1.elb.amazonaws.com/wns0x040/?shareName=wns0x040
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: http://woool.996m2.com/data/attachment/forum/202307/22/170443i7hi40474l44l07u.jpg
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: http://woool.996m2.com/data/attachment/forum/202307/22/170443zi8yxih33fyf8fj2.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://18.yjxxoa.com/?shareName=ylg18
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://2024hwus1.heibanwa.mobi/jsgif/ny.js
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://2024hwus1.heibanwa.mobi/jsgif/yf1300-200.js
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://2024hwus1.heibanwa.mobi/jsgif/yf150-150.js
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://214.lxqgg.com/?shareName=zhandian214
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://48670.5386yltz11.com:5386/ad88.html?25703
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://555ww666yy.com/dd611258bd2c4f1a9cd4bcf648f7ef2e.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://555ww666yy.com/f3dab33316b44c64a6f119272fb4489e.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://568.5683853.cc:8443/?shareName=568.5683853.cc
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://5967.5967007.com/11.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://5967.5967007.com/1300x200.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://69vvnstttaaa888.dzlndygh.com/i/2024/07/26/12872no.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://69vvnstttaaa888.dzlndygh.com/i/2024/08/11/u98s7t.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://787928.com:7888
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ad.xmmnsl.com/uploads/images/1689155699.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://amjs.hccoeutg.com/i/1616/PPJJ-1300-240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://amjs.hccoeutg.com/i/1616/PPJJ-200-200.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://amjs.hccoeutg.com/i/2828/qqww-1300-240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://amjs.hccoeutg.com/i/2828/qqww-200-1.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://bjm.1vkx.cn/public/1/img/1597572842.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://cc777img.dqsldz.com/i/2024/10/28/10ss8i9.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://cc777img.dqsldz.com/i/2024/10/28/1300-200_1.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://cc777img.dqsldz.com/i/2024/10/28/620-210.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://cc777img.dqsldz.com/i/2024/12/05/1300-200.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://cc777img.dqsldz.com/i/2024/12/05/200-200.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ckxf00645.cc
Source: chromecache_225.2.dr, chromecache_373.2.dr	String found in binary or memory: https://data.7wzx9.com/forward
Source: chromecache_225.2.dr, chromecache_373.2.dr	String found in binary or memory: https://data.7wzx9.com/getDataInit
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://deiskm.memto51749.net:39006/3_medp/mdp1/158898.csv?mlm564
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://euk11.top
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ffyd.e5nk.com:8888
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://github.com/wyz7777/pangda/blob/main/README.md
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://go.imgmimi.xyz/00165139bb76d845bfa39bde42b929c5.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://go.imgmimi.xyz/318d22cf923239b38dec8c9337224fb4.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://gsygsaoc.209881.poker:23003/1_2JJ2AD
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://hdf.ggttddddbbfp835.com
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://hjf.pppttttkyhqq965.com
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://hongniu.getehu.com/i/2024/11/08/1300x200.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://hongniu.getehu.com/i/2024/11/09/150-150.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://hu101.cc
Source: chromecache_373.2.dr	String found in binary or memory: https://i.slgfjzz.com/20220105/c247889849d9d692850c37576f2812bc.jps
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://iawf05.cc/?cid=466400
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ig23.vip/img/1KKky_150x150.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ig23.vip/img/1kkky_1300x240.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ig32.vip/img/GYyh_1300x240.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ig38.vip/img/fftyc_1300x240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ig55.vip/img/GYyh_180x180.GIF
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ig72.vip/img/Fky_1300x240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ig79.vip/img/996a_180x180.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ig82.vip/img/FF98t_180x180.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://img.maldwin27.xyz/images/6471f2b049ada68764d1d429.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://img.qxwoiv.com/6d1a62e98f7abc0ea4a7ac9760cb2e97.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://img.qxwoiv.com/b38048b5589bcfb538c627481211202f.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://j4xok.vip/daxanja/youd150x350.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://j4xok.vip/dxj/xx150x350.gif
Source: chromecache_437.2.dr	String found in binary or memory: https://m776.co:65432/index.html?channelCode=1620
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://monkey.p2ld58.com/img/tyc-4hu1300x200.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://monkey.p2ld58.com/img/tyc-sihu150x150.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://monkey.p2ld58.com/img/uu-rt150x150.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://nyh32h.net/luodi_si26K
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://oetyc5.org
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://p555g557.vip
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://p8789.com
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://pj8923.com
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://qb3363.cc
Source: chromecache_395.2.dr, chromecache_457.2.dr	String found in binary or memory: https://quanjing.cnzz.com
Source: chromecache_437.2.dr	String found in binary or memory: https://s27ns.com
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://sezhang.s3.ap-southeast-1.amazonaws.com/150x150w.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://sezhang.s3.ap-southeast-1.amazonaws.com/wns1300x200.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://sm2kz.net/image/xiaolin119.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://sm2kz.net/image/yxyhd.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://static.wixstatic.com/media/dd9a87_34be67cd0dc34bedbba06a4a787cba19~mv2.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://static.wixstatic.com/media/dd9a87_4314275b0467418ab4bd32c8da4d6358~mv2.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://static.wixstatic.com/media/dd9a87_67f016f8ae5948e4a82fbfedd1ad400a~mv2.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://static.wixstatic.com/media/dd9a87_b1d6c5504d164c40835d918239dcd10e~mv2.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://sz.ggshezhantc.com:8686/1300x260caivip.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://sz.ggshezhantc.com:8686/150vip.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://t.me/CC91AV
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://t24120103-5e08b5a8a5bb9302.elb.ap-east-1.amazonaws.com:8888
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ttxmsp22.dahczv.com
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://tyc86q2.com/register
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://tycjb777.hccoeutg.com/i/LD/SH131.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://tycjb777.hccoeutg.com/i/LD/SH132.gif
Source: chromecache_288.2.dr, chromecache_379.2.dr	String found in binary or memory: https://v1.cnzz.com/z.js?id=1281318611&async=1
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://v1.cnzz.com/z_stat.php?id=1280624099&web_id=1280624099
Source: chromecache_437.2.dr	String found in binary or memory: https://vip2.loli.io/2023/08/14/ZXpMJbzHlNL7qPs.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://vns2.ezrent.hk/b9fb3076983380cf2d30af608afa0f94.gif.js
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://vnsimg.hfzkgw.com/cdbcb1b08e2d9dc97758d1ca7b53357b.gif
Source: chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://vuy81.top
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://w0082.com:33236/625a3d79f55d45618f08fe8d311c10b3.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://w0083.com:33236/1bd9e5d42614451ba8d203764d864d9d.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://we.zz17377.com/655358e6aaad94a5e9fe6a141b3bc5ef.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://we.zz17377.com/7bd578c706a9f8fb6f46da207b46e618.gif
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://www.5967ggxtz001.com/nice.htm?8175
Source: chromecache_437.2.dr	String found in binary or memory: https://www.baidu.com
Source: chromecache_395.2.dr, chromecache_457.2.dr	String found in binary or memory: https://www.cnzz.com/stat/website.php?web_id=
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://www.ff7722.com
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://www.pdsp.tv
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://www.xtpag.top:2087/images/672e3be2290341902fe11409.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://www.xtpag.top:2087/images/672e3dcf290341902fe11411.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://www12.pengxunfei.site/jiamigif/168sc/168-1300x240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://www12.pengxunfei.site/jiamigif/168sc/168-200x200-2.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://www12.pengxunfei.site/jiamigif/tyxsc/xmspggTT2-1300X240.gif
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://www12.pengxunfei.site/jiamigif/tyxsc/xmspggTT2-200X200.gif
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://x-hweu2.hccoeutg.com/video/m3u8/202401/30/a2146fa33ff3/cy1300.js
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://x-hweu2.hccoeutg.com/video/m3u8/202401/30/a2146fa33ff3/cy150.js
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://x53683.com:6987
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://xh77td.vip
Source: chromecache_288.2.dr, chromecache_217.2.dr, chromecache_261.2.dr, chromecache_361.2.dr, chromecache_273.2.dr, chromecache_379.2.dr	String found in binary or memory: https://xmad.7wzx9.com/pangda/base.js?v=9999999
Source: chromecache_288.2.dr, chromecache_379.2.dr	String found in binary or memory: https://xmad.7wzx9.com/pangda/tbad.js
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://y24110601-9bb392c3295d6d9c.elb.ap-east-1.amazonaws.com:7777?channelCode=dff240763
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://yh24122203-c468081638d2b968.elb.ap-east-1.amazonaws.com:8888
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/1300x240.js
Source: chromecache_410.2.dr, chromecache_259.2.dr	String found in binary or memory: https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/150x150.js
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://yhc339.com
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://ymtd.6dae.com/350/?cid=776786
Source: chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	String found in binary or memory: https://z.zcc0115.cc:8443/?shareName=716839983
Source: chromecache_268.2.dr, chromecache_437.2.dr	String found in binary or memory: https://z4a.net/images/2023/05/08/150x350.gif

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937

Source: unknown

HTTPS traffic detected: 23.145.136.94:443 -> 192.168.2.4:49760 version: TLS 1.2

Source: classification engine

Classification label: mal56.troj.win@17/408@180/53

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1996,i,11860038956780945597,535589302757175344,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.rr8844.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1996,i,11860038956780945597,535589302757175344,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.rr8844.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://www.rr8844.com/css/images/logo.jpg	0%	Avira URL Cloud	safe
https://j4xok.vip/dxj/xx150x350.gif	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/c56b3842c616/1.jpg	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2zdy8.jpg	0%	Avira URL Cloud	safe
https://xmad.7wzx9.com/pangda/base.js?v=9999999	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ddf6cafcea0f/1.jpg	0%	Avira URL Cloud	safe
https://hdf.ggttddddbbfp835.com	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/094f2e05c08b/1.jpg	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/bf094940c1b9/1.jpg	0%	Avira URL Cloud	safe
https://www.rr8844.com/css/fonts/iconfont1.woff2	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unc7yj.jpg	0%	Avira URL Cloud	safe
http://locked5-723840144.ap-east-1.elb.amazonaws.com/wns0x040/?shareName=wns0x040	0%	Avira URL Cloud	safe
https://hongniu.getehu.com/i/2024/11/08/1300x200.gif	0%	Avira URL Cloud	safe
https://ig38.vip/img/fftyc_1300x240.gif	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/10/8eceeb2a583c/1.jpg	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/d26727ebd6a5/1.jpg	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2y5vq.jpg	0%	Avira URL Cloud	safe
https://oetyc5.org	0%	Avira URL Cloud	safe
https://hjf.pppttttkyhqq965.com	0%	Avira URL Cloud	safe
https://we.zz17377.com/7bd578c706a9f8fb6f46da207b46e618.gif	0%	Avira URL Cloud	safe
https://tycjb777.hccoeutg.com/i/LD/SH131.gif	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/22/214c28054d30/1.jpg	0%	Avira URL Cloud	safe
https://w0082.com:33236/625a3d79f55d45618f08fe8d311c10b3.gif	0%	Avira URL Cloud	safe
https://www12.pengxunfei.site/jiamigif/168sc/168-200x200-2.gif	0%	Avira URL Cloud	safe
http://woool.996m2.com/data/attachment/forum/202307/22/170443i7hi40474l44l07u.jpg	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnn7uf.jpg	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/dff801d16405/1.jpg	0%	Avira URL Cloud	safe
https://ylg1.duyunfk.com/b38048b5589bcfb538c627481211202f.gif	0%	Avira URL Cloud	safe
https://gsygsaoc.209881.poker:23003/1_2JJ2AD	0%	Avira URL Cloud	safe
https://img.maldwin27.xyz/images/6471f2b049ada68764d1d429.gif	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnnjgp.jpg	0%	Avira URL Cloud	safe
https://18.yjxxoa.com/?shareName=ylg18	0%	Avira URL Cloud	safe
https://z.zcc0115.cc:8443/?shareName=716839983	0%	Avira URL Cloud	safe
https://ig79.vip/img/996a_180x180.gif	0%	Avira URL Cloud	safe
https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/1300x240.js	0%	Avira URL Cloud	safe
https://www.ff7722.com	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ecfa86b60f78/1.jpg	0%	Avira URL Cloud	safe
https://2024hwus1.heibanwa.mobi/jsgif/yf1300-200.js	0%	Avira URL Cloud	safe
http://www.rr8844.com/	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/una04o.jpg	0%	Avira URL Cloud	safe
https://vns2.ezrent.hk/b9fb3076983380cf2d30af608afa0f94.gif.js	0%	Avira URL Cloud	safe
https://www.pdsp.tv	0%	Avira URL Cloud	safe
https://5967.5967007.com/1300x200.gif	0%	Avira URL Cloud	safe
https://787928.com:7888	0%	Avira URL Cloud	safe
https://t24120103-5e08b5a8a5bb9302.elb.ap-east-1.amazonaws.com:8888	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202409/24/87dc8d74df0f/1.jpg	0%	Avira URL Cloud	safe
https://ig32.vip/img/GYyh_1300x240.gif	0%	Avira URL Cloud	safe
https://www.5967ggxtz001.com/nice.htm?8175	0%	Avira URL Cloud	safe
https://5967.5967007.com/11.gif	0%	Avira URL Cloud	safe
https://sm2kz.net/image/yxyhd.gif	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/9bafe24706b5/1.jpg	0%	Avira URL Cloud	safe
https://hongniu.getehu.com/i/2024/11/09/150-150.gif	0%	Avira URL Cloud	safe
https://ymtd.6dae.com/350/?cid=776786	0%	Avira URL Cloud	safe
https://ig23.vip/img/1KKky_150x150.gif	0%	Avira URL Cloud	safe
https://data.7wzx9.com/getDataInit	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/12/5ef689465f78/1.jpg	0%	Avira URL Cloud	safe
https://555ww666yy.com/f3dab33316b44c64a6f119272fb4489e.gif	0%	Avira URL Cloud	safe
https://ffyd.e5nk.com:8888	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unbndf.jpg	0%	Avira URL Cloud	safe
https://yh24122203-c468081638d2b968.elb.ap-east-1.amazonaws.com:8888	0%	Avira URL Cloud	safe
https://ttxmsp22.dahczv.com	0%	Avira URL Cloud	safe
https://2024hwus1.heibanwa.mobi/jsgif/ny.js	0%	Avira URL Cloud	safe
https://we.zz17377.com/655358e6aaad94a5e9fe6a141b3bc5ef.gif	0%	Avira URL Cloud	safe
https://p8789.com	0%	Avira URL Cloud	safe
https://yhc339.com	0%	Avira URL Cloud	safe
http://woool.996m2.com/data/attachment/forum/202307/22/170443zi8yxih33fyf8fj2.gif	0%	Avira URL Cloud	safe
https://www.rr8844.com/footer.html?v=9999999	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ae7abced1eae/1.jpg	0%	Avira URL Cloud	safe
https://www.rr8844.com/static/jquery.min.js	0%	Avira URL Cloud	safe
https://ckxf00645.cc	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2yjhe.jpg	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/6d4fba52e3fe/1.jpg	0%	Avira URL Cloud	safe
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/18/1e6931ef5c8d/1.jpg	0%	Avira URL Cloud	safe
https://i.slgfjzz.com/20220105/c247889849d9d692850c37576f2812bc.jps	0%	Avira URL Cloud	safe
https://deiskm.memto51749.net:39006/3_medp/mdp1/158898.csv?mlm564	0%	Avira URL Cloud	safe
https://hu101.cc	0%	Avira URL Cloud	safe
https://ig55.vip/img/GYyh_180x180.GIF	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unae56.jpg	0%	Avira URL Cloud	safe
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/umz9e7.jpg	0%	Avira URL Cloud	safe
https://sz.ggshezhantc.com:8686/150vip.gif	0%	Avira URL Cloud	safe
https://xmad.7wzx9.com/pangda/tbad.js	0%	Avira URL Cloud	safe
https://monkey.p2ld58.com/img/tyc-sihu150x150.gif	0%	Avira URL Cloud	safe
https://m776.co:65432/index.html?channelCode=1620	0%	Avira URL Cloud	safe
https://ig82.vip/img/FF98t_180x180.gif	0%	Avira URL Cloud	safe
https://www.xtpag.top:2087/images/672e3dcf290341902fe11411.gif	100%	Avira URL Cloud	malware
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/16/6b45b6b1daec/1.jpg	0%	Avira URL Cloud	safe
https://ig23.vip/img/1kkky_1300x240.gif	0%	Avira URL Cloud	safe
https://w0083.com:33236/1bd9e5d42614451ba8d203764d864d9d.gif	0%	Avira URL Cloud	safe
https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/150x150.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
tycjb777.hccoeutg.com.bplslb.com	113.219.144.65	true	false	unknown
ig38.vip	23.224.82.187	true	false	high
ig55.vip	23.224.82.187	true	false	unknown
n97sevw8.n.cccdn88.top	23.145.136.94	true	false	unknown
69vvnstttaaa888.dzlndygh.com.bplslb.com	183.204.210.219	true	false	unknown
monkey.p2ld58.com.bplslb.com	116.162.210.150	true	false	unknown
ig72.vip	23.224.82.187	true	false	unknown
s3-r-w.ap-southeast-1.amazonaws.com	3.5.146.228	true	false	high
79rvc2.g.1112dns.com	154.91.91.54	true	false	high
zpnzdh.g.1112dns.com	154.91.91.56	true	false	unknown
all.cnzz.com.danuoyi.tbcache.com	106.225.241.95	true	false	high
5or0d1.c.1112dns.com	123.6.18.17	true	false	unknown
ns3.hii-go.com	88.99.67.51	true	false	unknown
g9cf36a.cn88.jhydns01.com	185.200.64.142	true	false	unknown
catu.imgapp.top	188.114.96.3	true	false	unknown
www12.pengxunfei.site.bplslb.com	183.204.210.219	true	false	unknown
aztsdjeg.xiaohongshu-mycdn.com	194.147.100.102	true	false	unknown
hcdnw122.maoyun.cdnhwcibv122.com	221.194.141.162	true	false	unknown
www.google.com	142.250.186.68	true	false	high
kegymmtv.jixingcdn.com	104.160.179.210	true	false	unknown
my109-site-01.cdn-ng.net	43.251.59.146	true	false	unknown
cc777img.dqsldz.com.bplslb.com	111.7.66.168	true	false	unknown
go.imgmimi.xyz	172.67.148.80	true	false	high
ig82.vip	216.180.227.131	true	false	unknown
h02wph.c.1112dns.com	123.6.18.115	true	false	unknown
hcdnw101.v3.cdnhwcprh113.com	61.54.86.170	true	false	high
mtu.slinpic.com	104.26.10.58	true	false	unknown
hongniu.getehu.com.bplslb.com	147.160.191.176	true	false	unknown
kcxgm62j.tyccdn888.com	194.147.100.10	true	false	unknown
vns2.ezrent.hk.w.cdngslb.com	163.181.131.208	true	false	unknown
d1cq301dpr7fww.cloudfront.net	99.86.4.79	true	false	high
ig32.vip	23.224.82.187	true	false	unknown
ig23.vip	216.180.227.131	true	false	unknown
amjs.hccoeutg.com.bplslb.com	147.160.191.176	true	false	unknown
hcdnd101.sme.cdnhwcaip122.cn	221.194.141.150	true	false	unknown
ig79.vip	23.224.82.187	true	false	unknown
ssh02.cdn.youziyundns.com	149.104.32.188	true	false	unknown
z.gds.cnzz.com	223.109.148.174	true	false	high
amjs.hccoeutg.com	unknown	unknown	false	high
vns2.ezrent.hk	unknown	unknown	false	unknown
sezhang.s3.ap-southeast-1.amazonaws.com	unknown	unknown	false	unknown
vnsimg.hfzkgw.com	unknown	unknown	false	high
yh88812345qwerasdf.lzaotw.com	unknown	unknown	false	unknown
data.7wzx9.com	unknown	unknown	false	unknown
v1.cnzz.com	unknown	unknown	false	high
ylg1.duyunfk.com	unknown	unknown	false	unknown
c.cnzz.com	unknown	unknown	false	high
img.qxwoiv.com	unknown	unknown	false	high
sz.ggshezhantc.com	unknown	unknown	false	unknown
www12.pengxunfei.site	unknown	unknown	false	unknown
_2087._https.www.xtpag.top	unknown	unknown	false	unknown
w0082.com	unknown	unknown	false	unknown
2024hwus1.heibanwa.mobi	unknown	unknown	false	unknown
hongniu.getehu.com	unknown	unknown	false	unknown
x-hweu2.hccoeutg.com	unknown	unknown	false	unknown
5967.5967007.com	unknown	unknown	false	unknown
www.rr8844.com	unknown	unknown	false	high
69vvnstttaaa888.dzlndygh.com	unknown	unknown	false	high
w0083.com	unknown	unknown	false	unknown
we.zz17377.com	unknown	unknown	false	unknown
static.wixstatic.com	unknown	unknown	false	high
vns3.ezrent.hk	unknown	unknown	false	high
555ww666yy.com	unknown	unknown	false	unknown
cc777img.dqsldz.com	unknown	unknown	false	high
_8686._https.sz.ggshezhantc.com	unknown	unknown	false	unknown
www.xtpag.top	unknown	unknown	false	unknown
monkey.p2ld58.com	unknown	unknown	false	unknown
_33236._https.w0083.com	unknown	unknown	false	unknown
tycjb777.hccoeutg.com	unknown	unknown	false	unknown
z6.cnzz.com	unknown	unknown	false	high
xmad.7wzx9.com	unknown	unknown	true	unknown
_33236._https.w0082.com	unknown	unknown	false	unknown
x-hweu5.rdfzsjs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://xmad.7wzx9.com/pangda/base.js?v=9999999	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/css/images/logo.jpg	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2zdy8.jpg	false	Avira URL Cloud: safe	unknown
https://img.qxwoiv.com/b38048b5589bcfb538c627481211202f.gif	false		high
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/bf094940c1b9/1.jpg	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ddf6cafcea0f/1.jpg	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/094f2e05c08b/1.jpg	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/css/fonts/iconfont1.woff2	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/c56b3842c616/1.jpg	false	Avira URL Cloud: safe	unknown
https://69vvnstttaaa888.dzlndygh.com/i/2024/08/11/u98s7t.gif	false		high
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unc7yj.jpg	false	Avira URL Cloud: safe	unknown
https://ig38.vip/img/fftyc_1300x240.gif	false	Avira URL Cloud: safe	unknown
https://hongniu.getehu.com/i/2024/11/08/1300x200.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/10/8eceeb2a583c/1.jpg	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2y5vq.jpg	false	Avira URL Cloud: safe	unknown
https://amjs.hccoeutg.com/i/1616/PPJJ-1300-240.gif	false		high
https://x-hweu5.rdfzsjs.com/video/m3u8/202412/31/d26727ebd6a5/1.jpg	false	Avira URL Cloud: safe	unknown
https://we.zz17377.com/7bd578c706a9f8fb6f46da207b46e618.gif	false	Avira URL Cloud: safe	unknown
https://tycjb777.hccoeutg.com/i/LD/SH131.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/22/214c28054d30/1.jpg	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnn7uf.jpg	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/dff801d16405/1.jpg	false	Avira URL Cloud: safe	unknown
https://www12.pengxunfei.site/jiamigif/168sc/168-200x200-2.gif	false	Avira URL Cloud: safe	unknown
https://ylg1.duyunfk.com/b38048b5589bcfb538c627481211202f.gif	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/xnnjgp.jpg	false	Avira URL Cloud: safe	unknown
https://ig79.vip/img/996a_180x180.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ecfa86b60f78/1.jpg	false	Avira URL Cloud: safe	unknown
https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/1300x240.js	false	Avira URL Cloud: safe	unknown
https://2024hwus1.heibanwa.mobi/jsgif/yf1300-200.js	false	Avira URL Cloud: safe	unknown
http://www.rr8844.com/	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/una04o.jpg	false	Avira URL Cloud: safe	unknown
https://vns2.ezrent.hk/b9fb3076983380cf2d30af608afa0f94.gif.js	false	Avira URL Cloud: safe	unknown
https://go.imgmimi.xyz/318d22cf923239b38dec8c9337224fb4.gif	false		high
https://5967.5967007.com/1300x200.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202409/24/87dc8d74df0f/1.jpg	false	Avira URL Cloud: safe	unknown
https://ig32.vip/img/GYyh_1300x240.gif	false	Avira URL Cloud: safe	unknown
https://5967.5967007.com/11.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/9bafe24706b5/1.jpg	false	Avira URL Cloud: safe	unknown
https://ig23.vip/img/1KKky_150x150.gif	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/12/5ef689465f78/1.jpg	false	Avira URL Cloud: safe	unknown
https://data.7wzx9.com/getDataInit	false	Avira URL Cloud: safe	unknown
https://hongniu.getehu.com/i/2024/11/09/150-150.gif	false	Avira URL Cloud: safe	unknown
https://555ww666yy.com/f3dab33316b44c64a6f119272fb4489e.gif	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unbndf.jpg	false	Avira URL Cloud: safe	unknown
https://2024hwus1.heibanwa.mobi/jsgif/ny.js	false	Avira URL Cloud: safe	unknown
https://we.zz17377.com/655358e6aaad94a5e9fe6a141b3bc5ef.gif	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/footer.html?v=9999999	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/ae7abced1eae/1.jpg	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E9%9C%B2%E5%87%BA%E6%BF%80%E6%83%85/x2yjhe.jpg	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/static/jquery.min.js	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202501/01/6d4fba52e3fe/1.jpg	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/18/1e6931ef5c8d/1.jpg	false	Avira URL Cloud: safe	unknown
https://cc777img.dqsldz.com/i/2024/10/28/10ss8i9.gif	false		high
https://ig55.vip/img/GYyh_180x180.GIF	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/	false		unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/unae56.jpg	false	Avira URL Cloud: safe	unknown
https://mtu.slinpic.com/%E8%A1%97%E6%8B%8D%E5%81%B7%E6%8B%8D/umz9e7.jpg	false	Avira URL Cloud: safe	unknown
https://x-hweu5.rdfzsjs.com/video/m3u8/202410/16/6b45b6b1daec/1.jpg	false	Avira URL Cloud: safe	unknown
https://xmad.7wzx9.com/pangda/tbad.js	true	Avira URL Cloud: safe	unknown
https://amjs.hccoeutg.com/i/1616/PPJJ-200-200.gif	false		high
https://ig82.vip/img/FF98t_180x180.gif	false	Avira URL Cloud: safe	unknown
https://monkey.p2ld58.com/img/tyc-sihu150x150.gif	false	Avira URL Cloud: safe	unknown
https://69vvnstttaaa888.dzlndygh.com/i/2024/07/26/12872no.gif	false		high
https://ig23.vip/img/1kkky_1300x240.gif	false	Avira URL Cloud: safe	unknown
https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/150x150.js	false	Avira URL Cloud: safe	unknown
https://www.rr8844.com/video.html?typeId=21&typeMid=1	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://hdf.ggttddddbbfp835.com	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://cc777img.dqsldz.com/i/2024/10/28/620-210.gif	chromecache_268.2.dr, chromecache_437.2.dr	false		high
https://j4xok.vip/dxj/xx150x350.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
http://locked5-723840144.ap-east-1.elb.amazonaws.com/wns0x040/?shareName=wns0x040	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://oetyc5.org	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://hjf.pppttttkyhqq965.com	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://w0082.com:33236/625a3d79f55d45618f08fe8d311c10b3.gif	chromecache_410.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://v1.cnzz.com/z_stat.php?id=1280624099&web_id=1280624099	chromecache_268.2.dr, chromecache_437.2.dr	false		high
http://woool.996m2.com/data/attachment/forum/202307/22/170443i7hi40474l44l07u.jpg	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://gsygsaoc.209881.poker:23003/1_2JJ2AD	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://18.yjxxoa.com/?shareName=ylg18	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://img.maldwin27.xyz/images/6471f2b049ada68764d1d429.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://z.zcc0115.cc:8443/?shareName=716839983	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ff7722.com	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://www.5967ggxtz001.com/nice.htm?8175	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://www.pdsp.tv	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://t24120103-5e08b5a8a5bb9302.elb.ap-east-1.amazonaws.com:8888	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://787928.com:7888	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://sm2kz.net/image/yxyhd.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://ymtd.6dae.com/350/?cid=776786	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://ffyd.e5nk.com:8888	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://yh24122203-c468081638d2b968.elb.ap-east-1.amazonaws.com:8888	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://ttxmsp22.dahczv.com	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://yhc339.com	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
http://woool.996m2.com/data/attachment/forum/202307/22/170443zi8yxih33fyf8fj2.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://p8789.com	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://ckxf00645.cc	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://deiskm.memto51749.net:39006/3_medp/mdp1/158898.csv?mlm564	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://hu101.cc	chromecache_268.2.dr, chromecache_410.2.dr, chromecache_437.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://i.slgfjzz.com/20220105/c247889849d9d692850c37576f2812bc.jps	chromecache_373.2.dr	false	Avira URL Cloud: safe	unknown
https://sz.ggshezhantc.com:8686/150vip.gif	chromecache_410.2.dr, chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://m776.co:65432/index.html?channelCode=1620	chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown
https://www.xtpag.top:2087/images/672e3dcf290341902fe11411.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: malware	unknown
https://w0083.com:33236/1bd9e5d42614451ba8d203764d864d9d.gif	chromecache_268.2.dr, chromecache_437.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
154.91.91.56	zpnzdh.g.1112dns.com	Seychelles	134705	ITACE-AS-APItaceInternationalLimitedHK	false
154.91.91.54	79rvc2.g.1112dns.com	Seychelles	134705	ITACE-AS-APItaceInternationalLimitedHK	false
142.132.201.10	unknown	Canada	22686	UNIVERSITYOFWINNIPEG-ASNCA	false
104.26.11.58	unknown	United States	13335	CLOUDFLARENETUS	false
223.109.148.174	z.gds.cnzz.com	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
99.86.4.105	unknown	United States	16509	AMAZON-02US	false
111.174.12.113	unknown	China	136194	CHINATELECOM-HUBEI-HUANGSHI-IDCHuangshiHubeiProvinceP	false
88.99.67.51	ns3.hii-go.com	Germany	24940	HETZNER-ASDE	false
221.194.141.150	hcdnd101.sme.cdnhwcaip122.cn	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
218.12.76.163	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
113.219.144.65	tycjb777.hccoeutg.com.bplslb.com	China	63838	CT-HUNAN-HENGYANG-IDCHengyangCN	false
185.200.64.142	g9cf36a.cn88.jhydns01.com	United Kingdom	54600	PEGTECHINCUS	false
123.6.18.47	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
106.225.241.95	all.cnzz.com.danuoyi.tbcache.com	China	134238	CT-JIANGXI-IDCCHINANETJiangxprovinceIDCnetworkCN	false
183.204.210.219	69vvnstttaaa888.dzlndygh.com.bplslb.com	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
43.251.59.146	my109-site-01.cdn-ng.net	Taiwan; Republic of China (ROC)	131603	WSN-TW-NET-ASWorldstarNetworkTW	false
123.6.18.89	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
104.160.179.210	kegymmtv.jixingcdn.com	United States	46844	ST-BGPUS	false
36.42.77.151	unknown	China	134768	CHINANET-SHAANXI-CLOUD-BASECHINANETSHAANXIprovinceCloud	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.145.136.94	n97sevw8.n.cccdn88.top	Reserved	6939	HURRICANEUS	false
23.145.136.95	unknown	Reserved	6939	HURRICANEUS	false
116.162.210.150	monkey.p2ld58.com.bplslb.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
61.54.86.170	hcdnw101.v3.cdnhwcprh113.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
194.147.100.10	kcxgm62j.tyccdn888.com	unknown	33965	LITECOMLitecomAGCH	false
163.181.131.208	vns2.ezrent.hk.w.cdngslb.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
103.170.14.197	unknown	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
23.224.82.187	ig38.vip	United States	40065	CNSERVERSUS	false
123.6.18.17	5or0d1.c.1112dns.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
111.7.66.168	cc777img.dqsldz.com.bplslb.com	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
163.181.131.209	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
99.86.4.79	d1cq301dpr7fww.cloudfront.net	United States	16509	AMAZON-02US	false
194.147.100.95	unknown	unknown	33965	LITECOMLitecomAGCH	false
36.99.2.62	unknown	China	139018	CHINANET-HENAN-LUOYANG-IDCHenanLuoyangIDCCN	false
216.180.227.131	ig82.vip	United States	11042	NTHLUS	false
175.6.201.25	unknown	China	63838	CT-HUNAN-HENGYANG-IDCHengyangCN	false
52.219.132.71	unknown	United States	16509	AMAZON-02US	false
149.104.32.188	ssh02.cdn.youziyundns.com	United States	174	COGENT-174US	false
218.60.100.167	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
194.147.100.102	aztsdjeg.xiaohongshu-mycdn.com	unknown	33965	LITECOMLitecomAGCH	false
172.67.148.80	go.imgmimi.xyz	United States	13335	CLOUDFLARENETUS	false
43.251.59.126	unknown	Taiwan; Republic of China (ROC)	131603	WSN-TW-NET-ASWorldstarNetworkTW	false
147.160.191.176	hongniu.getehu.com.bplslb.com	United States	398027	ASN-BELL2US	false
104.160.179.196	unknown	United States	46844	ST-BGPUS	false
120.233.179.91	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
216.180.236.138	unknown	United States	11042	NTHLUS	false
104.26.10.58	mtu.slinpic.com	United States	13335	CLOUDFLARENETUS	false
221.194.141.162	hcdnw122.maoyun.cdnhwcibv122.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
3.5.146.228	s3-r-w.ap-southeast-1.amazonaws.com	United States	16509	AMAZON-02US	false
188.114.96.3	catu.imgapp.top	European Union	13335	CLOUDFLARENETUS	false
123.6.18.115	h02wph.c.1112dns.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583168
Start date and time:	2025-01-02 06:11:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.rr8844.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.troj.win@17/408@180/53

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 216.58.206.78, 64.233.167.84, 216.58.212.142, 142.250.181.238, 142.250.74.206, 172.217.18.10, 142.250.184.202, 142.250.185.202, 142.250.185.74, 142.250.186.170, 142.250.184.234, 216.58.206.74, 216.58.206.42, 142.250.186.42, 142.250.185.234, 142.250.181.234, 142.250.186.138, 172.217.16.202, 142.250.74.202, 142.250.185.170, 142.250.186.106, 84.201.210.18, 192.229.221.95, 142.250.185.206, 172.217.18.14, 142.250.185.78, 172.217.16.195, 142.250.186.46, 184.28.90.27, 52.149.20.212, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.rr8844.com

Input	Output
URL: http://www.rr8844.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://www.rr8844.com
URL: https://www.rr8844.com/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to have some moderate-risk indicators, such as external data transmission and aggressive DOM manipulation. However, it does not demonstrate any clear malicious intent or high-risk behaviors. The script seems to be related to displaying a pop-up with a list of URLs, potentially for sharing with friends. While the behavior may be considered aggressive or intrusive, it does not appear to be directly harmful. Further review may be necessary to determine the full context and purpose of the script." }
var ua = navigator.userAgent.toLowerCase(); $(document).ready(function () { getHomeV(); if (ua.indexOf('baidu') < 0 && moreUrl.length > 0) { var _moveUrl = moreUrl; if (_moveUrl.length > 5) { _moveUrl = getRandomArrayElements(_moveUrl, 5); } for (var i = 0; i < _moveUrl.length; i++) {} var allUrl = _moveUrl.join("\\r\\n"); var popDiv = document.createElement("dl"); popDiv.id = "popBox"; popDiv.setAttribute("class", "pop"); popDiv.style.backgroundImage = 'url(' + worldBgImage + ')'; popDiv.style.backgroundSize = 'cover'; popDiv.style.transform = 'scale(1)'; popDiv.style.border = '0px'; popDiv.innerHTML += ' <dd style="margin-top:95px;"></dd>'; for (var i = 0; i < _moveUrl.length; i++) { popDiv.innerHTML += ' <dd class="url" style="background:transparent;text-align:left;font-size: 12px;padding:0 25px;line-height:25px;letter-spacing: 1px;">' + _moveUrl[i] + '</dd>'; } popDiv.innerHTML += ' <dd class="url" style="background:transparent;text-align:left;font-size: 12px;padding:0 25px;line-height:25px;letter-spacing: 1px;">5</dd>'; popDiv.innerHTML += ' <dd class="btn-close" style="margin-top:20px;"><a href="javascript:void(0)" onclick="hideMask();return false;"><i class="icon-close"></i></a></dd>'; body.appendChild(popDiv); if(popDiv != null) { showMask("10"); } } })
URL: https://www.rr8844.com/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This script appears to be a legitimate analytics/tracking script from the CNZZ analytics platform. While it uses the legacy `document.createElement` and `document.getElementsByTagName` methods, which are considered low-risk indicators, the script's purpose is for web analytics, which is a common and expected behavior. There are no signs of high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. Overall, this script poses a low risk." }
var _czc = _czc \|\| []; (function () { var um = document.createElement("script"); um.src = "https://v1.cnzz.com/z.js?id=1281318611&async=1"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(um, s); })();
URL: https://xmad.7wzx9.com/pangda/tbad.js... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration, redirects to suspicious domains, and the use of obfuscated URLs. The script appears to be generating a list of links and images, many of which point to untrusted or potentially malicious domains. This suggests the script may be part of a phishing or scam operation, and it should be considered a high-risk threat." }
var appAbkDiv = document.getElementById('tbad'); function loadContent() { // var items = [ { link: "https://vuy81.top", image: "https://cc777img.dqsldz.com/i/2024/10/28/10ss8i9.gif", name: "同城约炮" }, { link: "https://euk11.top", image: "https://x-hweu2.hccoeutg.com/video/m3u8/202401/30/a2146fa33ff3/cy150.js", name: "春药商城" }, { link: "https://t24120103-5e08b5a8a5bb9302.elb.ap-east-1.amazonaws.com:8888", image: "https://ig82.vip/img/FF98t_180x180.gif", name: "太阳城" }, { link: "https://787928.com:7888", image: "https://amjs.hccoeutg.com/i/2828/qqww-200-1.gif", name: "太阳城" }, { link: "https://www.5967ggxtz001.com/nice.htm?8175", image: "https://5967.5967007.com/11.gif", name: "必赢" }, { link: "https://pj8923.com", image: "https://amjs.hccoeutg.com/i/1616/PPJJ-200-200.gif", name: "新葡京" }, { link: "https://18.yjxxoa.com/?shareName=ylg18", image: "https://img.qxwoiv.com/b38048b5589bcfb538c627481211202f.gif", name: "澳门葡京" }, { link: "https://x53683.com:6987", image: "https://w0082.com:33236/625a3d79f55d45618f08fe8d311c10b3.gif", name: "澳门葡京" }, { link: "https://hu101.cc", image: "https://69vvnstttaaa888.dzlndygh.com/i/2024/08/11/u98s7t.gif", name: "威尼斯人" }, { link: "http://locked5-723840144.ap-east-1.elb.amazonaws.com/wns0x040/?shareName=wns0x040", image: "https://sezhang.s3.ap-southeast-1.amazonaws.com/150x150w.gif", name: "新普京" }, { link: "https://ymtd.6dae.com/350/?cid=776786", image: "https://www.xtpag.top:2087/images/672e3be2290341902fe11409.gif", name: "PG娱乐" }, { link: "https://gsygsaoc.209881.poker:23003/1_2JJ2AD", image: "https://static.wixstatic.com/media/dd9a87_4314275b0467418ab4bd32c8da4d6358~mv2.gif", name: "抖阴直播" }, { link: "https://hjf.pppttttkyhqq965.com", image: "https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/150x150.js", name: "澳门银河" }, { link: "https://ttxmsp22.dahczv.com", image: "https://www12.pengxunfei.site/jiamigif/tyxsc/xmspggTT2-200X200.gif", name: "太阳国际" }, { link: "https://214.lxqgg.com/?shareName=zhandian214", image: "https://vns2.ezrent.hk/b9fb3076983380cf2d30af608afa0f94.gif.js", name: "威尼斯人" }, { link: "https://nyh32h.net/luodi_si26K", image: "https://monkey.p2ld58.com/img/uu-rt150x150.gif", name: "学姐直播" }, { link: "https://z.zcc0115.cc:8443/?shareName=716839983", image: "https://we.zz17377.com/7bd578c706a9f8fb6f46da207b46e618.gif", name: "PG电子" }, { link: "https://568.5683853.cc:8443/?shareName=568.5683853.cc", image: "https://go.imgmimi.xyz/00165139bb76d845bfa39bde42b929c5.gif", name: "开元官方" }, { link: "https://yh24122203-c468081638d2b968.elb.ap-east-1.amazonaws.com:8888", image: "https://ig55.vip/im
URL: https://www.rr8844.com/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a search functionality implementation with some basic user agent detection and handling of mobile devices. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on managing the user interface and search-related functionality, which is a common and legitimate use case. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and does not raise significant security concerns." }
var ua = navigator.userAgent.toLowerCase(); var isSafari = /Version[\|\/]([0-9.]+)([^0-9a-zA-Z]+)Mobile[\|\/]([0-9a-zA-Z]+)([^0-9a-zA-Z]+)Safari[\|\/]([0-9.]+)$/i.test(ua); var isMobile = ua.indexOf("windows nt") == -1 && ua.indexOf("macintosh") == -1 && ua.indexOf("pad") == -1 && ua.indexOf("x86_64") == -1; var isAndroid = ua.indexOf("android") > -1; var isPad = ua.indexOf("pad") > -1; /* / var helangSearch = { / / els: {}, / / searchIndex: 0, / / hot: { / / color: ['#ff2c00', '#ff5a00', '#ff8105', '#fd9a15', '#dfad1c', '#6bc211', '#3cc71e', '#3cbe85', '#51b2ef', '#53b0ff'], / / list: [ '', '', '', '', '', '', '', '', '', '' ] }, / / init: function () { var _this = this; this.els = { pickerBtn: $(".picker"), pickerList: $(".picker-list"), logo: $(".logo"), hotList: $(".hot-list"), input: $("#search-input"), button: $(".searchs") }; / / this.els.hotList.html(function () { var str = ''; $.each(_this.hot.list, function (index, item) { str += '<a href="movieSearch.html?content=' + item + '&typeMid=1&typeId=0&type=1">' + '<div class="number" style="color: ' + _this.hot.color[index] + '">' + (index + 1) + '</div>' + '<div>' + item + '</div>' + '</a>'; }); return str; }); / / / / this.els.pickerBtn.click(function () { if (_this.els.pickerList.is(':hidden')) { setTimeout(function () { _this.els.pickerList.show(); }, 100); } }); / / this.els.pickerList.on("click", ">li", function () { // _this.els.logo.css("background-image", ('url(img/' + $(this).data("logo") + ')')); _this.searchIndex = $(this).index(); _this.els.pickerBtn.html($(this).html() + "<i class=\"icon-searchsarrows\"></i>") }); / / this.els.input.click(function () { if (!$(this).val()) { if (!isAndroid && isSafari) { } else { setTimeout(function () { _this.els.hotList.show(); }, 100); } } }); / / this.els.input.on("input", function () { if ($(this).val()) { _this.els.hotList.hide(); } }); / / this.els.button.click(function () { var searchArr = ['', '', '']; if (_this.els.input.val() != "") { if (searchArr[_this.searchIndex] == "") { window.location.href = "movieSearch.html?content=" + _this.els.input.val()+"&typeMid="+1+"&typeId="+0+"&type="+1; } if (searchArr[_this.searchIndex] == "") { window.location.href = "imageSearch.html?content=" + _this.els.input.val()+"&typeMid="+2+"&typeId="+0+"&type="+2; } if (searchArr[_this.searchIndex] == "") { window.location.href = "novelSearch.html?content=" + _this.els.input.val()+"&typeMid="+2+"&typeId="+0+"&type="+3; } } });// / / $(document).click(function () { _this.els.pickerList.hide(); _this.els.hotList.hide(); }); / */ } };
URL: https://xmad.7wzx9.com/pangda/base.js?v=9999999... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate to high-risk concerns, including potential data exfiltration, use of obfuscated URLs, and aggressive DOM manipulation. While some of the content appears to be related to legitimate purposes like analytics and tracking, the overall behavior and the presence of suspicious domains and URLs suggest further investigation is warranted. The final risk score is in the medium range, indicating the need for closer scrutiny and potential mitigation measures." }
// var onlineHref ="https://t.me/CC91AV"; var wzfby = "https://www.pdsp.tv" var worldBgImage = "./css/images/bgg.png"; var body = document.body; var ua = navigator.userAgent.toLowerCase(); var domain = window.location.host; // var xl1 =""; var xl2 =""; var xl3 =""; var appName = ""; //APP var title = "QQ"; var appUrl = ""; //APP var appUrl1 = ""; var updateUrl = "https://github.com/wyz7777/pangda/blob/main/README.md"; // var emailUrl = "yy8y.email"; //"<em>g</em><span>s</span><em>et</em><span>ok</span><em>u</em><span>wb</span><em>r</em><span>qr</span><em>l</em><span>kt</span><em>@gm<span>zi</span>ai<span>mk</span>l.c<span>yq</span>om</em>"; // var countUrl = "";//"https://v1.cnzz.com/z_stat.php?id=1280624099&web_id=1280624099"; //JS var getSpons = true; var moreUrl = [ "https://4HTV", "https://www.ff7722.com", "https://www.ff7722.com", "", "www.pdsp.tv ()" ]; /* [150350] [2] / // var couplet = true; // var coupletData = [ // { imgs: ["https://sm2kz.net/image/xiaolin119.gif"], url: "https://s27ns.com" }, // //{ imgs: ["https://img.maldwin27.xyz/images/6471f2b049ada68764d1d429.gif"], url: "https://s27ns.com" }, // { imgs: ["https://z4a.net/images/2023/05/08/150x350.gif"], url: "https://yhc339.com" } // ]; // /* 1 [150350] [2] / // var couplet1 = true; // var coupletData1 = [ // { imgs: ["https://j4xok.vip/dxj/xx150x350.gif"], url: "https://m776.co:65432/index.html?channelCode=1620" }, // //{ imgs: ["https://j4xok.vip/daxanja/youd150x350.gif"], url: "https://m776.co:65432/index.html?channelCode=1620" }, // { imgs: ["https://z4a.net/images/2023/05/08/150x350.gif"], url: "https://yhc339.com" } // ]; /* 3 [960X400] [3] / var topData = [ // { imgs: ["https://sm2kz.net/image/yxyhd.gif"], url: "https://s27ns.com" } ]; / 4 [960X80] [4] / var btmData = [ // {imgs:["http://woool.996m2.com/data/attachment/forum/202307/22/170443i7hi40474l44l07u.jpg"],url:'https://qb3363.cc'}, //1 // {imgs:["http://woool.996m2.com/data/attachment/forum/202307/22/170443zi8yxih33fyf8fj2.gif"],url:'https://oetyc5.org'}, //2 ]; / 8 [960x400] [8] */ var midData = [ { imgs: ["https://cc777img.dqsldz.com/i/2024/10/28/1300-200_1.gif"], url: "https://vuy81.top" }, { imgs: ["https://cc777img.dqsldz.com/i/2024/10/28/1300-200_1.gif"], url: "https://vuy81.top" }, { imgs: ["https://x-hweu2.hccoeutg.com/video/m3u8/202401/30/a2146fa33ff3/cy1300.js"], url: "https://euk11.top" }, { imgs: ["https://x-hweu2.hccoeutg.com/video/m3u8/202401/30/a2146fa33ff3/cy1300.js"], url: "https://euk11.top" }, { imgs: ["https://yh88812345qwerasdf.lzaotw.com/yhgifjiami/xyh/1300x240.js"], url: "https://hjf.pppttttkyhqq965.com" }, { imgs: ["https://69vvnstttaaa888.dzlndygh.com/i/2024/07/26/12872no.gif"], url: "https://hu101.cc" }, { imgs: ["https://amjs.hccoeutg.com/i/1616/PPJJ-1300-240.gif"], url: "https://pj8923.com" }, { imgs: ["https://static.wixstatic.com/media/dd9a87_b1d6c5504d164c40835d918239dcd10e~mv2.gif"], url: "https://deiskm.memto51749.net:39006/3_medp/mdp1/158898.csv?mlm564" }, { imgs: ["https://static.wixstatic.com/media/dd9a87_67f016f8ae5948e4a82fbfedd1ad400a~mv2.gif"], url: "https://gsygsaoc.209881.poker:23003/1_2JJ2AD" }, { imgs: ["https://w0083.com:33236/1bd9e5d42614451ba8d203764d864d9d.gif"], url: "https://x53683.com:6987" }, { imgs: ["https://hongniu.getehu.com/i/2024/11/08/1300x200.gif"], url: "https://ckxf00645.cc" }, { imgs: ["https://5967.5967007.com/1300x200.gif"], url: "https://www.5967ggxtz001.com/nice.htm?8175" }, { imgs: ["https://555ww666yy.com/f3dab33316b44c64a6f119272fb4489e.gif"], url: "https://p555g557.vip" }, { imgs: ["https://sezhang.s3.ap-southeast-1.amazonaws.com/wns1300x200.gif"], url: "http://locked5-723840144.ap-east-1.elb.amazonaws.com/wns0x040/?shareName=wns0x040" }, { imgs: ["https://we.zz17377.com/655358e6
URL: https://www.rr8844.com/... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily consists of utility functions and object manipulations typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk." }
/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|m(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document,
URL: https://www.rr8844.com/... Model: Joe Sandbox AI	```json { "risk_score": 5, "reasoning": "The script sends user data to an external domain (https://data.7wzx9.com) using XMLHttpRequest, which is a moderate-risk indicator (+2 points). The domain is not recognized as a trusted or reputable domain, which adds suspicion (+1 point). The script also performs aggressive DOM manipulation by altering the innerHTML of elements based on the response data (+2 points). There is no evidence of high-risk behaviors such as dynamic code execution or data exfiltration of sensitive information. The final risk score is 5, indicating a medium risk that warrants further review." }
function init(){ var data = {name: "John", age: 31, city: "New York"}; var json = JSON.stringify(data); var xhr = new XMLHttpRequest(); xhr.open("POST", "https://data.7wzx9.com/getDataInit", true); xhr.setRequestHeader("Content-type", "application/json"); xhr.onreadystatechange = function(){ if(xhr.readyState === XMLHttpRequest.DONE){ if(xhr.status === 200){ var data = xhr.responseText var response = JSON.parse(data); var menu0ListMap = xhr.responseText // console.log("xhr.responseText:"+xhr.responseText) // console.log("response:"+response.data.menu0ListMap) var subMenu = ''; for(var i in response.data.menu0ListMap) { if (i.length > 0) { // menuData.sort(randomsort); subMenu += '<dl>'; subMenu += '<dt><a href="'+response.data.menu0ListMap[i].href+'?typeId='+response.data.menu0ListMap[i].typeId+'&typeMid='+response.data.menu0ListMap[i].typeMid+'" target="_blank" rel="nofollow">'+response.data.menu0ListMap[i].typeName+'</a></dt>'; console.log("response.data.menu0ListMap[i].length"+response.data.menu0ListMap[i].length) for (var z = 0; z < response.data.menu0ListMap[i].menu2List.length; z++) { var typeId = getQueryVariable("typeId"); if(null!=typeId && typeId == response.data.menu0ListMap[i].menu2List[z].typeId2){ subMenu += '<dd><a class="cur" id="'+response.data.menu0ListMap[i].menu2List[z].typeId2+'" href="' + response.data.menu0ListMap[i].menu2List[z].href+'?typeId='+ response.data.menu0ListMap[i].menu2List[z].typeId2+"&typeMid="+ response.data.menu0ListMap[i].menu2List[z].typeMid2+ '"rel="nofollow">' + response.data.menu0ListMap[i].menu2List[z].typeName2 + '</a></dd>'; }else{ subMenu += '<dd><a id="'+response.data.menu0ListMap[i].menu2List[z].typeId2+'" href="' + response.data.menu0ListMap[i].menu2List[z].href+'?typeId='+ response.data.menu0ListMap[i].menu2List[z].typeId2+"&typeMid="+ response.data.menu0ListMap[i].menu2List[z].typeMid2+ '"rel="nofollow">' + response.data.menu0ListMap[i].menu2List[z].typeName2 + '</a></dd>'; } } subMenu += '</dl>'; } } if(response.data.webInfoMationPoMap!=null&&response.data.webInfoMationPoMap.length>0){ onlineHref = response.data.webInfoMationPoMap.TG[0][0]; } xl1 = response.data.macVodLinkMap; console.log("init xl1"+xl1); // getId('banner1').innerHTML = ' <a href="'+response.data.uploadDetailPoMap.BANNER_1[0].link+'" target="_blank" rel="nofollow"><img src="'+response.data.uploadDetailPoMap.BANNER_1[0].imgName+'" alt=""></a>'; getId('menuBox').innerHTML = subMenu; } } } xhr.send(json); } function getHomeV() { var data = {command: "WEB_GET_ALL",languageType:"CN",content:""}; var json = JSON.stringify(data); var xhr = new XMLHttpRequest(); xhr.open("POST", "https://data.7wzx9.com/forward", true); xhr.setRequestHeader("Content-type", "application/json"); xhr.onreadystatechange = function(){ if(xhr.readyState === XMLHttpRequest.DONE){ if(xhr.status === 200){ var data = xhr.responseText var response = JSON.parse(data); var menu0ListMap = xhr.responseText var subMenu = ''; var newsData = response.data.count; for(var i in response.data.resultList) { if(response.data.resultList[i].t_type == "M_VOIDE"){ subMenu+= '<div class="wrap">'; subMenu+= '<div class="mod index-list">'; subMenu+= '<div class="title">'; subMenu+= '<h3><i class="icon-fire"></i><a href="'+response.data.resultList[i].href+"?typeId="+response.data.resultList[i].type_id+'&typeMid='+response.data.resultList[i].type_Mid+'">'+response.data.resultList[i].t_Name+'</a></h3>'; subMenu+= '</div>'; subMenu+= '<div class="row col5 clearfix" id ="">'; for(var z in response.data.resultList[i].t_list){ subMenu+= '<dl>'; subMenu+= '<dt><a href="'+response.data.resultList[i].t_list[z].href+'?id='+response.data.resultList[i].t_
URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": " !", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "888", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "888", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.rr8844.com/video.html?typeId=21&typeMid=1 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "888", "prominent_button_name": "888", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "brands": [ "Rr8844.com" ] }
	{ "brands": [ "Rr8844.com" ] }
URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "brands": [ "Rr8844.com", "98t.com", "8v7.com", "5967.com", "x54.com", "993.com", "69v.com", "615.cc", "yh23.com", "2000.com", "pg.app", "pgb.app", "6636.cc", "888.com" ] }

URL: https://www.rr8844.com/ Model: Joe Sandbox AI	{ "brands": [ "Rr8844.Com", "98T.COM", "8V7.COM", "X54.COM", "168.VIP", "993.COM", "60V.COM", "615.CC", "YH23.COM", "07.CC", "PGE", "568.CC", "KY", "996.VIP", "PG", "6636.CC", "8888" ] }

URL: https://www.rr8844.com/video.html?typeId=21&typeMid=1 Model: Joe Sandbox AI	{ "brands": [ "Rr8844.Com", "98T.COM", "8V7.COM", "X54.COM", "993.COM", "60V.COM", "YH23.COM", "07.CC", "568.CC", "1888", "996.VIP", "PG", "8906.COM", "6636.CC", "548.CC", "1KK.VIP" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 280 x 280
Category:	dropped
Size (bytes):	86874
Entropy (8bit):	7.972092381041628
Encrypted:	false
SSDEEP:	1536:mHv6LRAfu59JBqwvwLQCuKQ1tMc5ec2sP2nZ/pTc76ZQo9ku/XB:mHCXREwYLNkjkc2sORTc76ZQoCoB
MD5:	4ADFF30DE339670B3F4D0BD2C2FEDB5B
SHA1:	78F96011FD35905C0467D35514DEB745BF454AA6
SHA-256:	49200B72E6C40D81B5535674D8045081B85B6BF2DB6C28BD233D8F6F4838C0A6
SHA-512:	DA22042EEF2169A6C1740E3483ED2F2F85814A19150013779F4F63DA7C1C157E3CB15C431EBA38C3F75C6DC9E74C5CF0CCCFD193E38FD7B8EF8CA1F6FE549485
Malicious:	false
Reputation:	low
Preview:	GIF89a....................H89.0:.:C...../...t.. H8...)Ax(8.Xs....N..q.(..7.S.(.<q.....(...........X.......,.-9(:.3..h.y.X...T..h......E..h.x........h.x.P..x.SLZ...\|n...J...((8......8J......d.5.Zo............i..._............L....).....I}.8...........S..H.....X..X..V..h..h..x..x........((........(88...................t..j..H....X..S..h..x..x........w...........................(.(8(.............GH@../..+..+...<<...d...((....88(..........................W..30(..........b.......}/.......(..8(.H8(..................dYP...U4.u....yg...X8'.sV..p.........;...hT_H=N(.h8'......(...h(.z9(.WL.xi....PGx=:.m.....(..S...((x((...h((8..X((h88H(((..X88...8((..........................rkk............888(((.........!..NETSCAPE2.0.....!...S...,........@...-X.00.......P@....6.H..C..3F.q.:...m[.M.5m..Y[I2]:f0.....&3....,.n.......o.&G:..!..........>..~:Zg.U.O.....^(\|...+..-(zo..KWW=]x...o.d..'CF8Z2w..G[.qcl.!.....E..+j...a.

Timestamp	Bytes transferred	Direction	Data
Jan 2, 2025 06:12:28.602010012 CET	429	OUT	GET / HTTP/1.1 Host: www.rr8844.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 2, 2025 06:12:29.211291075 CET	357	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 02 Jan 2025 05:12:29 GMT Content-Type: text/html Content-Length: 166 Connection: keep-alive Location: https://www.rr8844.com/ Server: nginx Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>
Jan 2, 2025 06:13:14.216398954 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:29 UTC	657	OUT	GET / HTTP/1.1 Host: www.rr8844.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:30 UTC	334	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:30 GMT Content-Type: text/html Content-Length: 3124 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Sat, 02 Mar 2024 11:41:54 GMT ETag: "c34-612abfaa3a480" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:30 UTC	3124	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0a 09 09 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 3c 74 69 74 6c 65 3e e6 9c 80 e6 96 b0 e7 83 ad e9 97 a8 e7 94 b5 e5 bd b1 e5 9c a8 e7 ba bf e8 a7 82 e7 9c 8b ef bd 9c e5 85 8d e8 b4 b9 e9 ab 98 e6 b8 85 e7 94 b5 e5 bd b1 e8 b5 84 e6 ba 90 ef bd Data Ascii: <html lang="zh-CN"><head><meta charset="utf8"><meta http-equiv="Content-type" name="viewport"content="initial-scale=1.0, maximum-scale=1.0, user-scalable=no, width=device-width"><title>

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:30 UTC	545	OUT	GET /css/style.css?v=19 HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:31 UTC	335	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:31 GMT Content-Type: text/css Content-Length: 42149 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Fri, 05 Apr 2024 17:24:13 GMT ETag: "a4a5-6155cb976a940" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:31 UTC	16049	IN	Data Raw: ef bb bf 2f 2a 20 e5 85 a8 e5 b1 80 20 2a 2f 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 70 78 3b 7d 0a 68 74 6d 6c 2c 62 6f 64 79 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 7d 0a 68 74 6d 6c 2c 62 6f 64 79 2c 64 69 76 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 70 2c 73 70 61 6e 2c 65 6d 2c 61 2c 69 6d 67 2c 75 6c 2c 6c 69 2c 6f 6c 2c 66 6f 72 6d 2c 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 74 65 78 74 61 72 65 61 2c 64 6c 2c 64 74 2c 64 64 2c 69 66 72 61 6d 65 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 65 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 3a 31 34 70 78 2f 31 2e 35 20 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 2c 41 76 65 6e 69 Data Ascii: /* */html{font-size:100px;}html,body{height:100%;}html,body,div,h1,h2,h3,h4,h5,h6,p,span,em,a,img,ul,li,ol,form,button,input,textarea,dl,dt,dd,iframe{margin:0;padding:0;}body{background:#eee;text-align:left;font:14px/1.5 Microsoft Yahei,Aveni
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 34 30 70 78 3b 7d 0a 2e 6d 6f 64 20 2e 63 6f 6c 35 20 64 74 20 61 3a 68 6f 76 65 72 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 69 6d 61 67 65 73 2f 70 6c 61 79 2e 70 6e 67 29 20 63 65 6e 74 65 72 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0a 2e 6d 6f 64 20 2e 63 6f 6c 35 20 64 74 20 69 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 32 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 31 30 70 78 20 34 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 30 64 65 67 2c 23 30 30 30 2c 23 30 30 30 20 32 35 2e 35 25 2c 23 Data Ascii: 40px;}.mod .col5 dt a:hover:before{background:url(images/play.png) center no-repeat;}.mod .col5 dt i{position:absolute;right:0;bottom:0;left:0;width:auto;height:20px;padding:10px 10px 4px;overflow:hidden;background:linear-gradient(0deg,#000,#000 25.5%,#
2025-01-02 05:12:31 UTC	9716	IN	Data Raw: 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 31 30 70 78 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 69 6d 61 67 65 73 2f 74 6f 75 63 68 5f 61 70 70 2e 70 6e 67 29 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 63 68 61 6e 67 65 50 61 67 65 4f 70 74 69 6f 6e 73 7b 0a 09 68 65 69 67 68 74 3a 34 34 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 0a 7d 0a 0a 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 34 31 34 70 78 29 7b 0a 2e 70 61 67 69 6e 61 74 69 6f 6e 20 61 7b 6d 61 Data Ascii: n: center;background-size: 10px 10px;background-image: url(images/touch_app.png);margin-top: 5px;margin-left: 5px;background-repeat: no-repeat;}.changePageOptions{height:44px;margin-left:10px;}@media (max-width: 414px){.pagination a{ma

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:30 UTC	533	OUT	GET /static/jquery.min.js HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:31 UTC	350	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:31 GMT Content-Type: application/javascript Content-Length: 89476 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Mon, 04 May 2020 23:01:38 GMT ETag: "15d84-5a4da8367d880" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:31 UTC	16034	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 Data Ascii: /! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c Data Ascii: ase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]\|
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 55 28 65 2c 74 Data Ascii: ],!0,o,a);else if(void 0!==r&&(i=!0,m(r)\|\|(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 72 29 29 3b 72 65 74 75 72 6e 20 65 7d 53 2e 65 78 74 65 6e 64 28 7b 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 2c 63 3d 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 79 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f 72 28 61 3d 76 65 28 63 29 2c 72 3d 30 2c Data Ascii: e(ve(r,"script")),r.parentNode.removeChild(r));return e}S.extend({htmlPrefilter:function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked\|\|1!==e.nodeType&&11!==e.nodeType\|\|S.isXMLDoc(e)))for(a=ve(c),r=0,
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 79 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 72 74 2e 76 61 6c 75 65 3b 76 61 72 20 70 74 2c 64 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72 2c 65 2c 74 2c 31 3c 61 72 67 75 6d 65 6e Data Ascii: tion")),rt.type="checkbox",y.checkOn=""!==rt.value,y.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.type="radio",y.radioValue="t"===rt.value;var pt,dt=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<argumen
2025-01-02 05:12:31 UTC	7906	IN	Data Raw: 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20 5f 74 3d 7b 30 3a 32 30 30 2c 31 32 32 33 3a 32 30 34 7d 2c 7a 74 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 28 29 3b 79 2e 63 6f 72 73 3d 21 21 7a 74 26 26 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 7a 74 2c 79 2e 61 6a 61 78 3d 7a 74 3d 21 21 7a 74 2c 53 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 2c 61 3b 69 66 28 79 2e 63 6f 72 73 7c 7c 7a 74 26 26 21 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 29 72 65 74 75 72 6e 7b 73 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: xSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var _t={0:200,1223:204},zt=S.ajaxSettings.xhr();y.cors=!!zt&&"withCredentials"in zt,y.ajax=zt=!!zt,S.ajaxTransport(function(i){var o,a;if(y.cors\|\|zt&&!i.crossDomain)return{send:function(

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:30 UTC	543	OUT	GET /static/common15.js?v=100087799 HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:31 UTC	349	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:31 GMT Content-Type: application/javascript Content-Length: 64745 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Tue, 14 May 2024 17:34:12 GMT ETag: "fce9-6186d68fe59e2" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:31 UTC	16035	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 7b 0a 09 76 61 72 20 64 61 74 61 20 3d 20 7b 6e 61 6d 65 3a 20 22 4a 6f 68 6e 22 2c 20 61 67 65 3a 20 33 31 2c 20 63 69 74 79 3a 20 22 4e 65 77 20 59 6f 72 6b 22 7d 3b 0a 09 76 61 72 20 6a 73 6f 6e 20 3d 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 3b 0a 0a 09 76 61 72 20 78 68 72 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 09 78 68 72 2e 6f 70 65 6e 28 22 50 4f 53 54 22 2c 20 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 2e 37 77 7a 78 39 2e 63 6f 6d 2f 67 65 74 44 61 74 61 49 6e 69 74 22 2c 20 74 72 75 65 29 3b 0a 09 78 68 72 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 2c 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a Data Ascii: function init(){var data = {name: "John", age: 31, city: "New York"};var json = JSON.stringify(data);var xhr = new XMLHttpRequest();xhr.open("POST", "https://data.7wzx9.com/getDataInit", true);xhr.setRequestHeader("Content-type", "application/j
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 88 92 45 50 39 41 56 e7 af 87 2e e8 a2 81 e5 ad 90 e4 bb aa e6 9d a8 e6 9f b3 2e e6 ac b2 e7 81 ab e9 9a be e8 80 90 e9 80 86 e6 8e a8 e6 91 84 e5 bd b1 e5 b8 88 22 20 73 74 79 6c 65 3d 22 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 31 73 20 65 61 73 65 20 30 73 3b 20 6f 70 61 63 69 74 79 3a 20 31 3b 22 3e 3c 69 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 64 74 3e 0a 09 09 09 09 09 09 2f 2f 20 3c 64 64 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 76 69 64 65 6f 2f 73 68 69 70 69 6e 2f 31 31 31 35 33 33 2e 68 74 6d 6c 22 3e 3c 68 33 3e e7 aa 81 e8 a2 ad e5 a5 b3 e4 bc 98 e8 ae a1 e5 88 92 45 50 39 41 56 e7 af 87 2e e8 a2 81 e5 ad 90 e4 bb aa e6 9d a8 e6 9f b3 2e e6 ac b2 e7 81 ab e9 9a be e8 80 90 e9 80 86 e6 8e a8 e6 91 84 e5 bd b1 e5 b8 88 3c 2f 68 33 3e 3c 2f 61 3e 3c Data Ascii: EP9AV.." style="transition: all 1s ease 0s; opacity: 1;"><i></i></a></dt>// <dd><a href="./video/shipin/111533.html"><h3>EP9AV..</h3></a><
2025-01-02 05:12:31 UTC	16384	IN	Data Raw: 28 6e 6f 77 50 61 67 65 2d 6b 29 3e 30 29 7b 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 61 64 64 2b 2b 3b 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 73 75 62 4d 65 6e 75 32 20 2b 3d 27 3c 61 20 63 6c 61 73 73 3d 22 61 62 69 61 6f 71 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 2b 67 65 79 50 61 67 65 50 68 6f 74 6f 32 28 27 2b 28 4e 75 6d 62 65 72 28 6e 6f 77 50 61 67 65 2b 61 64 64 29 29 2b 27 2c 32 30 2c 27 2b 74 79 70 65 49 64 2b 27 2c 27 2b 74 79 70 65 4d 69 64 2b 27 2c 27 2b 28 4e 75 6d 62 65 72 28 6e 6f 77 50 61 67 65 2b 61 64 64 29 29 2b 27 2c 5c 27 27 2b 64 65 63 6f 64 65 55 52 49 28 63 6f 6e 74 65 6e 74 29 2b 27 5c 27 2c 27 2b 74 79 70 65 2b 27 29 22 3e 27 2b 28 4e 75 6d 62 65 72 28 6e 6f 77 50 61 67 65 2b 61 64 64 29 29 2b 27 3c 2f 61 3e 27 3b 0a 09 Data Ascii: (nowPage-k)>0){add++;subMenu2 +='<a class="abiaoqian" onclick="+geyPagePhoto2('+(Number(nowPage+add))+',20,'+typeId+','+typeMid+','+(Number(nowPage+add))+',\''+decodeURI(content)+'\','+type+')">'+(Number(nowPage+add))+'</a>';
2025-01-02 05:12:31 UTC	15942	IN	Data Raw: 20 20 20 20 20 20 20 69 6f 73 4e 61 74 69 76 65 3a 20 74 72 75 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 09 09 09 0a 09 09 09 09 09 7d 29 3b 7d 65 6c 73 65 7b 0a 09 09 09 09 09 76 61 72 20 70 6c 61 79 65 72 20 3d 20 6e 65 77 20 50 6c 79 72 28 76 69 64 65 6f 2c 20 7b 0a 09 09 09 09 09 09 63 61 70 74 69 6f 6e 73 3a 20 7b 61 63 74 69 76 65 3a 20 74 72 75 65 2c 20 75 70 64 61 74 65 3a 20 74 72 75 65 2c 20 6c 61 6e 67 75 61 67 65 3a 20 27 61 75 74 6f 27 7d 2c 0a 09 09 09 09 09 09 63 6f 6e 74 72 6f 6c 73 3a 20 5b 0a 09 09 09 09 09 09 20 20 27 70 6c 61 79 2d 6c 61 72 67 65 27 2c 20 2f 2f 20 54 68 65 20 6c 61 72 67 65 20 70 6c 61 79 20 62 75 74 74 6f 6e 20 69 6e 20 74 68 65 20 63 65 6e 74 65 72 0a 09 09 09 09 09 09 Data Ascii: iosNative: true }});}else{var player = new Plyr(video, {captions: {active: true, update: true, language: 'auto'},controls: [ 'play-large', // The large play button in the center

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:31 UTC	583	OUT	GET /header.html?v=9999999 HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/html, /; q=0.01 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:32 UTC	335	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:32 GMT Content-Type: text/html Content-Length: 6098 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Thu, 27 Jun 2024 13:54:20 GMT ETag: "17d2-61bdf77b59c2f" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:32 UTC	6098	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 39 22 3e 0a 3c 73 74 79 6c 65 3e 2e 61 62 6b 2d 69 74 65 6d 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 61 62 6b 2d 69 74 65 6d 20 2e 61 62 6b 2d 69 6d 61 67 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 61 62 6b 2d 69 74 65 6d 20 2e 61 62 6b 2d 69 6d 61 67 65 20 69 6d 67 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 61 62 6b 2d Data Ascii: <link rel="stylesheet" href="./css/style.css?v=19"><style>.abk-item{width:100%;display:block;overflow:hidden;position:relative}.abk-item .abk-image{width:100%;height:100%;overflow:hidden}.abk-item .abk-image img{width:100%;height:100%;display:block}.abk-

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:31 UTC	583	OUT	GET /footer.html?v=9999999 HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/html, /; q=0.01 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:32 UTC	310	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:32 GMT Content-Type: text/html Content-Length: 876 Connection: close Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Sat, 02 Mar 2024 11:41:53 GMT ETag: "36c-612abfa946240" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:32 UTC	876	IN	Data Raw: 0a 09 0a 0a 09 3c 64 69 76 20 69 64 3d 22 62 74 6d 42 6f 78 22 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 75 70 6c 65 74 22 3e 0a 09 09 0a 09 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e e8 ad a6 e5 91 8a ef b8 b0 e6 9c ac e7 b6 b2 e7 ab 99 e5 8f aa e9 80 99 e5 90 88 e5 8d 81 e5 85 ab e6 ad b2 e6 88 96 e4 bb a5 e4 b8 8a e4 ba ba e5 a3 ab e8 a7 80 e7 9c 8b e3 80 82 e5 85 a7 e5 ae b9 e5 8f af e8 83 bd e4 bb a4 e4 ba ba e5 8f 8d e6 84 9f ef bc 9b e4 b8 8d e5 8f af e5 b0 87 e6 9c ac e7 b6 b2 e7 ab 99 e7 9a 84 e5 85 a7 e5 ae b9 e6 b4 be e7 99 bc e3 80 81 e5 82 b3 e9 96 b1 e3 80 81 e5 87 ba e5 94 ae e3 80 81 e5 87 ba e7 a7 9f Data Ascii: <div id="btmBox"></div> <div id="couplet"></div><div class="footer"><div class="wrap">

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:32 UTC	536	OUT	GET /pangda/base.js?v=9999999 HTTP/1.1 Host: xmad.7wzx9.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:33 UTC	556	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:33 GMT Content-Type: application/javascript Content-Length: 24639 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Wed, 01 Jan 2025 17:12:33 GMT ETag: W/"603f-62ab304f4024a" Server: nginx X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Access-Control-Expose-Headers: * Access-Control-Allow-Credentials: true Access-Control-Max-Age: 1728000 Accept-Ranges: bytes
2025-01-02 05:12:33 UTC	15828	IN	Data Raw: 0a 2f 2f 20 76 61 72 20 6f 6e 6c 69 6e 65 48 72 65 66 20 3d 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 43 43 39 31 41 56 22 3b 0a 76 61 72 20 77 7a 66 62 79 20 3d 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 64 73 70 2e 74 76 22 0a 76 61 72 20 77 6f 72 6c 64 42 67 49 6d 61 67 65 20 3d 20 22 2e 2f 63 73 73 2f 69 6d 61 67 65 73 2f 62 67 67 2e 70 6e 67 22 3b 0a 76 61 72 20 62 6f 64 79 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 0a 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 20 2f 2f e5 9f 9f e5 90 8d 0a 76 61 72 20 78 6c 31 20 3d 22 22 3b 0a 76 61 72 20 78 6c 32 20 Data Ascii: // var onlineHref ="https://t.me/CC91AV";var wzfby = "https://www.pdsp.tv"var worldBgImage = "./css/images/bgg.png";var body = document.body;var ua = navigator.userAgent.toLowerCase();var domain = window.location.host; //var xl1 ="";var xl2
2025-01-02 05:12:33 UTC	8811	IN	Data Raw: 65 6d 6f 76 65 43 68 69 6c 64 28 6d 61 73 6b 42 6f 78 29 3b 0a 20 20 20 20 70 6f 70 42 6f 78 20 3d 20 67 65 74 49 64 28 27 70 6f 70 42 6f 78 27 29 3b 0a 20 20 20 20 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 70 6f 70 42 6f 78 29 3b 0a 20 20 20 20 62 6f 64 79 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 20 3d 20 22 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 74 6f 75 63 68 2d 61 63 74 69 6f 6e 3a 20 70 61 6e 2d 79 3b 22 3b 0a 20 20 20 20 2f 2f 20 73 65 74 43 6f 6f 6b 69 65 28 22 6e 65 77 75 72 6c 22 2c 20 22 30 22 2c 20 22 37 32 22 29 3b 0a 7d 0a 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 6f 6b 69 65 28 63 6e 61 6d 65 2c 20 63 76 61 6c 75 65 2c 20 65 78 68 6f 75 72 73 29 20 7b 0a 20 20 20 20 76 61 72 20 65 78 70 20 3d 20 6e 65 77 20 44 61 Data Ascii: emoveChild(maskBox); popBox = getId('popBox'); body.removeChild(popBox); body.style.cssText = "overflow-x: hidden;touch-action: pan-y;"; // setCookie("newurl", "0", "72");}function setCookie(cname, cvalue, exhours) { var exp = new Da

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:32 UTC	659	OUT	GET /static/search2.js HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:33 UTC	347	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:33 GMT Content-Type: application/javascript Content-Length: 3341 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Tue, 28 Nov 2023 09:27:22 GMT ETag: "d0d-60b3306961280" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:33 UTC	3341	IN	Data Raw: 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0d 0a 0d 0a 76 61 72 20 69 73 53 61 66 61 72 69 20 3d 20 2f 56 65 72 73 69 6f 6e 5b 7c 5c 2f 5d 28 5b 30 2d 39 2e 5d 2b 29 28 5b 5e 30 2d 39 61 2d 7a 41 2d 5a 5d 2b 29 4d 6f 62 69 6c 65 5b 7c 5c 2f 5d 28 5b 30 2d 39 61 2d 7a 41 2d 5a 5d 2b 29 28 5b 5e 30 2d 39 61 2d 7a 41 2d 5a 5d 2b 29 53 61 66 61 72 69 5b 7c 5c 2f 5d 28 5b 30 2d 39 2e 5d 2b 29 24 2f 69 2e 74 65 73 74 28 75 61 29 3b 0d 0a 76 61 72 20 69 73 4d 6f 62 69 6c 65 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 22 77 69 6e 64 6f 77 73 20 6e 74 22 29 20 3d 3d 20 2d 31 20 26 26 20 75 61 2e 69 6e 64 65 78 4f 66 28 22 6d 61 63 69 6e 74 6f 73 68 22 29 20 3d 3d 20 2d 31 20 26 26 Data Ascii: var ua = navigator.userAgent.toLowerCase();var isSafari = /Version[\|\/]([0-9.]+)([^0-9a-zA-Z]+)Mobile[\|\/]([0-9a-zA-Z]+)([^0-9a-zA-Z]+)Safari[\|\/]([0-9.]+)$/i.test(ua);var isMobile = ua.indexOf("windows nt") == -1 && ua.indexOf("macintosh") == -1 &&

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:33 UTC	526	OUT	GET /pangda/tbad.js HTTP/1.1 Host: xmad.7wzx9.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	555	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:34 GMT Content-Type: application/javascript Content-Length: 7051 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Wed, 01 Jan 2025 17:12:33 GMT ETag: W/"1b8b-62ab304f3fe64" Server: nginx X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Access-Control-Expose-Headers: * Access-Control-Allow-Credentials: true Access-Control-Max-Age: 1728000 Accept-Ranges: bytes
2025-01-02 05:12:34 UTC	7051	IN	Data Raw: 76 61 72 20 61 70 70 41 62 6b 44 69 76 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 62 61 64 27 29 3b 0a 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 43 6f 6e 74 65 6e 74 28 29 20 7b 0a 20 20 20 20 2f 2f 20 e5 88 9b e5 bb ba e4 b8 80 e4 b8 aa e6 95 b0 e7 bb 84 e6 9d a5 e5 ad 98 e5 82 a8 e9 93 be e6 8e a5 e3 80 81 e5 9b be e7 89 87 e9 93 be e6 8e a5 e5 92 8c e5 90 8d e7 a7 b0 0a 20 20 20 20 76 61 72 20 69 74 65 6d 73 20 3d 20 5b 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 3a 20 22 68 74 74 70 73 3a 2f 2f 76 75 79 38 31 2e 74 6f 70 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6d 61 67 65 3a 20 22 68 74 74 70 73 3a 2f 2f 63 63 37 37 37 69 6d 67 2e 64 71 73 6c 64 7a 2e 63 6f 6d 2f 69 Data Ascii: var appAbkDiv = document.getElementById('tbad');function loadContent() { // var items = [ { link: "https://vuy81.top", image: "https://cc777img.dqsldz.com/i

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x450, components 3
Category:	dropped
Size (bytes):	62537
Entropy (8bit):	7.97481419094728
Encrypted:	false
SSDEEP:	1536:JdXJiwHMgYs6bq347gJdVMMxE2pH36Pd7+K950Jx++:zMB1TbBceiKPdSK950t
MD5:	9562CC935B72E3BB88E35CB0F8D5842D
SHA1:	60EE786728402EF2CAD6531A5508824466685EA0
SHA-256:	840261AEE6D41F110C89BA7F4D698B23EEABEE254D5C86F36C0FD90119A12298
SHA-512:	FD081ED9108D8D38307FF1A157B1A78768BD332F03FCCD83C976921207E3240E84FD3C644F676FA7200944865C77A47C873ECF2B8B72FC341D4953757E0FDD76
Malicious:	false
Reputation:	low
Preview:	......Exif..II*.................Ducky.......A.....zhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.9ccc4de93, 2022/03/14-14:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BF08DF74AF1FE3118965ADF089CD9801" xmpMM:DocumentID="xmp.did:F715C2F1D63C11ECA83DB1A5ABC91489" xmpMM:InstanceID="xmp.iid:F715C2F0D63C11ECA83DB1A5ABC91489" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8a86368f-1302-8d4d-bb45-197751a6e302" stRef:documentID="xmp.did:BF08DF74AF1FE3118965ADF089CD9801"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	591	OUT	GET /css/images/bgg.png HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	312	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:34 GMT Content-Type: image/png Content-Length: 7395 Connection: close Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Tue, 22 Aug 2023 23:57:32 GMT ETag: "1ce3-6038bc218b300" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:34 UTC	7395	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 01 94 08 03 00 00 00 73 e1 0b a1 00 00 03 00 50 4c 54 45 00 00 00 0c 34 88 17 49 a9 16 4a ab 3b 6a c8 3c 6d cd 40 a7 e8 42 ac eb bb 5f 7e 2e 5d bc cd 48 46 26 58 b9 dc 83 6b 33 63 c4 0d 41 a1 57 71 a4 0e 4a b5 3f a5 e9 ce 62 72 fc 94 3c 1a 2d 6c eb 5c 63 31 2f 62 c6 59 69 0b 47 b4 43 b3 ec 0c 47 b5 3c 9e e7 e1 62 2a c8 4b 25 b3 45 2f ad 3f 2c 0b 2e 7b 0b 43 aa 43 b1 eb cd 62 72 fc 93 3b 0b 47 b4 e6 5e 6a 41 ad eb ad 53 50 ee 85 46 e4 76 35 54 7e b0 73 6b a4 47 7f ef 19 55 c6 1d 58 c9 20 5b cd 15 51 c2 0e 4b bb 11 4e be 42 7a ea 3e a9 eb 27 61 d2 0b 48 b9 f8 5b 5d 3c 74 e5 23 5e cf 3f 77 e8 e9 3d 27 32 6c dc 45 7d ee 36 6f df fc 93 3c 2a 64 d5 fe 88 52 38 71 e2 ff ff ff 2f 69 da 2c 66 d7 1d Data Ascii: PNGIHDR@sPLTE4IJ;j<m@B_~.]HF&Xk3cAWqJ?br<-l\c1/bYiGCG<bK%E/?,.{CCbr;G^jASPFv5T~skGUX [QKNBz>'aH[]<t#^?w='2lE}6o<dR8q/i,f

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	592	OUT	GET /css/images/logo.jpg HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	314	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:34 GMT Content-Type: image/jpeg Content-Length: 13298 Connection: close Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Sat, 19 Aug 2023 09:13:50 GMT ETag: "33f2-6034310370f80" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:34 UTC	13298	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 00 de 01 39 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIF``CC9"}!1AQa"q2

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	583	OUT	GET /css/fonts/iconfont1.woff2 HTTP/1.1 Host: www.rr8844.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.rr8844.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.rr8844.com/css/style.css?v=19 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	313	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:34 GMT Content-Type: font/woff2 Content-Length: 6448 Connection: close Strict-Transport-Security: max-age=31536000 Upgrade: h2 Last-Modified: Wed, 02 Aug 2023 00:55:02 GMT ETag: "1930-601e61d10a580" Server: nginx X-Cache-Status: HIT Accept-Ranges: bytes
2025-01-02 05:12:34 UTC	6448	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 19 30 00 0b 00 00 00 00 2f e8 00 00 18 e1 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 54 06 60 00 89 44 0a c6 60 b9 66 01 36 02 24 03 81 40 0b 62 00 04 20 05 84 67 07 84 4c 1b 4a 28 45 a4 d5 ac 96 5b 64 ff 5f 12 b8 31 14 ab a1 d6 af 04 e1 b0 a3 90 42 5b 9c 58 68 ad b0 61 c3 5c a9 95 5a 99 ec d9 87 74 3c 41 38 b7 96 61 17 ed f4 92 42 3e fd 65 ef 4e 25 7f 90 c1 31 43 29 a1 7f 5a ba f9 bb 7b 77 69 a5 ab 28 24 1a 21 51 b2 6b 10 42 a0 5f 12 a3 18 a2 39 6b 36 bb 11 23 e6 10 21 41 12 48 48 08 9a 52 24 48 12 3c 09 04 d3 60 3d 28 d4 e9 41 f0 a4 2a 5c c5 14 2a 0a 77 a5 f7 c5 ce bc a6 7f 3d 31 42 00 5c ee fe bf bd 10 be 28 2c 8a d6 a6 36 a5 01 c9 9e f7 9d 9a b4 b1 d5 6e 07 86 d2 80 d2 f6 08 d0 50 84 43 ce Data Ascii: wOF20/T`D`f6$@b gLJ(E[d_1B[Xha\Zt<A8aB>eN%1C)Z{wi($!QkB_9k6#!AHHR$H<`=(A\w=1B\(,6nPC

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	588	OUT	GET /img/1kkky_1300x240.gif HTTP/1.1 Host: ig23.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	1088	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 5850 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb83de2af2b7eb4-LAX Content-Length: 377690 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:10:16 GMT Etag: "676a9c4a-5c35a" Expires: Sat, 01 Feb 2025 03:32:46 GMT Last-Modified: Thu, 02 Jan 2025 05:10:35 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYG4Z6rile2nk658yV5TDY86%2F99OTiEZmp6OYiYCMIrh9ZhSHlstmCFoilnLoCjl4io1ir2oPEhEoXEVQNWSxvHYqP2NMA9spDqCxYf5nZ2bnam2Y3BHqpJrEs6RkjkVgQ%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=2814&min_rtt=720&rtt_var=4084&sent=1611&recv=178&lost=0&retrans=0&sent_bytes=2192381&recv_bytes=14383&delivery_rate=436187654&cwnd=761&unsent_bytes=0&cid=26331da790d17365&ts=38193&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:34 UTC	98	IN	Data Raw: 47 49 46 38 39 61 14 05 f0 00 f7 00 00 6a bb bb 9e 1d 0f 4d 33 fb ff fc b2 ff fc 92 ff 76 11 a6 ab e3 fc b0 93 32 33 fd fc b8 ae 75 bb cc ff da 50 ae 48 10 f8 94 8d f3 71 6e 77 cc d6 24 a2 da cc d5 d5 2a 19 10 64 56 54 9d cc bb fe d9 8e f7 6d 50 9d 5c aa f7 8f 72 f8 22 11 ba fe ff 0c 70 b0 d4 Data Ascii: GIF89ajM3v23uPHqnw$*dVTmP\r"p
2025-01-02 05:12:34 UTC	2372	IN	Data Raw: d8 f2 96 62 e1 b5 cf d1 dc 10 07 db ab ea 6d cc bc 53 23 b3 68 56 df b0 96 66 f7 92 28 f4 50 49 fe d5 6e 60 52 ac 91 ee d9 f7 93 0c 4d 2c d5 db 31 29 17 8e b8 1e e1 e9 af b8 b9 4a 2d 25 8e b7 b9 6e 22 d6 ff ee 32 d6 b6 b3 da 74 74 6e 45 36 fe b8 4d f7 4b 2e db 45 2e d4 94 8e f4 71 8e 29 24 ac 8f 4f 44 b0 72 6f f2 4d 10 d7 4c 0e fc b1 71 db 6b 0c f1 32 2d d7 b0 95 d8 4f 46 d5 70 26 fa 90 4c d5 cd b4 fa 71 29 6e 31 29 d4 8e 71 d3 89 0f 3d 98 4a 29 31 d4 f2 50 70 0c 21 53 ff ef 11 b7 8b 87 73 d9 f3 f8 da f2 4b f8 f4 db b0 4a 89 dd f0 30 5c df 14 4e 77 b1 ee de d5 6c 52 8e 6e 6d 43 c7 f7 7a 29 0a 52 b9 be 91 69 4f b1 6b 50 46 d0 d7 4a 22 10 6e fa fa ed 32 4a 91 fc fd b3 b1 8a 4e 34 61 da 8c 28 d6 8e 4d bc c6 f3 b3 4f 45 d3 ee db 8e 89 90 8f 92 c3 d6 cd 93 d4 Data Ascii: bmS#hVf(PIn`RM,1)J-%n"2ttnE6MK.E.q)$ODroMLqk2-OFp&Lq)n1)q=J)1Pp!SsKJ0\NwlRnmCz)RiOkPFJ"n2JN4a(MOE
2025-01-02 05:12:34 UTC	538	IN	Data Raw: e5 68 a3 46 8d 73 c6 09 37 9c 50 41 29 fe 2c a0 42 34 54 59 15 4d 34 15 94 4a 4a 3a 64 79 01 84 58 f7 30 a0 c7 aa 40 30 ff f0 83 5a 3f 78 72 41 5d 6e e5 4a 17 a5 93 ca 05 97 ae 71 c1 d5 81 01 1c 50 e5 cc 0b 74 f4 55 d8 b2 cc 16 b6 d8 b3 8f 41 26 2d b4 d1 4a 3b 6d b5 8e 5d 8b d9 65 dc 62 36 82 64 7e 1d 16 ae 28 e3 96 0b 59 b8 e8 32 96 ee 29 eb 7e eb 99 bb ec 7e 06 ef bc f2 d6 fb ae bd f1 de 9b af bb fc ea db ef be fe 06 0c 30 bb b1 f1 5b f0 c1 04 27 3c 02 c2 0b 2b cc f0 c3 0e 47 dc f0 c4 02 2c 6c 71 c5 18 5f ac 71 c6 1c 6f ec 71 c7 20 7f 2c 72 c8 24 8f 6c 72 c9 20 63 dc dc c2 2b 77 e7 f2 cb d8 61 e1 9c cc cd d1 6c 73 cd 38 0b 70 b3 ce 3c cb ec 73 cf 33 07 9d f3 ce 44 eb fc 86 01 20 b8 e7 43 7c 36 24 42 21 0d b4 60 c3 c5 7e fd 6d 48 a0 12 56 13 58 60 81 48 Data Ascii: hFs7PA),B4TYM4JJ:dyX0@0Z?xrA]nJqPtUA&-J;m]eb6d~(Y2)~~0['<+G,lq_qoq ,r$lr c+wals8p<s3D C\|6$B!`~mHVX`H
2025-01-02 05:12:34 UTC	4744	IN	Data Raw: 9c 8c 30 c4 c5 98 1d 5a d0 32 e0 ca 0c bd ff f4 95 af 22 0e d1 88 f8 7a 8d 12 41 a3 1b dc a8 c6 36 be 89 62 70 a6 28 c5 e1 dc 86 65 c2 b1 22 15 a7 88 9c e6 30 07 66 60 0c 23 cc 58 56 b1 f0 9c 6c 64 58 b8 58 1a 31 b6 c6 11 c8 6c 61 6b 7c 63 e8 80 36 c7 39 0a 8d 67 31 83 0e cd ae b3 c7 3e 0a ad 68 78 14 c0 7a 40 b0 86 39 24 22 40 89 e8 81 0e b0 91 80 6b d0 c2 71 fb 01 83 d5 04 a4 b6 01 59 12 40 00 02 c3 2e 68 a0 84 03 85 81 06 3a 80 41 18 e2 f6 0d f9 84 21 0c 63 c0 9a 17 3a 19 37 23 d5 ad 1a 1f 72 e4 19 7c a0 a4 14 7d e3 46 21 92 91 0f 44 94 80 c1 09 a9 07 13 38 90 7e 7a 40 04 12 f0 28 0c 6c b8 11 8c 7c 34 20 2e c4 a2 1a df 50 12 11 be 01 a4 cc 09 89 4a 52 f2 1c 0a be 23 ba f3 6c c9 9b e8 c1 12 38 c5 44 ce 72 76 29 78 b9 a3 88 3a 7b 07 11 8b 78 e4 9d ee 04 Data Ascii: 0Z2"zA6bp(e"0f`#XVldXX1lak\|c69g1>hxz@9$"@kqY@.h:A!c:7#r\|}F!D8~z@(l\|4 .PJR#l8Drv)x:{x
2025-01-02 05:12:34 UTC	5930	IN	Data Raw: 43 1d c2 50 82 8d 30 c0 c8 4f 0a 1f ce b8 e6 1a 1a 6c b8 cf 45 18 d8 38 66 0b 25 7c 60 43 87 33 a4 90 42 07 1d 88 58 c2 06 2f 94 b8 2f 0c ff 10 0c 23 14 6c 7c 20 32 0c 36 c0 00 a3 07 1f 7a 90 60 3f 0f 27 50 10 0d 34 50 70 e2 b9 ed ac f3 12 8b 2f 77 fb 72 4c 30 b9 2c 93 4c 34 cf 54 13 cd 4c da 74 13 94 4c e0 84 b3 cd 39 df a4 f3 ce 38 ef bc 60 1a 4e fa f4 b3 cf 4f fe 04 54 d0 3f 03 2d 54 50 43 fd 4c ff 74 50 4e 16 25 f4 51 41 5f f1 53 d2 49 ff a4 94 d2 3e 3d e9 53 d2 5a 24 e5 f4 95 4e 39 d1 54 53 49 47 15 15 d4 57 46 45 f5 54 4f 6a f1 24 55 4f 5e 6d 35 56 57 63 b5 f5 56 5c 73 d5 75 94 64 3c 19 05 d7 5f 7d 4d e6 d7 4e 84 1d a5 58 5e 47 49 b6 93 65 8f 75 96 d9 4e a2 7d 56 da 68 ab b5 d6 da 12 8e 2d 01 db 6b 3b d9 36 da 6f bd ad 61 1c 61 ca 15 06 94 72 d1 4d Data Ascii: CP0OlE8f%\|`C3BX//#l\| 26z`?'P4Pp/wrL0,L4TLtL98`NOT?-TPCLtPN%QA_SI>=SZ$N9TSIGWFETOj$UO^m5VWcV\sud<_}MNX^GIeuN}Vh-k;6oaarM
2025-01-02 05:12:34 UTC	7116	IN	Data Raw: 3c 10 7b ec 37 1f 7d fb 11 bd 61 d5 15 63 aa f9 fe bb 3f c7 20 d6 80 0e c4 63 50 43 70 39 b0 90 03 73 09 00 ff 3c f4 82 95 12 cb 00 d1 54 10 04 3c 47 94 10 07 05 2f f8 5c b3 35 a9 84 ff 42 6f cf 6d 92 43 11 c7 08 46 cb 35 87 35 40 84 f1 c8 0b 97 03 fa ca 67 c5 95 2f bd e9 5f ff 1d 2c a1 74 13 8a 3f a4 51 0d 67 54 a3 80 11 30 60 04 12 88 8d 08 60 a3 81 0e c4 c6 37 20 18 41 08 52 b0 82 d8 28 cc 35 20 78 0c 0c 7e a3 30 85 f9 06 2c 38 78 8d cf 90 10 1b 19 7c 20 fb b0 51 0d 13 d2 82 0a a0 01 cd 31 aa 91 42 6c fc af 19 fe 08 c7 ec 72 a8 c3 1d ce 4e 7c d6 40 86 35 b8 81 0c 6e 5c 81 1b c0 b8 02 30 90 81 8c 2b 58 83 89 43 04 22 12 ad f1 43 64 24 f1 87 55 04 22 16 7f a8 c5 2c 2e 71 0a c8 98 c2 15 bc 18 46 6b 4c a1 8c 53 20 e3 15 d2 98 46 33 f2 b0 8d 6e 7c e3 1b 61 Data Ascii: <{7}ac? cPCp9s<T<G/\5BomCF55@g/_,t?QgT0``7 AR(5 x~0,8x\| Q1BlrN\|@5n\0+XC"Cd$U",.qFkLS F3n\|a
2025-01-02 05:12:34 UTC	8302	IN	Data Raw: 3a 28 ca c6 80 01 b6 c0 08 80 40 1c f0 a2 db fa 50 0c 19 60 db 98 6c c9 88 c2 31 16 63 2c a6 81 11 13 a3 1d b2 68 28 0a a0 1d fa 2c 8a dc 81 09 76 a8 c9 88 02 08 36 41 8c 7c cd 04 86 20 34 30 c0 96 5a 64 26 e0 08 8e 72 43 8e ca 85 c8 62 20 3a 1a 6e e1 6e 24 09 8c a0 46 3e 6d 09 96 20 0e 48 20 0e 48 ed 05 2a 88 02 7a f1 59 9c 05 18 74 a4 d0 aa a3 06 9e e4 1a 8e a1 97 4e e9 00 74 c0 01 1c 20 46 04 2e e0 34 23 33 50 e1 d9 3e c0 d7 ff 7e 8d 3a bc e1 18 fa 82 da b8 a2 14 96 60 44 7c 41 1c 81 a0 d6 02 d1 08 8e 20 0d d0 31 47 de e1 08 d0 6d dc d0 cd 1d 73 44 0d 8e 00 9d e8 cd 1e b1 01 09 f0 11 1b be 41 4e e4 44 4b 30 20 44 94 89 3a 58 c0 15 fc a1 df 08 e0 88 12 d2 16 12 00 1a 41 89 46 5e d1 15 15 0e e1 18 ce 15 0d 2e 22 bf 29 22 2b 52 48 82 04 03 0e 40 42 9c 81 Data Ascii: :(@P`l1c,h(,v6A\| 40Zd&rCb :nn$F>m H H*zYtNt F.4#3P>~:`D\|A 1GmsDANDK0 D:XAF^.")"+RH@B
2025-01-02 05:12:34 UTC	3668	IN	Data Raw: af 8a be 86 6b 4b 22 a9 f3 9f 09 ef 10 ca 9c c0 0a 15 00 6d 5d c0 0d 00 e1 4f e0 40 82 02 fb 6c 80 d0 ff 25 e1 42 08 f2 04 3a 6b b1 50 21 04 08 5f 28 26 ec c2 05 87 89 1c de f4 68 2b 18 d2 1f 91 7e 39 72 14 c9 e1 eb 5b a9 6b d7 12 2c d9 82 d2 17 2a 72 de 4a e6 d8 92 e3 c4 2c 4e 3d 7d 2a f3 e7 60 48 86 a1 45 89 1e 3d fa 23 e9 d1 a1 4a 9b 32 cd e0 94 28 2c 7f 0b 3c 71 f2 f4 aa d6 2b 81 45 87 0c 8d 0a d5 a8 54 a9 50 a5 0e a1 ba 60 94 a7 b5 9e d8 ba a5 2a d4 57 06 5f 43 7d 11 9c 9b 77 48 5d bd 74 e9 b2 f0 35 97 c5 a6 21 9b f8 66 60 21 b0 82 bf 04 80 03 f7 f3 c5 e2 d8 b5 c1 80 01 f7 bb e6 af 86 af 7e 97 59 88 83 0c 19 b4 2f d0 a8 3e cf 44 5d c3 9f b2 4e 9d 4a b8 86 dd e9 0e 00 da 21 52 dd c6 9d 2a 04 6d 00 5f 7a db ce ad 9b f7 f0 e0 a9 14 0c e7 7d 1b d7 f2 e5 Data Ascii: kK"m]O@l%B:kP!_(&h+~9r[k,rJ,N=}`HE=#J2(,<q+ETP`W_C}wH]t5!f`!~Y/>D]NJ!Rm_z}
2025-01-02 05:12:34 UTC	10674	IN	Data Raw: 9d dd aa cc d9 0b ae d8 33 1c 58 20 82 22 10 07 3d d0 81 cd fb cc 2c 90 9b b8 21 4d d2 23 4d c3 f4 9c 30 a8 22 d7 7b 3e ee 4a 9d c4 92 4d cb b1 81 da c1 4d f1 ba 9d f3 ba 9d 09 b0 1d 18 98 80 34 54 dc 12 00 ce e2 f1 3e e6 b1 9e f1 43 4e f2 8b dc e5 b1 1e e6 5c 4e ee 19 30 f1 e1 04 56 80 03 eb c4 08 85 50 80 96 23 08 05 20 cf fe 13 08 06 9b 08 fd 09 40 08 d0 b0 2e 98 80 1f 48 a0 93 f0 86 76 2d 88 2d 20 07 99 02 82 f6 6c cf 5f f9 00 33 14 88 6b 60 83 0a f4 06 6f f8 8c 70 21 82 62 d8 5c 4e d0 b9 82 e0 a0 24 6b 95 04 08 a1 0c a0 8a 90 50 06 ac c0 8a 57 70 8b fe 74 57 58 21 05 b7 78 8b 05 38 c3 1f 9a b2 c3 e0 8b af ff 40 d1 c0 f0 8b 25 c4 b2 2f 9b d8 c8 00 2a c8 30 8c 19 a5 42 c8 a8 86 6b a0 95 2f 72 12 13 da 8c 2f d4 c8 05 e2 42 5f 68 57 d0 10 87 31 4c 52 df Data Ascii: 3X "=,!M#M0"{>JMM4T>CN\N0VP# @.Hv-- l_3k`op!b\N$kPWptWX!x8@%/*0Bk/r/B_hW1LR
2025-01-02 05:12:34 UTC	11860	IN	Data Raw: a4 40 2b 57 aa 69 b8 40 07 7e 66 02 02 6b 22 29 61 0c 4c 60 07 12 a1 07 1a 20 23 b1 ff 89 16 cc a1 38 be 21 08 8f c1 15 06 76 60 87 43 1b 80 ee a9 28 26 61 a9 aa e8 5c b2 63 30 f4 c9 40 c6 1f a4 a1 10 a6 c0 14 6c f2 26 57 41 61 ba ea 0a b4 ce eb b2 ca 07 f4 20 01 08 e1 a5 74 c6 11 6a 40 09 78 e6 e4 a0 b2 07 7c 26 01 1a a0 01 12 c0 32 94 46 2b e9 6e 0c a4 06 06 0a 21 2e f8 40 02 f4 ce 0e 92 85 8d e8 c2 0a 10 08 81 be 46 2d d5 32 b3 0e 2f f1 96 16 b3 e4 c6 f1 1e 0f f2 44 cb 2e 39 61 01 90 00 02 ba 80 72 08 27 72 d6 2a 4d 0e c1 71 20 67 03 38 4f 4f ac 81 30 23 87 f4 6c 0b 02 94 80 b7 c0 02 80 18 81 53 d2 84 b8 ee 01 80 7a ab 3a db 96 32 5d 74 0b 16 c0 33 f5 e6 15 78 2f f8 0e e2 34 4b 53 20 04 17 79 0e 82 20 88 0f bc 60 41 34 95 8f bd 20 22 f9 a8 47 22 24 37 Data Ascii: @+Wi@~fk")aL` #8!v`C(&a\c0@l&WAa tj@x\|&2F+n!.@F-2/D.9ar'r*Mq g8OO0#lSz:2]t3x/4KS y `A4 "G"$7

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	586	OUT	GET /img/Fky_1300x240.gif HTTP/1.1 Host: ig72.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	1092	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 1775 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb83ee23cde0faf-LAX Content-Length: 296725 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:10:57 GMT Etag: "67617e53-48715" Expires: Sat, 01 Feb 2025 04:41:22 GMT Last-Modified: Thu, 02 Jan 2025 05:10:57 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=voJjKKNDAjLrYuShSNIZrATZbbHm1ltnqNur%2FRgwMqMh%2BMF26uyCGKGWsymafVcO%2BNPR137uE236VbQhlQk9zVJpoxrtT%2FFoBsj4vIr4UO56nNcHZBtP%2FYlhoKDu9SSiWQ%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=947&min_rtt=725&rtt_var=50&sent=1006&recv=108&lost=0&retrans=1&sent_bytes=1392172&recv_bytes=4530&delivery_rate=420436058&cwnd=708&unsent_bytes=0&cid=c3364a81f29d4527&ts=24003&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:34 UTC	94	IN	Data Raw: 47 49 46 38 39 61 14 05 f0 00 f7 00 00 14 64 a5 29 a0 df ff da 24 ff ff b4 f9 b8 b2 fc d6 d5 64 56 a0 9a 56 22 94 32 ff 94 64 aa 18 8d b2 6b 49 20 28 6d d5 b0 ef fe fb d8 f3 fc d1 b6 2a d5 f4 61 98 a8 2f 34 b6 ff ff 6e fc b4 d3 af 91 5c 0b 51 72 51 b3 65 63 56 61 90 f0 ff fd 90 b7 Data Ascii: GIF89ad)$dVV"2dkI (m*a/4n\QrQecVa
2025-01-02 05:12:34 UTC	2372	IN	Data Raw: f2 af 96 5a 1e 19 d6 d4 f7 8c 55 ff 4b d0 f4 a5 dd 9b 63 e5 54 54 26 ae f9 4e 94 fb 6f ae 67 33 cd f2 96 8e fe d4 46 db 74 6b 2e 29 ff fc d8 6f 5a a0 28 0e 28 6f 3e b5 f6 d0 24 12 d6 8d 2b 9f 16 11 6c 45 cb 6d 32 fe f6 d6 8f 6f 67 fb fe 94 d1 f0 8d 77 d8 8d 71 50 2b fe f6 b4 33 90 72 d0 74 f2 fd 2d 9c 6b 90 6f fc d8 d3 d4 6a b7 f6 af dc fb d8 32 69 4d 33 4f b1 8e f9 fd b7 f4 a5 d0 6f 62 cf 95 d6 b1 8f fb 6d 94 d7 b1 d2 b2 6e 44 a7 98 2e 42 f7 ff d8 92 8f 70 6e d2 cf 90 4b cd 76 28 4b 55 fb f7 b3 4c 8e 8b fd 1b 15 1d b0 8f d5 d5 d3 b3 d2 b1 6e b3 b1 d8 d4 b4 b2 b5 91 91 90 b2 d0 3f b6 d5 b6 b2 f3 b6 b1 b2 58 27 ce 8c 4a 45 f5 b2 6e d3 69 57 d6 d3 8f 90 90 d4 d4 b2 f9 b3 d3 d5 3e 8f f2 8a 6d 40 70 8c d6 90 b5 f4 b0 91 b0 ef 4a 71 ad 73 cd f0 94 28 d4 6d 0e Data Ascii: ZUKcTT&Nog3Ftk.)oZ((o>$+lEm2ogwqP+3rt-koj2iM3OobmnD.BpnKv(KULn?X'JEniW>m@pJqs(m
2025-01-02 05:12:34 UTC	538	IN	Data Raw: 68 a1 8d 32 da 27 a3 91 e6 e9 e7 a1 80 66 6a a8 9e 97 76 7a 27 9c 68 8e d9 66 9a 60 92 39 a5 9b 51 82 e9 01 98 ac 8a 6a 66 9e ab 9e ff 59 66 ac af 86 ba 0b a8 b0 f2 b9 ea ab 6d d2 da 66 99 bb 00 6b 26 9f c1 a2 49 ec a7 77 de ba 68 b2 80 26 bb ec b3 ce 46 0b 2d 2f bd f8 39 cd 9d d5 ee 72 2d b5 dc 56 eb 6d b7 e0 7e 2b 6e b8 e4 8e fb ed 34 e3 06 ab 6a ac ac b6 ea 6e 94 6e f6 00 88 0e f4 26 d0 86 0e 6d dc 9b ef be fc f6 9b c0 bf 09 00 12 30 20 31 14 6c f0 c1 25 1c ac f0 c2 0c 37 bc 70 c2 0e 47 5c b0 21 86 dc 71 07 c5 2b ac a0 43 02 1b 6f ec 84 c0 15 df 41 05 15 14 5f 6c f1 c9 16 53 81 f2 c9 14 b7 ec f2 cb 30 c7 fc 32 0f 16 dc 31 90 40 00 28 c4 c3 42 11 20 14 41 43 3c 5c f0 90 44 14 19 41 11 48 1c 35 60 34 4b 26 a5 24 d2 49 2a d1 42 92 d4 2b 41 dd 92 11 30 a5 Data Ascii: h2'fjvz'hf`9QjfYfmfk&Iwh&F-/9r-Vm~+n4jnn&m0 1l%7pG\!q+CoA_lS021@(B AC<\DAH5`4K&$I*B+A0
2025-01-02 05:12:34 UTC	4744	IN	Data Raw: 3c 83 18 0e 32 51 dd 32 00 a3 62 b4 48 17 2f aa 91 8b ff 84 28 a4 20 cd c8 47 48 2c d2 8f 76 54 a4 ec fc e8 89 44 8a 62 14 11 a1 a4 29 d0 c1 8a 56 54 43 fc ac 21 3f 44 4c a9 07 58 02 a3 07 c4 28 c6 2e 49 09 55 5a 72 53 ab ec 14 25 36 c9 ea 4c b5 12 d3 99 42 45 c7 34 c6 8a 8d 9f f2 53 9d d0 94 26 36 e2 89 8f a5 02 d6 9b 8c 25 aa 42 aa 69 90 7a d4 23 1b 27 55 aa 3d 16 ca 55 90 bc d4 9b d8 44 49 4b 05 32 4e c6 52 e4 a5 12 25 28 63 f9 f1 56 84 94 d5 3a 1a 19 c8 39 d6 6a 5d 5a c2 a3 9d 82 45 26 52 9e 69 94 ab 82 95 9f 72 45 a6 57 2d 0a 4e c7 fa a4 9b 56 e9 81 51 26 12 96 c5 f2 63 ae f2 74 ab 60 c9 89 95 c1 f2 e5 28 8f c5 4c 40 f5 42 5b d0 e4 56 34 b3 75 ad 6d 4d b3 5c d8 f4 56 35 cd 15 ae 6d 76 ab 9a bb c8 16 bb c6 59 ac 72 f6 72 17 3d 58 87 0e 00 d1 83 5b e0 Data Ascii: <2Q2bH/( GH,vTDb)VTC!?DLX(.IUZrS%6LBE4S&6%Biz#'U=UDIK2NR%(cV:9j]ZE&RirEW-NVQ&ct`(L@B[V4umM\V5mvYrr=X[
2025-01-02 05:12:34 UTC	5930	IN	Data Raw: 0a 9d 7b 4f bf 07 6f 1b 2e 03 db e0 83 0f 9c 0b b3 81 ce 3a 6b 9a fb e5 98 63 5e 3c 26 1b eb 60 b4 d1 c6 61 6c 94 f1 18 70 8a d1 d1 46 1f 6f 94 d1 9a 17 7f 58 24 88 20 fa 80 23 08 56 42 61 92 49 38 58 11 44 90 11 a8 ac 52 8c 55 7c a9 46 19 5f b8 e4 32 9f 6a aa 99 60 82 65 84 f9 e6 81 43 e0 80 43 10 54 1e 39 84 04 12 0a 29 24 ce 42 16 d1 a0 86 45 6a d0 b3 95 56 28 a0 a0 86 42 6a e8 93 4f 3e 29 28 83 08 07 0a 25 ff 82 82 56 88 58 94 d1 24 92 21 06 1a 62 1a c8 c6 9a 4b 33 b5 06 c6 4d 3b 3d 66 d3 4f 43 3d e6 03 4e 47 35 95 54 54 6f 54 75 55 70 8e 99 62 88 1e 60 1d e2 d5 1e e6 99 e7 9c 5b 6f 9d 82 0e 3a 7a e0 d5 d7 5e 79 3d c5 d7 1e 86 fd b5 d8 62 3d e8 c1 83 53 94 f5 60 1d 0f a2 95 56 5a 68 a7 9d 16 5a 72 a6 dd 25 da 6c b7 9d 36 5b 0f bc 05 97 5b 0f 78 29 d7 Data Ascii: {Oo.:kc^<&`alpFoX$ #VBaI8XDRU\|F_2j`eCCT9)$BEjV(BjO>)(%VX$!bK3M;=fOC=NG5TToTuUpb`[o:z^y=b=S`VZhZr%l6[[x)
2025-01-02 05:12:34 UTC	7116	IN	Data Raw: 64 d8 5f 27 99 b3 52 4b c5 b8 04 d3 4c 1f fc 52 53 0b bf b4 b0 67 31 5c 5c b0 53 3b 47 15 55 54 34 0f 3c 40 80 f1 c9 1f ff 80 0f 05 98 a1 94 53 5b 44 25 95 57 5c 75 b5 7d 57 db 64 e5 bd ea 62 a9 ae 11 5c 69 b5 de 3a 3a e4 a7 e5 96 59 6a 99 15 9a 6f be ed a6 57 61 86 21 46 d2 62 7b e9 75 ff 0e 61 8e 45 86 d2 6f 66 77 99 87 0c 83 39 ba f8 1f 49 40 03 1a fd 99 e4 3a 98 99 c7 69 72 71 9b 94 a0 e7 35 b3 89 09 6d 90 53 1c e2 c4 6e 30 89 79 48 7c 4c 72 92 e1 0c f0 35 b6 89 8e 06 5d f2 1c f2 a0 e6 35 28 1c c6 6f 2e d3 1c e4 90 47 3d cf a1 21 72 c2 83 43 ed e8 70 85 38 1c 60 36 1c 32 9e 18 ce 2f 30 fb 03 21 60 86 38 1e cc cc c6 1a 18 7c 8e 35 86 11 45 05 19 a8 36 55 44 50 6c 74 b1 a0 03 01 68 43 b4 39 50 4c a6 58 27 0d 69 a8 4e 32 a1 d3 31 7e 50 05 1f a9 e8 44 28 Data Ascii: d_'RKLRSg1\\S;GUT4<@S[D%W\u}Wdb\i::YjoWa!Fb{uaEofw9I@:irq5mSn0yH\|Lr5]5(o.G=!rCp8`62/0!`8\|5E6UDPlthC9PLX'iN21~PD(
2025-01-02 05:12:34 UTC	8302	IN	Data Raw: 8f ae c8 8a 92 e1 8f 5e 84 08 62 84 90 6c 04 d4 10 69 47 18 c9 51 7e e4 50 1e 29 49 9a 64 93 2a 49 92 22 89 49 82 49 49 62 6d 4c 50 09 d7 ee c4 96 54 09 4e 52 69 4e cc 24 4e 80 09 50 ea c4 d7 bc c4 96 02 45 97 06 25 97 f0 04 50 66 e9 96 f2 04 4f e0 44 d7 1e d1 da 5e f1 d4 1a 69 91 98 89 db 98 e9 14 50 aa a2 a6 09 e2 e2 2d e4 78 51 e4 7e 11 18 db cd e2 86 b1 17 2b 2e e4 96 41 0b 98 45 e3 a2 c5 9e 3a ae 5a 52 8e 18 7d f1 18 83 91 1a 13 2e 1a ff 89 f1 17 af 81 e5 22 0a 5d f0 49 dc 8a 71 1a 85 11 1c a1 b1 1a a9 91 17 a1 f1 1c 89 d1 a1 00 2e e0 5c 0e 53 56 aa 1b 63 ae 04 0c a0 e6 66 ca 02 70 2a 06 fa 20 e7 5e 0e 5f 00 86 0a 22 00 13 5e 46 01 22 60 18 72 21 1b 34 01 0c 40 22 21 17 12 e9 8c 2a e9 aa ce a8 94 ee e8 16 e0 e8 2a 60 eb b6 4e eb 36 c6 08 b2 4e ac 0c Data Ascii: ^bliGQ~P)IdI"IIIbmLPTNRiN$NPE%PfOD^iP-xQ~+.AE:ZR}."]Iq.\SVcfp ^_"^F"`r!4@"!**`N6N
2025-01-02 05:12:34 UTC	3672	IN	Data Raw: a9 60 18 94 57 5c b5 42 b2 d2 5c 96 88 21 18 a9 2d 5d 76 0e 03 82 61 3e f4 ff 17 00 91 2a 51 04 39 5c e4 c8 f9 81 ff e9 18 b8 61 d9 74 65 1b f6 10 5c 04 34 0b 2a 2e a8 60 4f 98 38 65 ca 38 72 f4 d8 51 9c af 55 17 17 9c 5c 80 c1 e2 4a 95 15 31 54 44 33 e0 5a 48 9a 1d 69 56 73 89 32 a5 c5 81 e0 20 46 64 c8 b0 e1 af 63 72 12 ed cc 99 14 e9 d2 96 4c 59 ae 54 aa b4 a9 4a aa 68 22 c9 39 a6 e9 64 85 01 cb 44 7e b5 09 32 ec d7 91 93 4e aa cc e8 15 e4 5a 65 d5 56 e9 84 6b 51 a3 d8 90 1c 49 c6 45 a9 f2 ca 80 09 60 43 56 38 89 66 2e d8 6a 4b 76 2e 18 33 40 dc c7 90 6e 51 72 bd 46 d7 a3 2f c3 27 2b 61 9b c9 56 59 be ca 28 23 59 3b 06 1a f4 30 d0 e0 ac fd 12 8d 3a f4 b1 79 44 5c 97 21 e2 20 36 91 56 a0 1e 3d 12 04 27 48 10 38 ac 04 8d 10 74 68 04 6e 36 82 04 3d 1a 01 Data Ascii: `W\B\!-]va>Q9\ate\4.`O8e8rQU\J1TD3ZHiVs2 FdcrLYTJh"9dD~2NZeVkQIE`CV8f.jKv.3@nQrF/'+aVY(#Y;0:yD\! 6V='H8thn6=
2025-01-02 05:12:34 UTC	10674	IN	Data Raw: 5a ae ad ca aa 94 3d b1 8d 00 af 25 5b b3 25 88 ae fd 5a 4d 60 5b b6 dd 82 b6 85 db ad bd da e7 91 83 96 c8 1f ff 2b 20 11 b4 88 fd f1 9d a5 95 c0 f1 04 5c 06 f3 20 10 42 b0 e5 e3 ae 65 10 86 c4 4d 39 9b 58 06 7b f0 4e 7b 58 dc c0 1d 4f 5f e8 04 b8 c0 00 85 b0 06 24 2b a1 14 0c a1 d2 11 8d d6 98 8d 17 24 02 12 c0 4f de 80 50 dc b8 8d 1c cc 8d 2f 43 85 30 fb c1 31 a3 0e 0d 40 42 25 6a 0e 18 a2 00 54 60 c2 26 84 03 28 fc 03 29 bc 33 29 aa c2 2c a0 8f e1 d5 8f 3f 13 b4 11 fd 42 31 04 a3 31 34 d1 34 92 23 1a 2d 00 fd 68 51 18 7d 10 3a 2a 90 71 a0 51 77 e0 a3 6e 38 9f 63 40 04 8b 19 b5 29 28 35 9f 30 11 50 eb 01 3a ff 38 5f 56 73 24 42 2c d2 2a 68 83 2a 20 d9 25 81 06 50 3a 92 5b e0 35 29 c5 5f 7f 18 d3 12 b0 52 72 28 b6 18 38 36 5d 59 17 2d 89 5f 20 69 36 2d Data Ascii: Z=%[%ZM`[+ \ BeM9X{N{XO_$+$OP/C01@B%jT`&()3),?B1144#-hQ}:qQwn8c@)(50P:8_Vs$B,h* %P:[5)_Rr(86]Y-_ i6-
2025-01-02 05:12:34 UTC	11860	IN	Data Raw: d0 75 e3 38 46 58 37 ca 1c f1 31 5e c1 51 1b 31 92 26 c5 ea 1d 9f 86 ee ac 41 ef ac ff 01 af fa 75 6a 8a 21 28 fb ce b2 0a cb b0 40 a1 06 50 a1 6c 08 af 6c ca e6 b1 22 8b 2b f9 46 03 32 8f 02 0a a1 6e da e6 2a fb 86 6f 28 8f 08 0a e0 70 0e c7 2c 0f 81 f3 e0 80 0f ce 66 b5 de 72 0f 50 60 64 fd 60 65 f9 60 71 28 01 0e 16 69 72 aa 44 74 9e 84 74 6c 96 00 7e eb 2f 61 8f 74 74 6b b7 76 eb 45 08 c2 47 9e 61 22 2c 62 b2 fc e6 76 2c 69 f8 1a c2 32 71 e9 4c ac 6b 69 43 22 19 ba 01 1a b6 c1 33 cb 4b 34 b1 b6 fe 92 53 28 52 73 28 da 80 c3 e0 82 c3 62 33 2b ee 2c 37 33 10 39 83 a2 bd 56 33 28 ee 27 3b e9 6f 3b e7 6b bf 4a 00 0b e8 16 0b e6 e2 bf 72 ec bf ec b6 6e e9 16 1a d4 96 6b ff ab 0b f8 b6 0a bc b3 6b 83 33 6d 05 b7 6e ab 80 6e 9f c1 3c d3 f6 bd e8 76 71 db 36 Data Ascii: u8FX71^Q1&Auj!(@Pll"+F2n*o(p,frP`d`e`q(irDttl~/attkvEGa",bv,i2qLkiC"3K4S(Rs(b3+,739V3(';o;kJrnkk3mnn<vq6

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	631	OUT	GET /media/dd9a87_67f016f8ae5948e4a82fbfedd1ad400a~mv2.gif HTTP/1.1 Host: static.wixstatic.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	764	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 267600 Connection: close Server: openresty/1.27.1.1 Date: Wed, 01 Jan 2025 14:29:08 GMT Expires: Wed, 01 Jan 2025 15:29:08 GMT Cache-Control: public, max-age=15552000, immutable Last-Modified: Thu, 28 Nov 2024 18:00:55 GMT ETag: "255d2547f187ffe25a9feef511734f25" Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Timing-Allow-Origin: * X-Seen-By: gcp.us-central-1.media-router-9fdb4b487-7bh25 Via: 1.1 google, 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront) X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA6-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: -Lqy3wSbWMTE-vavOtstAhPZTdIPV5vfHjnZn8Kb3ZJydW3aGTctIQ== Age: 53006
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 14 05 c8 00 f7 ff 00 10 10 08 ff ff ff a8 83 77 52 48 48 96 79 88 05 04 03 4e 33 46 a7 78 69 0d 68 69 d6 00 29 8b 28 12 06 9e 9f db fa fb 00 ff ff dc b9 a9 a5 87 8a ff 66 27 9a 87 97 a5 6d 52 8b 52 4a 60 43 37 8f 64 55 ef 00 4a f7 ac e3 fd d5 dc e9 cc bb f6 6b 8c 97 75 79 a5 94 a6 ef 17 bd b6 ac b0 69 fe fd 6b 36 32 cf ce d0 6a 08 12 46 01 31 4e 09 0e 99 86 8a a5 8b 99 87 66 69 f7 b1 be 8b 6a 75 93 4f 35 c8 9a 8b 88 76 79 f0 52 76 c9 a7 99 75 56 66 00 cf d4 b9 97 89 25 15 15 25 13 24 f4 19 ca 45 26 35 46 37 36 78 21 0e 76 68 67 97 76 69 9c 98 9a 2d 21 17 63 57 56 68 46 46 27 02 21 17 09 22 34 27 26 22 02 18 74 70 8b 8e 97 a5 92 03 2b 78 56 56 a8 97 98 8a 78 85 55 34 36 3c 2d 48 33 16 25 f5 6c d2 37 34 34 67 45 55 27 24 24 75 48 55 78 46 Data Ascii: GIF89awRHHyN3Fxihi)(f'mRRJ`C7dUJkuyik62jF1NfijuO5vyRvuVf%%$E&5F76x!vhgvi-!cWVhFF'!"4'&"tp+xVVxU46<-H3%l744gEU'$$uHUxF
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: af 46 10 c5 d6 8c 57 4e 9c bc 9a 61 6b d5 aa 31 ab 7e 90 4a 62 3f c9 30 fc e1 0c 0c eb df 3f 89 29 1c 08 c8 81 09 04 12 68 c2 03 09 0a b0 a0 00 fc 08 70 00 3f 11 f2 23 81 04 65 f0 67 4d 7e af bc 62 df 7f 7e f8 d1 de 0c 33 f8 90 1e 09 35 80 70 c5 13 4f 10 b2 62 1d e6 d4 f1 62 1d 12 1c f0 22 85 12 d4 b1 01 1d 1b 08 60 8e 00 74 4c a8 c2 2d 41 4a 70 cb 90 b7 a8 a0 c7 14 ae f8 f0 43 29 a5 68 a1 04 18 35 50 a2 47 16 5a 64 a1 47 19 ac a4 b0 65 0a 47 10 40 80 97 61 7e f9 ff a5 98 64 8e e9 e5 98 69 82 09 e6 06 5e 9a b2 66 98 6d 12 60 ca 06 60 1e b1 41 0a 70 bc b0 e7 0b 84 e8 89 c3 09 2f 04 aa e7 09 70 9c 50 68 0a a6 28 1a 66 09 90 44 f0 28 a4 11 18 c8 41 04 05 4a 6a 82 09 11 24 58 69 a5 99 7a ea 29 a7 99 86 1a 6a a6 0f 70 fa a8 a8 a6 6e 9a 60 09 25 3c 00 c9 03 ae Data Ascii: FWNak1~Jb?0?)hp?#egM~b~35pObb"`tL-AJpC)h5PGZdGeG@a~di^fm``Ap/pPh(fD(AJj$Xiz)jpn`%<
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 83 1a 03 10 26 48 21 87 24 b2 48 23 7f fc 20 c6 05 42 0c f0 3c 12 5a 7c 64 46 35 18 fc b1 4a 2b 97 eb 22 46 18 74 c4 0f c2 2e 2f 3b 91 13 33 b0 68 01 85 2b 69 bc b1 81 4e 30 74 10 3f 30 bf f4 32 ce 2d 88 68 d1 47 ff 18 88 d1 17 39 f7 84 b3 4f 08 5b b4 60 c6 18 1b c0 ec 3b 4e d8 0c d1 9f 16 31 90 a6 bf 24 1b a0 63 d1 fe f0 6c c0 17 3a 2d b0 13 be 47 17 c0 a2 45 e5 fa 1b d4 4d 51 4b 24 15 99 28 a0 19 d4 97 41 1b 98 24 8a 49 54 cd 13 81 28 a2 40 94 99 28 d2 e8 24 cf ff 4e 10 c8 64 d5 4a 57 85 75 d6 f3 a6 89 02 01 63 8f 45 40 b8 54 7d 65 16 58 67 61 cd 33 cf 59 75 64 06 19 62 67 4d d6 d9 65 17 88 42 9c 28 60 85 d6 d7 70 9b f5 05 06 6c 17 80 c1 97 71 97 25 37 c6 49 d2 b8 75 01 75 9b 25 97 db 01 20 09 84 2f c9 f6 15 0b ad af 04 f8 2a 60 81 4d 08 f8 8e 07 ee f0 Data Ascii: &H!$H# B<Z\|dF5J+"Ft./;3h+iN0t?02-hG9O[`;N1$cl:-GEMQK$(A$IT(@($NdJWucE@T}eXga3YudbgMeB(`plq%7Iuu% /*`M
2025-01-02 05:12:34 UTC	15137	IN	Data Raw: 27 50 6a 4a 0a 97 9a a2 e9 a6 9b b2 60 ca 11 9f 62 6a ca 06 9a b2 92 c2 0b 2f 34 91 84 14 ac fa 21 85 12 b0 ce 30 83 2d 3f 38 71 05 a5 29 a4 70 42 6a 87 6d 21 4d 38 05 14 f0 cd 18 8a 8c 61 6c b1 c5 32 32 06 23 cc 36 cb 48 10 d0 06 e1 c3 b4 d4 fa 00 c6 b5 d8 82 f1 cb b5 3e 04 b1 cc 32 3e 60 62 8d 39 f7 7c f2 49 3f a6 58 53 83 0f df 0c fb 2c b4 dd 42 fb ac b3 cc 2a c2 08 b2 c4 1a 3b 45 01 5b 08 a4 d9 16 2e c1 44 16 47 2f 5d 04 03 5f 00 30 03 91 25 0a 2b bc 30 c3 96 ff 58 74 51 03 e8 94 c6 cc 02 05 33 55 14 62 a5 3d 86 97 c4 30 35 14 99 5e 08 44 d5 00 3e 79 81 3c b1 2f 23 7f 6c 32 3e ab c5 dc 2b 59 7f a5 a5 9a 5f b0 01 e6 da c0 54 a9 44 1a ce 35 ef 3c 90 61 32 ff 7b 55 69 2c 7d d6 d7 65 a4 25 5d 10 af 45 43 0d f4 d1 4a 77 bc d2 4c 48 2d 46 f3 62 6b e5 8c 56 Data Ascii: 'PjJ`bj/4!0-?8q)pBjm!M8al22#6H>2>`b9\|I?XS,B*;E[.DG/]_0%+0XtQ3Ub=05^D>y</#l2>+Y_TD5<a2{Ui,}e%]ECJwLH-FbkV
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 90 8b 49 cf 1e 91 05 80 ed c9 d2 28 7d ef f8 82 e4 4f 8a 2f 28 d5 64 96 79 52 b8 b0 a4 fa 2a 39 ba c4 04 06 bc 6f 49 8a cb 90 85 79 4b 8b 0d 92 49 64 68 ce 74 ca 88 9f 17 f0 c1 b4 1e c5 01 33 35 4c 08 f0 c1 f0 1a 4c 64 cc 23 7c 81 17 a4 83 05 44 d9 fc 29 45 9c 55 f0 2e 0d 5a c9 9c 0c 3d 09 5a ac 12 5a 0b 07 9b 4e ac da 48 5c cd 5f 96 6b 34 00 c0 57 c0 75 00 38 c3 00 ff 84 80 b3 1c 7a a9 79 00 61 ca 0a 5c 87 80 06 e6 49 09 a3 0d a9 99 f0 47 05 b1 d9 0c b1 ec 22 8a 11 3e 85 2a ac 36 16 40 f1 51 74 15 65 23 55 16 4f ac c7 a6 73 18 23 85 b1 79 ca 50 c9 da b3 dd ba 52 30 71 17 4f 43 b1 9f f6 69 6b e9 16 2c e7 b0 0b d5 4e c8 71 77 ae 66 62 43 f1 62 38 81 37 20 c3 b5 cb 80 b6 6b bb b5 47 01 56 4d 61 0d b0 a1 d0 b6 0e bb 75 06 5a b5 a7 2b cc 80 14 80 88 ea 8c 48 Data Ascii: I(}O/(dyR9oIyKIdht35LLd#\|D)EU.Z=ZZNH\_k4Wu8zya\IG">6@Qte#UOs#yPR0qOCik,NqwfbCb87 kGVMauZ+H
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 68 3c ce 44 f7 b8 a0 b2 10 a0 fd 91 f2 d4 91 1e e9 91 59 0a 2d f6 64 12 ed 66 9a eb ce 62 8f ec 55 2c 79 ad b9 53 1d ba 23 05 1b 00 02 cd 1d e3 96 ee 1d 2f ec ad 62 92 45 dc d9 a0 66 b2 05 45 98 56 65 45 37 21 65 17 42 89 09 41 61 2e 56 40 94 13 20 76 a2 76 bc 46 b1 5d 5c 93 c3 5e a3 83 5f 4b a7 df 0d b6 13 f0 c2 a8 56 a6 de 09 a6 65 a2 17 a8 98 01 a3 a0 9f d4 e3 6a ff b1 cc 13 60 99 81 20 90 81 86 78 16 b3 d4 de a8 d8 81 10 62 77 31 f0 e4 1a 10 71 b4 96 70 51 4e f1 0c ca 16 4a 48 82 9e 50 a6 39 49 58 04 e5 77 85 dd 89 9e 10 5d 38 89 13 eb cb f1 59 6c 93 5b 86 eb fc fd 20 8a f0 f1 85 5a cb 72 3f ec e5 3e d3 91 23 f4 83 d3 db 09 fe c0 52 ad c6 1d 5b e2 52 b5 b3 e2 ac ce b4 7b 68 62 ae ba cc 06 ed e7 bc c6 73 fc 38 f9 a3 40 2f d3 b3 3b ff 60 d5 5e ed 29 67 Data Ascii: h<DY-dfbU,yS#/bEfEVeE7!eBAa.V@ vvF]\^_KVej` xbw1qpQNJHP9IXw]8Yl[ Zr?>#R[R{hbs8@/;`^)g
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 99 34 89 23 1b 9e 1f 0d 51 7e 58 77 09 b3 0d 02 46 ff 87 4c 63 76 89 4d 0e 51 b6 02 a7 7f 8c 14 0b ae 4d 96 80 60 7d 73 63 a1 fe a5 9e 0b 0b 73 50 5b 20 f7 9c 7e 8b 81 23 02 71 4d 22 0a 29 90 24 72 66 b8 1d 11 c4 a1 84 7f 1c 01 12 81 a8 29 1d 1b 52 02 16 b1 e8 8e da b6 3a f4 a3 2f fd e9 bb e4 dc e6 96 eb 2d bb 6e 12 f1 ba 9b bd 38 19 5f 34 00 40 0e 72 0c 06 5e f9 25 df 16 72 66 ef 9d 31 2d ad a2 f0 e2 3f 5a 10 d6 27 f5 8f 91 8a d4 a7 a1 ce 0c 03 eb 33 d2 24 58 bb fc d3 e4 c7 3f a0 40 4f 0c 5e 03 2c 1c c1 79 15 ad 44 5c da 30 de aa 10 91 88 6d 07 c6 61 18 78 d0 8d af 94 58 a4 3d 9c 49 a0 d5 3f 00 08 72 55 06 61 9c c7 09 05 06 aa ad 47 29 dc ce e6 cd de 4b c5 1a 6f 21 4e b7 68 d4 7f 5c 8e 2a 88 43 29 b8 07 b8 34 42 cd 21 88 c0 25 9e ff 75 a0 cf 39 50 63 29 Data Ascii: 4#Q~XwFLcvMQM`}scsP[ ~#qM")$rf)R:/-n8_4@r^%rf1-?Z'3$X?@O^,yD\0maxX=I?rUaG)Ko!Nh\*C)4B!%u9Pc)
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 3b 3c b0 1e b3 e5 67 fd 77 8f 46 1e ad 35 f7 c5 9e ff 74 47 73 ea 93 25 31 8b 21 4a 95 3a 1d 75 a8 8f ba 9d 35 e8 54 44 46 33 59 cb 8a 66 53 ff 00 bb 8d 58 05 96 60 a1 1c 8b 08 53 b0 9b 0d 90 88 d6 f2 1b 6d d3 88 dd 30 ad c2 21 bd 09 a4 40 dc 61 17 7e 7b 13 7c 13 ab 75 b3 0e c8 c9 34 d5 49 be 78 c3 b3 36 fb bc 87 32 23 ca 89 16 fc 90 b7 2f f3 aa 33 ba b0 f8 68 9c ec 1b 41 dc 6a 9d 30 42 b8 1b 4c b8 59 aa c0 78 71 b8 1d bc 97 88 fb 87 aa 93 8e 87 d0 05 8a 19 3e 63 b0 bd 8f b1 80 47 f8 91 8f 6b 81 00 18 1e 26 cc 1e 0c 70 aa 92 b3 80 1c d1 80 2c cc c2 8f 73 1e 63 68 a4 ee 21 2f 91 a1 10 00 7b b9 85 93 b2 96 c8 8b c4 5a 8c c6 90 9a a5 c0 20 54 03 94 03 02 ac f3 93 0a be 18 97 d1 93 88 f7 88 b0 47 d1 28 00 9b 25 38 82 2b ef 13 16 da 49 1a 0e 13 b5 e8 e3 13 c2 Data Ascii: ;<gwF5tGs%1!J:u5TDF3YfSX`Sm0!@a~{\|u4Ix62#/3hAj0BLYxq>cGk&p,sch!/{Z TG(%8+I
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 84 06 68 80 4c 00 44 1b 9b 2b 72 30 83 7f 68 85 00 f8 07 7a 60 80 2e e8 82 72 80 81 49 40 00 32 1c 43 53 8c 42 4e f0 07 55 c4 80 2f c0 00 06 78 45 58 84 c5 2e f0 05 5f 98 84 53 9c 42 72 a8 c3 3b 54 c3 3d 54 03 67 08 45 18 40 00 64 02 bd b8 e2 ab 61 1c 12 02 b9 11 9b 61 b7 1d 93 19 c2 42 ac d5 8b c6 20 8b 91 9b 99 bd 24 91 ac 87 f8 19 6e aa a0 a9 61 02 4b f8 bd 3f 18 89 b0 73 09 e2 a3 16 84 9b 8a 6e b9 9d d8 a8 09 9b 08 07 9f da 83 d6 f2 89 7b 4a 83 01 58 83 1b ca a1 3d 08 07 26 c8 04 9b a8 c7 de 1a 0c ac 30 84 0a b8 85 2c b0 14 2d f0 04 3b bb 33 20 28 83 15 c0 83 03 c0 83 50 e1 0a e7 6a 22 0a d8 2e 41 2b 03 ff bc 28 03 4c b1 14 4c 99 39 9d 63 0b 90 ac 88 4d 50 40 91 b0 ba 67 91 1d d7 c8 8d 62 79 17 c9 d0 81 4f 8b 16 a1 72 09 c7 18 0d d2 38 35 d0 e8 ba 23 Data Ascii: hLD+r0hz`.rI@2CSBNU/xEX._SBr;T=TgE@daaB $naK?sn{JX=&0,-;3 (Pj".A+(LL9cMP@gbyOr85#
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: b8 25 06 a2 12 0a 74 2b 4d c5 54 df 58 11 1e 04 13 44 92 06 db d8 8d 86 86 0f b2 67 68 57 92 2d 30 94 7c a7 d6 13 aa b6 6a 39 f4 57 e7 f1 6a 38 d0 07 54 71 7d 86 b5 15 46 54 2f 49 f4 58 01 99 2f 67 d1 44 04 b9 2f 73 e1 01 48 10 46 14 20 08 ed b7 03 82 20 03 5e 64 08 8d b0 09 15 70 7f 95 71 7f 66 24 01 2a b0 7f 79 a0 46 13 70 0b db 26 01 75 30 92 e3 86 04 9e 50 00 df f0 0d a5 91 80 51 80 1a 0e 68 1c d8 35 48 8a 14 81 c2 95 33 32 73 81 3b a3 07 8b 34 1d 3f 23 07 1c 98 6f 13 e8 81 90 04 82 d0 d1 19 28 18 35 dd 21 5e d2 a7 35 54 d1 07 a6 e4 70 52 73 5e 36 60 14 a9 64 71 98 44 01 19 f7 07 00 d2 71 1b b0 07 0f 70 ff 84 61 29 96 63 39 4c 26 17 73 4d 18 4d 30 c0 0c 84 c8 05 25 92 0b 33 17 23 c2 70 79 da 30 28 54 c8 4d 3a e7 4d cd a3 4f b8 f3 73 e9 00 62 fe 35 86 Data Ascii: %t+MTXDghW-0\|j9Wj8Tq}FT/IX/gD/sHF ^dpqf$*yFp&u0PQh5H32s;4?#o(5!^5TpRs^6`dqDqpa)c9L&sMM0%3#py0(TM:MOsb5

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	587	OUT	GET /img/GYyh_1300x240.gif HTTP/1.1 Host: ig32.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	1082	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 5236 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb83e838bd5f7cf-LAX Content-Length: 510915 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:10:42 GMT Etag: "67700bb2-7cbc3" Expires: Sat, 01 Feb 2025 03:43:26 GMT Last-Modified: Thu, 02 Jan 2025 05:10:42 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R32eRPa7TgouhQukKuPZH7BB45gKyDCimQsJuytTiMMwqRcbkWoO7kwkm4vDU5VVA5zfkKgu%2BzQj7DQStCuF%2FqRsCflvoO2a58WGmWc6r3iLgrOrSlrqjrZd6WXm7unwsw%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=883&min_rtt=739&rtt_var=45&sent=347&recv=38&lost=0&retrans=0&sent_bytes=487017&recv_bytes=3529&delivery_rate=320863636&cwnd=412&unsent_bytes=0&cid=3e24dfef123ab61c&ts=8613&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:34 UTC	104	IN	Data Raw: 47 49 46 38 39 61 14 05 f0 00 e6 00 00 59 10 01 66 76 b5 9f 1b 02 f1 25 15 fd c3 22 fd e8 80 f5 62 14 db b4 97 b6 6e 6c f2 dd cf 90 70 6e 2a 06 69 8f 88 94 dd ff fc 8b 75 8d dd cf c0 d7 72 47 cf 72 68 ba 44 44 4c 20 70 b9 4c 2d 74 5e 58 f9 6f 40 20 04 05 f8 71 64 b6 72 4f 88 88 cc d4 f0 d4 c3 aa 87 b8 b0 d0 bb Data Ascii: GIF89aYfv%"bnlpn*iurGrhDDL pL-t^Xo@ qdrO
2025-01-02 05:12:34 UTC	2372	IN	Data Raw: 42 04 77 88 b9 d9 db ee ac 77 84 aa 91 af 83 76 ad 6d 3a 1f 93 67 53 8f 40 2f 90 aa d2 c4 6a 28 ba ae b1 b9 33 39 cf bb c6 bf 82 04 97 52 42 8c 41 05 be cc e9 ff 30 35 55 81 d6 94 6d 01 8e aa b3 b4 99 c9 97 b6 e7 97 6a 2f ab bb e2 9a ab 8a cc 55 66 f5 8b 7a ff 55 66 ee dd ee cb cc ad 76 4d 6f cc 44 44 66 88 dd ff 44 3a ff 44 55 ff 55 55 dd 55 55 88 88 aa a8 9a 82 ee 55 55 ee ff ff 77 86 cc 77 99 ca ff ff ee ff ee dd 88 88 bb 78 99 dd cc 55 55 66 80 cc ff ff b8 99 88 aa a6 88 72 ff ff dd bd 88 74 88 99 c3 88 99 a6 aa 88 99 99 88 bb ff ee ee c5 99 75 ff 55 3c bf 99 9a ec ee ee 99 99 bd bb 55 5e eb ee ff dd 55 43 ee ee dd dd 43 44 ff ee c3 ca 55 3d 77 88 dd bb 88 99 aa 99 99 ff ee ff 66 99 dd ee ff ee 99 99 a7 77 aa cc ee ee c8 e0 ff dd eb ff c2 ee 44 33 66 Data Ascii: Bwwvm:gS@/j(39RBA05Umj/UfzUfvMoDDfD:DUUUUUUUwwxUUfrtuU<U^UCCDU=wfwD3f
2025-01-02 05:12:34 UTC	538	IN	Data Raw: 74 0b 4d 74 d3 e8 b4 57 c0 c6 08 44 2e f9 e4 46 da c0 b8 36 02 17 20 8e 17 1c 48 4d 24 00 d7 c8 3a 2b d2 5a 2f 9c c0 12 63 7c 0d 76 d8 63 4f ec e5 42 44 b6 20 7b 40 09 70 a0 76 db b8 e7 3e f7 ee bc 27 3e ad db be db ad 32 ca 5f 74 70 c3 0b 20 24 ef c5 f2 3c 24 ff c2 f1 56 64 97 77 53 c5 1f af 3c f3 cc 3f 6f 7c f4 d3 93 55 83 f5 d7 67 ef fc ff 09 4e 00 6e 7e df e7 ff 9d be e0 ec 13 8e ed e1 f0 23 1e 3c 9e 43 33 7d b9 36 48 ff 3e f9 fe 83 8d c6 78 05 ab d2 1c 91 e6 e1 39 d0 61 83 04 28 b0 c0 e8 08 50 ba 05 65 ad 07 55 88 a0 04 27 a8 ba d5 b5 6e 4b 12 31 1b ec 64 07 86 0e 56 21 6d b7 d3 9d 08 47 d8 ac de 99 70 7e 24 44 a1 f0 f4 74 03 ec 95 ee 85 30 8c 21 0f 6e 20 bd ee 69 a0 03 2e 94 a1 0e 4b d7 01 f7 a9 a8 85 3b 0c 22 0f db b7 3e f5 a1 cf 88 48 2c 22 11 97 Data Ascii: tMtWD.F6 HM$:+Z/c\|vcOBD {@pv>'>2_tp $<$VdwS<?o\|UgNn~#<C3}6H>x9a(PeU'nK1dV!mGp~$Dt0!n i.K;">H,"
2025-01-02 05:12:34 UTC	4744	IN	Data Raw: c5 28 2f 51 c0 d1 7d 84 a1 04 d9 b0 9a 32 99 c9 82 50 a1 ee 33 a0 99 23 45 57 ca 52 8d 58 13 83 d0 cc 26 37 67 ea 4d 71 8e f3 a6 86 cc e9 39 77 6a 4e 74 12 6f 9d bf 99 e7 0e 63 9a 4c 8e 9a e1 a8 c9 04 a4 1c 87 4a 4a 13 15 0f 92 44 2d 2a 52 93 4a bb 37 ee b0 87 7d ff b2 c2 0b a0 7a 00 82 48 75 aa 54 75 66 10 e3 59 50 82 ba 08 04 4d 35 ab 5a d7 5a 56 83 aa f2 ad 70 4d a8 5c 17 4a d7 86 da 55 85 01 89 68 2d 51 50 48 2c 4e e9 af 53 82 00 05 fc 02 ba 33 56 d5 34 d4 30 c7 32 97 d9 d5 37 1a 36 8e 15 74 29 1e 5f 5a 20 6c ca 94 a6 10 09 a4 4d 71 8a 36 07 7a a9 6c a0 5d c1 37 fb ca d3 d2 f6 54 2f 1a 4c ad f1 b6 f7 b3 d5 ba f6 b5 51 ac de 6b 61 0b 54 9c 08 55 86 5b 10 ac 07 76 cb db de fa 76 b7 09 34 e9 55 49 74 5b 18 06 f2 a8 bf 4d 2e 6f 51 a0 d4 e1 8e 28 9f 41 ac Data Ascii: (/Q}2P3#EWRX&7gMq9wjNtocLJJD-*RJ7}zHuTufYPM5ZZVpM\JUh-QPH,NS3V40276t)_Z lMq6zl]7T/LQkaTU[vv4UIt[M.oQ(A
2025-01-02 05:12:34 UTC	5930	IN	Data Raw: 5f 79 85 6a 18 68 a7 d5 1a dc 6d b8 e6 2a 1b ab 1d f4 ea ab af 9b 41 82 9b 6d c4 e6 66 ec b1 ba f9 38 13 71 66 42 a2 dc b3 d0 46 7b dd b4 d5 55 4b ed b5 dc 69 97 06 86 2d 74 bb 42 06 d6 90 d7 c8 21 e4 55 d1 5f 81 24 00 00 c0 16 1f 1e 80 88 01 2e dc 87 02 7d 16 a0 70 1f 09 28 ec 77 ae 2b 39 cd cb df 2b fb c6 72 d1 2b 0a 32 68 70 23 9a 94 f1 e0 84 0c 37 6c e1 c3 a3 b8 98 01 04 a9 50 1c f0 c5 21 8a 48 a2 c6 26 fa a2 62 01 54 78 27 f1 24 5a 50 d4 cd 8a fe 88 53 54 c9 2c b7 dc 32 05 32 3a a9 a7 cb 34 3f 02 24 94 48 12 f9 25 ce 56 0a 78 33 cf ec 3c 09 34 38 2a db f1 00 95 42 26 14 0b b8 fc 24 6d 50 81 e7 74 e8 8e 38 1b ad ff 0c 09 4e 2e 68 09 e8 a0 52 95 e4 35 d7 28 4d f5 65 59 cd e2 c8 54 4f 60 87 5d df d7 69 9b 34 95 4c 64 c3 98 b5 33 68 b7 cd f6 dd 60 bf 5d Data Ascii: _yjhmAmf8qfBF{UKi-tB!U_$.}p(w+9+r+2hp#7lP!H&bTx'$ZPST,22:4?$H%Vx3<48B&$mPt8N.hR5(MeYTO`]i4Ld3h`]
2025-01-02 05:12:34 UTC	7116	IN	Data Raw: 65 ee be fb 80 2e d4 49 3c 45 05 e0 36 f5 fd 64 fa b2 bb 76 f7 3a 8c 46 c0 16 09 93 10 9a 68 f0 6e f1 3e 67 a4 a1 16 f0 fe 04 f7 7f b0 91 36 08 59 b8 e8 22 20 26 58 64 65 08 4c a0 71 2e 86 31 0a 38 70 2f d0 e3 18 b1 10 d0 1d 94 55 50 3b 23 2b 99 c9 c8 f5 31 ee 89 8f 65 8b c8 12 27 96 76 34 af 11 49 67 0c 32 e1 e1 b4 87 42 10 0d 89 10 3e 03 d0 d9 22 94 c2 17 02 a0 66 4a 0b 86 7c 92 86 b5 1e 1a 4d 10 88 c8 61 d3 ec 80 a5 18 e2 a7 6a e9 f1 21 69 0c 47 b3 44 30 4d 85 f2 99 53 36 08 31 9a c1 11 ee ff 7d 19 c0 92 95 16 96 24 c5 b9 4c 44 d9 f0 c4 d9 ec 67 0c 2b 62 a2 37 b6 d9 e2 65 d4 66 c6 c5 bd 6d 77 51 13 53 19 07 77 c6 2d a4 d1 4a 2b 4a 1c db 30 91 a2 13 6e 0e 72 80 8c 1c e5 4e 67 ba d7 55 2e 0c 88 bc 5d 3b 16 82 a7 43 66 aa 74 89 12 d4 07 42 b7 28 87 50 12 Data Ascii: e.I<E6dv:Fhn>g6Y" &XdeLq.18p/UP;#+1e'v4Ig2B>"fJ\|Maj!iGD0MS61}$LDg+b7efmwQSw-J+J0nrNgU.];CftB(P
2025-01-02 05:12:34 UTC	8302	IN	Data Raw: 96 37 3b 42 58 19 9a d7 0d fa f6 1f fc b6 43 15 17 67 e6 c4 65 a4 e7 65 4f 08 85 46 40 51 e7 b2 70 ae a7 71 c7 22 7b 4b c8 08 e0 20 70 e3 14 44 90 85 85 8e d7 72 18 f7 00 be a7 5c e0 27 08 a3 71 40 fb 53 86 25 27 7d e4 95 4f c9 57 73 e9 45 00 dd e4 86 6f 78 18 5a e4 0f c6 c7 51 33 67 47 de 87 7d 2a d3 87 a4 c1 78 3b 57 88 9d a6 6a e4 f7 88 8d 84 7f 51 05 02 34 b0 7f fc 77 89 98 f8 7e 59 30 7f 49 67 7f 49 21 89 07 48 07 99 38 8a 98 48 07 f2 d7 5f 1b 88 49 56 b1 80 5e 50 89 97 18 7f ae c6 80 a9 f8 80 66 c1 8a 94 28 8a 9a 48 03 50 e5 5e b4 18 81 be e8 49 b7 81 2b 15 38 8c c4 28 4b 36 38 1d 52 f3 34 fe 53 01 6d d7 8c 2e 54 6d 0b 60 40 27 88 82 2a c8 ff 6d 80 86 1c 16 e0 01 f6 02 6e 80 d7 63 31 28 83 c7 18 8e 37 18 29 88 51 42 89 b7 83 ef d6 7a 90 13 5c 47 c5 Data Ascii: 7;BXCgeeOF@Qpq"{K pDr\'q@S%'}OWsEoxZQ3gG}x;WjQ4w~Y0IgI!H8H_IV^Pf(HP^I+8(K68R4Sm.Tm`@'mnc1(7)QBz\G
2025-01-02 05:12:34 UTC	3662	IN	Data Raw: f5 57 7b f5 5f bc ed dd 9e d0 a1 e1 db f3 1a ef 07 5f ee 1d 5d 2f cd 6d dc c7 dd d1 5b a0 dc 57 8e 08 df e1 e4 00 2f ef 86 30 c2 68 3e 29 1b 6c f0 80 cf 5a 83 cf e3 27 0d d3 50 7e 08 a2 69 dd ee 98 62 8d 0f f0 33 ad 8f 23 b0 7d 94 bb f4 9a bf f9 9c ff 04 28 3c ba af 3b f1 b1 3c b4 16 3f d4 8d ad d6 1b ef e9 ae 83 9d f5 50 ff df 21 ff e8 3d 74 92 89 ca 88 41 91 01 fb e0 ed cc cc f2 20 e1 f2 30 0f f3 31 bf d6 33 4f f3 36 3f fc 38 8f ea 3d 7f fc 3e 1f f4 ca bf fc 48 df fc 4e 9f 4e 49 ff fc d2 3f fd d4 6f fb d6 7f fd d8 9f fd 51 5f eb c3 62 ce e7 ec 82 59 af f5 2a 32 f5 d7 4c d7 d1 2e f6 01 4c ec d6 5c f1 61 bf f6 b8 af d0 90 df b7 1c 14 f0 94 ff e5 f6 5e d2 8a bf 83 79 6f f8 93 0f 08 05 13 0b 84 0b 23 83 85 09 65 51 05 8d 05 04 90 91 92 93 8e 8d 04 06 14 85 Data Ascii: W{__]/m[W/0h>)lZ'P~ib3#}(<;<?P!=tA 013O6?8=>HNNI?oQ_bY*2L.L\a^yo#eQ
2025-01-02 05:12:34 UTC	10674	IN	Data Raw: 8f 0e 48 97 46 1a a8 81 da 42 1a c8 9f fb f9 9f 88 4a a0 42 96 7a 01 3a 12 04 49 06 69 80 ff a0 92 9a a0 4a 42 75 2b 78 a9 3b d9 a0 58 f2 a3 ca b2 40 9e 9a a9 5a 91 28 98 5a 10 e0 57 9e d4 76 a2 0b 99 aa aa fa a1 ac 0a 1b ad 8a a1 25 1a 0d 3a c0 18 a5 83 19 ac 58 45 30 9a 12 3a c1 1d c1 d0 36 ba fa 69 50 8a 9a e8 26 71 a2 a3 9b bd ca 1d a5 c4 62 14 00 9b ca 12 a4 c3 7a a3 54 95 8e c7 5a 1c 02 91 a7 2a c1 ac 51 e8 a4 d5 17 ac c2 1a 7e bc 38 9c fc 61 6f cb 69 94 58 ea ad e0 9a 2b 4c a9 0a 96 e4 9d ce 49 2a aa c2 49 64 ea 08 c4 42 02 f3 87 48 5c e1 8a 14 86 8d 9a 45 78 6c 2a 50 86 f7 8d 61 d9 91 64 99 4a e5 b8 2f 26 73 04 08 9b b0 0a bb b0 0c 0b 45 ca c0 02 d5 ca 96 0a b8 a7 7c da a7 f4 59 9f 74 f9 19 82 ba 62 29 51 5c bb e6 b1 86 da 97 c4 45 12 89 aa 5c 8a Data Ascii: HFBJBz:IiJBu+x;X@Z(ZWv%:XE0:6iP&qbzTZQ~8aoiX+LIIdBH\Exl*PadJ/&sE\|Ytb)Q\E\
2025-01-02 05:12:34 UTC	11860	IN	Data Raw: 0d b3 48 8b a6 20 1f b7 18 96 a6 50 1f 57 54 96 02 80 09 69 89 2d 74 23 92 bf 28 6a c1 c8 80 cb 18 0e 70 87 8d ad 80 8c 48 25 8d 73 d9 8c 09 56 8c d1 28 8c 6a 37 57 08 c1 04 db 38 78 e2 30 76 da 78 60 e3 b8 77 7a 19 0d cd b8 98 93 24 98 1f f2 60 e8 98 6d ea e8 8f 45 d2 7a d8 d3 8e 25 50 8f f9 38 31 aa 35 8f 89 b0 02 2e 86 ff 99 4a 01 90 d5 e8 87 e4 a3 8f f1 88 2e 4f f2 84 43 68 9a 32 71 6d e2 88 84 2e e3 53 5a c8 77 30 a2 9a 5e 02 56 09 a9 90 0b c9 90 bb e7 05 77 e1 00 10 19 91 90 c6 86 ed 45 89 c5 47 88 b6 25 7e d1 35 71 34 84 36 4f 50 9d d6 b9 75 79 28 87 a7 85 7c a1 c9 4e 88 08 2a 26 d9 72 de 37 93 b9 91 43 db a7 50 5d e3 27 2d d0 93 a5 38 83 16 f9 35 7b f3 3c 9c 28 95 54 59 18 a8 78 95 1a 94 94 43 57 18 ec 69 19 c7 30 66 7d 76 0d 89 f5 9f 38 69 38 89 Data Ascii: H PWTi-t#(jpH%sV(j7W8x0vx`wz$`mEz%P815.J.OCh2qm.SZw0^VwEG%~5q46OPuy(\|N*&r7CP]'-85{<(TYxCWi0f}v8i8

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	631	OUT	GET /media/dd9a87_4314275b0467418ab4bd32c8da4d6358~mv2.gif HTTP/1.1 Host: static.wixstatic.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	766	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 1016730 Connection: close Server: openresty/1.27.1.1 Date: Tue, 31 Dec 2024 15:54:08 GMT Expires: Tue, 31 Dec 2024 16:54:08 GMT Cache-Control: public, max-age=15552000, immutable Last-Modified: Wed, 27 Nov 2024 13:34:44 GMT ETag: "294291294d851fecadaf4c11864f83e4" Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Timing-Allow-Origin: * X-Seen-By: gcp.us-central-1.media-router-9fdb4b487-fktdr Via: 1.1 google, 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront) X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA6-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: Nw-r-3inCFznc9VPxaIyVpoHNrRsTOOsgiNQNqxpdsTDlIm2tUaUFg== Age: 134306
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 f7 ff 00 aa 76 54 fe 33 90 50 89 f4 f5 f0 f9 a2 c5 fd 8d 67 cf 83 ac f7 9b 9b 99 cc cb ca d1 a5 77 a9 a7 9a ed ba b0 53 4c 45 aa 89 77 b4 55 b8 6b 77 e2 d6 45 a6 2a 1a 14 ce aa 98 ec c7 9a fb ca b0 c7 bd c7 52 37 32 bc 99 89 37 91 ff cc 4a ab a7 9d a7 f4 d7 ec f6 ae d3 8b 4e 34 4a 2a 16 e7 ae 7a eb 9d a1 7a 7a 85 c1 d1 fa 7a 62 48 98 6a 63 fc 6d ad d9 9b 78 f6 96 c5 cc 8f d0 66 66 58 ec 3c 9a b7 67 ba d6 6c ba 64 30 1a 64 5a 65 cb 9d 85 db 9b a5 d6 e5 fe a8 a7 8b db ad 97 fb c6 df b6 b5 9c a8 5b c0 c9 c7 bb cb 99 93 ab a9 a9 89 66 54 b9 b5 ab fd 51 9f b0 76 c2 d1 ac dd 93 5a 64 ab 5a 62 7a 64 54 c9 78 68 8f 7a 87 9b 85 60 81 38 42 95 8b 87 89 89 87 99 76 66 d7 a5 8f a7 9b 97 b7 ad ab d9 99 87 bd bd b3 76 78 74 cd 8b 92 e9 9b Data Ascii: GIF89avT3PgwSLEwUkwER727JN4JzzzzbHjcmxffX<gld0dZe[fTQvZdZbzdTxhz`8Bvfvxt
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: e7 1c d2 19 10 01 ab f6 27 ad d2 2a 1d 46 ec 1c ce 5e 5c e8 a1 1f 1e 48 ed 49 95 a2 91 93 a8 ec 1e af 86 83 52 85 c3 bf d1 23 cb 38 5f 0c 2a 0c 54 aa a1 9b 42 43 10 b8 40 25 48 62 b4 d2 58 40 d6 41 0b 2a d2 32 30 69 9c 95 86 23 bc 0d 1b e4 c3 3b 6c ff 16 00 8c 28 00 b0 ce 1c d4 46 91 61 5c c6 35 80 8a 1a 49 6e 74 5e eb 86 5f 2d 0c 69 91 36 40 18 a4 42 72 a6 68 1e d0 ae ed 7e c2 1c 20 e9 24 c1 01 1c 28 dc 3d 8c 80 32 d4 01 8d d5 41 cc 64 c2 2c 40 29 36 92 91 11 fc a7 de 04 22 4f e5 67 27 18 c1 11 8c 03 a2 f8 19 87 e0 c1 d8 f5 4d a0 ed 21 87 c8 45 dd 06 10 a7 0c e5 3a da 05 1d 30 90 01 ad e9 34 0a 88 e9 15 8a 9b ce 02 9c 56 81 17 40 c3 08 90 96 55 b6 20 a7 55 6b 25 44 97 8d dc 83 f5 e9 80 17 b1 e7 9f be 86 25 c5 46 7a 4a 5c a1 5a 41 72 46 44 2a 94 03 a5 96 Data Ascii: 'F^\HIR#8_TBC@%HbX@A20i#;l(Fa\5Int^_-i6@Brh~ $(=2Ad,@)6"Og'M!E:04V@U Uk%D%FzJ\ZArFD
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 70 36 63 78 86 7c ce 00 9d 30 15 04 7a b3 2d 0f 82 11 e8 32 10 aa 43 ae 03 41 aa 1b ff da 29 7b 60 b2 99 e7 c4 52 e7 05 c4 6c 27 4d 05 ad 8a 3a 10 05 9b a3 81 1a 15 94 fc 12 e6 db 14 94 70 9b 03 eb 97 80 9b c6 68 a0 83 32 58 7c f9 e7 86 70 ac 0f c3 27 68 b8 b5 32 62 03 07 29 b0 c7 ff b0 0f d8 12 0b 1f b8 b1 74 60 b2 ee 01 b6 d9 a8 c8 9d 99 8d 14 6c 27 0f b5 54 56 80 67 c2 f8 14 b2 49 bb 7c fa 12 a9 7b cd 48 ad c9 d7 5c cd b4 1b be f7 c9 b7 3b ea d4 eb 98 b4 09 0d 9b 47 0a 7b ec 96 5f d2 ca 73 c5 24 10 43 b0 22 fb 41 05 58 75 14 e7 50 b6 0e 9c 8d 51 b3 c8 30 c1 29 d6 c6 29 9c e2 02 bc 43 bd d8 60 6d 6b 00 23 0a e2 36 42 08 ad 2d b7 6e b2 4a 10 f3 e8 97 3d 69 d8 4d 21 cd 5c 5c 10 d0 5c 10 45 dd 05 94 30 be 7e 3d b4 7e 4d 9b 78 59 10 fa c8 c6 a3 8c c3 ba 07 Data Ascii: p6cx\|0z-2CA){`Rl'M:ph2X\|p'h2b)t`l'TVgI\|{H\;G{_s$C"AXuPQ0))C`mk#6B-nJ=iM!\\\E0~=~MxY
2025-01-02 05:12:34 UTC	15108	IN	Data Raw: a8 48 ac 52 85 0a 44 4e 55 32 f5 f9 b7 f1 1f b4 7f 23 04 8e 18 d1 87 e4 88 52 41 fe 05 59 19 04 4e 10 1d 5e f0 c1 11 38 53 a0 a3 82 05 e1 e0 d3 f1 6f a6 97 94 5e 4a a5 28 39 91 0a 30 60 d9 ce 58 38 83 b3 a9 d3 a7 50 a3 4a 9d 4a 55 60 26 81 c0 08 56 a4 52 09 9a 43 87 9c a0 55 f9 77 f1 5f 15 68 99 46 40 bb a7 12 e5 c0 94 74 58 aa 74 e9 a8 65 4f 81 3a 1c f1 fc b7 05 df c0 9a 36 ff 21 99 e9 08 0e e0 96 29 fb 78 a9 12 a4 4f 25 60 0b 67 59 00 e6 a2 aa e5 a7 31 04 1a 10 71 b9 73 d3 2d 63 a8 30 a8 c2 70 a0 c4 7f a1 67 49 84 38 f6 df 2c ab ff 32 8d ad d2 27 31 c9 81 25 05 a6 74 8b 2f a4 61 81 5e 74 a4 fc 47 e2 df 4d 9b 33 f1 dd ec eb 88 ce bf 1f 70 9c 97 f2 a2 bb 76 10 65 7d 2a 32 a0 92 74 1f 3b cf e0 0d 08 ff 10 21 fe 01 01 f0 9e ef 34 e4 d8 da ac 57 ae 12 e1 57 Data Ascii: HRDNU2#RAYN^8So^J(90`X8PJJU`&VRCUw_hF@tXteO:6!)xO%`gY1qs-c0pgI8,2'1%t/a^tGM3pve}*2t;!4WW
2025-01-02 05:12:34 UTC	30	IN	Data Raw: 1f 6b 66 40 ce 3f d0 55 a8 dc ce 2a 28 01 d1 62 d8 11 68 81 03 ad c1 21 75 98 41 a4 a5 ea Data Ascii: kf@?U*(bh!uA
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 90 e2 19 97 d3 a9 cc 8e 56 c9 4a e7 72 31 ad 14 67 2f 87 b1 74 86 8c ad d8 93 3d 65 86 11 1c c0 3f 04 83 11 dc 81 27 04 43 30 1c 01 36 68 4c bc f6 4e 90 8d d2 ed 98 df d2 e0 1b be 22 23 06 47 8d 0e e5 c4 78 6d 0a 09 fb 63 77 55 42 0e 8f 44 0b c8 f3 24 27 42 25 60 42 24 fc 40 07 d4 70 22 2c c3 0f a0 d1 f5 d8 81 b2 b1 81 dd 8a ac 96 30 46 66 9c a7 4b d4 10 53 29 87 17 04 c3 1d 10 c3 8d 38 84 cb 68 01 ba 49 e1 8a a9 ca 2a fe c3 22 4c de c6 74 02 ab 58 6b 6a bc 08 17 67 86 2c c6 62 8c c9 a2 cf f6 f5 9f d9 96 13 22 a1 5d ab 65 6e 69 03 31 b0 b4 36 1c 40 30 e4 c1 17 68 0c 3b cc 82 b4 88 52 74 60 89 eb 19 ff 55 26 b8 40 e0 02 96 d8 dd 84 97 b4 52 88 64 30 1c 18 19 75 2c 43 26 75 2c 26 70 43 34 9c 01 26 08 0f 27 fc 40 77 fc 80 dd 62 42 22 94 42 24 ec f3 3f 00 82 Data Ascii: VJr1g/t=e?'C06hLN"#GxmcwUBD$'B%`B$@p",0FfKS)8hI*"LtXkjg,b"]eni16@0h;Rt`U&@Rd0u,C&u,&pC4&'@wbB"B$?
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 6c 60 80 a4 84 86 73 5c c9 75 1c 01 6f 28 05 1d 78 47 1d 88 47 00 40 b2 25 4b 03 7b 00 23 90 0a 0e e2 20 10 25 29 08 6c ab 8a 7f 08 05 be bc 32 ff df 99 33 09 68 ad a0 92 1a ea c8 0e a1 d2 0e 09 7b 29 9e ba c8 24 44 87 1a a8 0e e9 e0 48 cc 5b aa 9d e3 41 5b e0 c7 e0 00 19 2f 22 01 c1 22 81 06 a1 a4 7f 68 07 56 fa 2a 2e 6a cc 10 58 03 ea 5a 28 50 b8 c3 38 2c 18 b1 b2 40 ee 19 89 58 5a 11 2f 18 9f f7 fc 07 ea f2 02 7c 68 18 dc f3 82 85 b2 2e 12 3b 03 7c 61 00 60 68 07 4c 18 3e 35 38 44 81 0b 02 1d 90 4a 47 e0 1a b7 f3 ab 4f b8 9f 3c 70 8c c6 21 19 8b 83 0c 40 28 92 ed 5c 21 95 e1 cd aa 50 23 29 21 90 39 e1 3f 3d 49 c2 5b 40 27 09 20 c2 e2 dc 0a 18 68 ad 24 00 c5 1a d5 b9 fe db c5 5e 8c 9c 7f c0 3e 01 64 b8 c8 f0 ab e7 13 34 d8 50 86 4a 68 ba 16 f8 07 67 70 Data Ascii: l`s\uo(xGG@%K{# %)l23h{)$DH[A[/""hV*.jXZ(P8,@XZ/\|h.;\|a`hL>58DJGO<p!@(\!P#)!9?=I[@' h$^>d4PJhgp
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 01 ae 50 10 33 70 93 b7 f0 0f 2d 0a 84 37 99 87 40 07 84 3a a8 7b 2f 40 0f b3 86 03 28 46 67 9f d5 0a 49 f7 84 25 c5 45 44 44 38 f7 82 20 0e d2 22 a2 81 81 2c 52 05 d4 80 8d 29 80 8d 12 fa 0f d5 39 15 28 30 5d 63 59 8e 2e 78 8e a5 a8 8a 4f 91 49 a0 d5 0a f3 96 29 85 b0 8f 4e 21 06 04 25 05 2d 2a 10 12 e0 7b 32 2a 10 7a b8 59 37 2a 6b b8 e7 97 38 96 59 77 f0 51 36 b6 80 4a 94 4d 92 07 07 36 01 25 6a a2 15 f8 04 71 d7 e7 02 e7 30 06 0f d2 8d e7 70 0e 9a ff 28 15 9f 23 96 22 89 a5 ff 60 00 69 99 72 04 70 72 20 ba 14 76 f3 72 2f 56 97 db 11 9b 4e f1 83 85 a0 a6 03 f1 9e b3 d9 a2 ad 99 04 70 66 87 28 66 87 7c 58 78 04 d1 8f 00 89 88 ba 86 78 51 d4 00 03 94 40 d0 43 24 05 13 04 75 b0 75 55 39 7d 91 12 0e 0e 9a 8d ab e2 02 c4 fa 0f 7b 30 a5 51 31 8e 1b 5a 96 93 Data Ascii: P3p-7@:{/@(FgI%EDD8 ",R)9(0]cY.xOI)N!%-{2zY7*k8YwQ6JM6%jq0p(#"`irpr vr/VNpf(f\|XxxQ@C$uuU9}{0Q1Z
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 7c 83 a4 7b 1a 04 1f cd 20 3b f3 0a 0c d2 b3 8a c0 94 55 2e 56 64 00 cc 02 03 17 55 33 6b de cc f9 29 30 71 16 04 82 4e 98 f0 9f 44 cb a7 4b 03 5b cd b1 4a 95 4a a4 a1 85 fc 68 f7 1f 4a 9a ff 52 b2 d4 1d b3 54 10 df 70 e0 d0 f4 c2 57 47 70 81 5e 70 fe 4b 3e e2 f7 cc a1 d0 5c f4 f1 18 79 d6 18 60 75 2c 2c 15 d8 a8 b3 f7 ef e0 45 6f ff ac f4 10 da 3f f2 b2 dd 16 75 4b e5 9f 5b 85 54 c2 52 31 cf 36 e5 3d 4e ff 4e 8e 14 0a ed 20 71 9a 79 d1 04 98 40 74 cc f4 8f 62 ff 38 82 8f 5f 03 0a 84 0f 3e c4 19 87 db 62 76 79 21 5d 15 2e 8c f1 d0 2c 16 88 b3 cf 3e e1 85 28 a2 54 dd 24 64 1e 7c 0c a4 18 9f 8a a4 29 f4 cf 18 8e c5 e8 1a 51 ae 65 82 19 34 38 fe 93 02 4b 2c dd e3 db 4b 33 15 e6 0d 4e 70 e0 54 ca 82 7c 21 d9 97 40 70 20 e9 05 60 c1 39 a9 52 1f be c5 44 45 26 Data Ascii: \|{ ;U.VdU3k)0qNDK[JJhJRTpWGp^pK>\y`u,,Eo?uK[TR16=NN qy@tb8_>bvy!].,>(T$d\|)Qe48K,K3NpT\|!@p `9RDE&
2025-01-02 05:12:34 UTC	16384	IN	Data Raw: 6f 5f 81 5f 82 25 1c f8 0f cf f9 7f 74 24 ae 5f 1f 8e ce 1a 87 18 05 62 14 1f 99 d8 d7 cb 95 f7 63 96 61 04 a6 95 0e 60 e5 88 59 96 f1 82 04 5e 00 78 27 8d 54 04 b2 23 0d 3b 54 4b 23 b5 7f 78 f1 e3 12 5e d4 e8 60 99 7f 30 01 c6 82 33 3c b0 c0 83 7f 8c a8 21 2b 23 94 68 69 11 84 8e 38 80 98 f2 04 62 65 91 03 5a fa e8 80 3b f4 33 4b ff b2 e8 04 fa 8a ac 7f c6 39 c2 08 67 40 71 86 2f 22 d5 43 8f 49 82 fe 01 85 8e 3d c6 48 61 8f 58 62 f9 67 8d 14 ce f9 a7 0a 88 da fb e7 08 b1 2c 2b a8 a3 03 82 ec 2f 24 b4 d4 f2 48 06 e8 fe 19 a2 8f 2a 74 60 43 a0 3c 74 9a 03 8b 7f ec e0 a9 42 21 00 98 c3 8f 62 2c e1 a5 83 4c 6a e3 06 98 a8 2c 60 40 14 05 1c 45 8e 15 e7 d4 4a 69 25 62 cc fc e7 00 e0 aa 6b cb b2 31 2b 4b 8b c6 95 6e 14 f2 88 2f 7e d4 a2 45 81 bc fb 22 04 8c be Data Ascii: o__%t$_bca`Y^x'T#;TK#x^`03<!+#hi8beZ;3K9g@q/"CI=HaXbg,+/$H*t`C<tB!b,Lj,`@EJi%bk1+Kn/~E"

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	588	OUT	GET /img/fftyc_1300x240.gif HTTP/1.1 Host: ig38.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	1092	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 6613 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb840eb880ffb38-SJC Content-Length: 497098 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:12:21 GMT Etag: "6773daf0-795ca" Expires: Sat, 01 Feb 2025 03:22:08 GMT Last-Modified: Thu, 02 Jan 2025 05:12:21 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZfKFw3GmchSPg4FVe4FMR3zalGbfAH4vt2zVufBRq4TflQSvBLS3Sin0et%2Fvalu%2BmjHSeoG5LhzWcZjga15yzydhVdJpyPExy7L7QziCXGV0gGOzxJeI4XeQKXRYLYybw%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=11264&min_rtt=10000&rtt_var=465&sent=1866&recv=133&lost=0&retrans=9&sent_bytes=2641737&recv_bytes=8271&delivery_rate=10012555&cwnd=690&unsent_bytes=0&cid=a69495051c0abe8a&ts=32473&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:34 UTC	94	IN	Data Raw: 47 49 46 38 39 61 14 05 f0 00 f7 00 00 ff dd 2b 17 04 03 fe f1 a0 32 5f ae da b4 54 ef a8 94 a1 ac 53 24 8c 55 d5 cc 51 fc ae 05 ab d5 a0 b3 89 2c d2 ad 35 d5 cc 6f 71 48 12 4f 97 55 68 28 01 24 90 cc e8 72 64 f8 93 07 9d d7 e0 b8 69 04 5f d8 a9 d0 27 2b 47 0d 00 5c a3 ce 32 cc b9 Data Ascii: GIF89a+2_TS$UQ,5oqHOUh($rdi_'+G\2
2025-01-02 05:12:34 UTC	2372	IN	Data Raw: 93 67 29 4f 23 01 6b 95 52 90 4c 09 d4 71 0b f5 97 2f ba 23 27 25 b3 be 05 5e 1c 8b 4f 25 b6 b3 b0 92 92 8c f5 da c6 92 6a 46 8d b4 d8 6f 6f 71 d4 73 29 d6 89 0f 73 99 68 b9 bd 59 af 4f 0a 75 aa 6c 4d 4b 4f d6 4c 2c bd b2 86 91 6a 0f 6c ce ce cb 24 e8 52 94 67 fc 2f 24 fe f0 0c db cf 2f b2 2a 0c 91 2a 09 cf ee f4 f8 4a 2f ab 7c 4f 90 b8 86 76 33 21 70 b6 86 33 44 55 33 48 76 47 48 6b 8c 09 0a b5 8c 0e 90 77 65 53 91 05 6f 04 02 b9 b0 3f 4d 84 ba b4 4a 27 db af 0f 4b b8 bb b6 11 22 f9 70 34 f3 73 06 73 4f 3f b7 95 7a 27 7f bd 96 8a 36 d6 28 0d d7 ee ce 70 8b 8c d1 4c 0a 90 b7 b1 41 b1 6c 6e 8d b9 71 6b 46 0d 88 3d 0d b3 b9 f0 24 17 6f b4 bf af 0b 05 e6 28 54 32 32 4a be 51 47 51 69 7b f8 b2 cc 4a 71 3c 0e 89 bf d4 0e 09 cf db f2 f7 4b 07 bc 82 68 30 88 95 Data Ascii: g)O#kRLq/#'%^O%jFooqs)shYOulMKOL,jl$Rg/$/**J/\|Ov3!p3DU3HvGHkweSo?MJ'K"p4ssO?z'6(pLAlnqkF=$o(T22JQGQi{Jq<Kh0
2025-01-02 05:12:34 UTC	538	IN	Data Raw: b8 ac 45 c0 06 20 7a 28 22 aa 75 a5 4a 8c 31 b1 18 ff 53 e2 60 3c 9a b0 a2 62 2f e6 2a 23 64 9c 55 86 a3 66 36 c2 60 42 61 40 78 66 ec 67 40 ba 80 1a 31 c4 c4 32 8a 2c 0d 6c 66 80 8e 8f 4d db 19 10 26 dc d6 6b 6e 9a e4 06 a5 8b bd c1 f0 9b 95 e3 96 9b c5 70 5c 7e 19 9d 97 0f 44 87 9c 97 07 dc 40 e6 75 f2 3e 00 a6 74 cc 4d e7 c5 be 21 5a 41 e7 bf 00 07 2c 70 42 76 ea 99 e7 45 08 cf e0 28 a4 0c 37 bc f0 c3 0e 47 2c 31 c4 14 4f 6c f1 c5 15 67 fc d4 0d 02 a4 73 e0 56 9c 64 74 e9 a5 5f c1 e2 00 5f c1 88 6a c5 a7 6c 91 da d6 12 74 55 f8 29 0a 56 d0 d5 6f 87 ae b4 e2 ca 59 b1 6c b2 8d 2d 84 69 92 8f ad 53 ea ea 62 8c 2d 60 bb eb 61 52 de 26 a5 09 fb 74 3b ec b4 c4 1a 3b 43 b2 42 2e a1 43 6b 84 55 0d 03 15 51 7f cb 19 93 4b 0a 7b d9 0c 54 32 16 ae 95 c4 9d db 82 Data Ascii: E z("uJ1S`<b/*#dUf6`Ba@xfg@12,lfM&knp\~D@u>tM!ZA,pBvE(7G,1OlgsVdt__jltU)VoYl-iSb-`aR&t;;CB.CkUQK{T2
2025-01-02 05:12:34 UTC	4744	IN	Data Raw: 22 df b7 8a d5 99 1a 15 a6 04 bf 18 22 fa 04 80 00 40 2c 61 87 b2 61 de 12 87 85 c4 2e e6 26 1c 52 3c 9e fa 80 50 02 6e 94 40 7d 56 da 42 fb b8 11 c6 54 c4 ed 38 be 91 df dd 54 80 9c fb ed cf 39 78 c4 17 74 b4 e3 85 4d 91 c0 66 15 48 59 02 11 48 c8 41 1a b2 90 87 4c 24 22 17 39 1e 46 3a 52 91 90 7c a4 24 bf 73 15 06 5a 12 61 2d e0 a0 26 31 c8 c9 4d 7a b2 93 a0 fc a4 28 47 09 9f cf 51 4a 00 9c 28 cf 08 4f 65 97 14 96 6a 85 ab 8b 8b 0a 61 91 c2 b1 84 a5 66 9b 12 4b 87 f8 b2 3d 57 f8 32 42 ad d0 1d 8f 54 d4 02 62 e2 0a 88 42 2c 1e 16 7a 81 3e 6e a0 11 89 4d eb 96 f8 7a c5 45 2a 30 af 8d 53 14 52 8a 64 c3 a4 2c 6e cb 6c 52 9a 81 f1 ac 17 45 65 12 af 99 d3 c3 e6 32 c7 a9 3e 38 ba f3 6e 5c 62 d7 bd f6 a8 c7 e9 a0 ee 8f 1b c0 45 20 83 e1 ff 8e 49 46 d2 9f 8d 04 Data Ascii: ""@,aa.&R<Pn@}VBT8T9xtMfHYHAL$"9F:R\|$sZa-&1Mz(GQJ(OejafK=W2BTbB,z>nMzE*0SRd,nlREe2>8n\bE IF
2025-01-02 05:12:34 UTC	5930	IN	Data Raw: 8c 91 8a 5e 7a 29 61 84 77 be 38 60 47 1d 7b 7c 67 04 20 1f c1 27 8d 34 72 f4 11 48 24 df 51 24 95 13 c2 89 31 46 13 34 d1 a4 05 07 1c 20 24 9c 59 7e 39 01 08 18 b6 e0 46 cb 54 d2 51 60 8b d6 78 dc 91 0b 2e 0a 51 e0 04 2d 67 f0 c2 8b 0e 64 9c d2 00 2d b9 29 61 4d 30 d9 0c 4a c7 03 14 a1 86 49 26 61 80 e4 9d 4f f2 cc 53 01 21 fa c4 ff 93 c9 29 3a 68 e1 51 47 21 95 34 52 4a b9 ea 80 2b 4b 2d 4d e3 52 47 37 d5 b4 03 38 3b f0 14 4e 2f ac 30 15 16 fc 70 09 c6 c0 64 68 70 60 83 87 76 8a d5 26 5a 53 91 4b 90 2e 6c c8 b5 8b 90 54 f0 55 8f 12 4a f0 55 05 2f b2 28 27 8b 61 55 50 29 d9 60 93 35 a1 9c 61 8b 55 49 8f 61 83 3d e3 5a 3d b2 c8 e4 a0 59 65 cd 29 21 83 ca d1 63 dc 18 54 30 69 dc 33 f4 08 84 9a 61 f5 78 16 d9 61 97 ad 56 d8 61 9f f5 82 5c 65 55 88 81 dc 12 Data Ascii: ^z)aw8`G{\|g '4rH$Q$1F4 $Y~9FTQ`x.Q-gd-)aM0JI&aOS!):hQG!4RJ+K-MRG78;N/0pdhp`v&ZSK.lTUJU/('aUP)`5aUIa=Z=Ye)!cT0i3axaVa\eU
2025-01-02 05:12:34 UTC	7116	IN	Data Raw: 0c fb a5 98 22 89 54 9c 2d 96 50 24 24 49 05 15 c1 3a a7 40 cb 96 ff 26 44 87 c7 7b 12 8e f2 28 0c 36 c7 0f d1 57 a3 bd 3f e9 a4 de 19 0c ca 8d 5e ba da 82 1d 85 62 0f 37 61 a1 9c 1b 81 b5 2f d8 06 68 39 54 ff bd f0 2d 4a 65 1d ae 04 90 af 45 88 e2 19 39 c2 43 93 74 31 8c 21 2d 70 18 54 c2 92 90 9a f4 24 7a 40 89 18 ca e0 11 2c ac 40 03 3c 6c c0 0a b0 08 92 94 94 11 a6 31 dd 82 17 4d da c4 26 b6 81 80 34 a9 c9 00 0e 20 cb 2f 9a b2 28 3c 8d 60 86 1d b8 01 b0 62 85 ac 18 ee b0 87 b3 80 14 35 0e 95 86 65 11 6a 52 30 02 c2 0d 6e 75 02 20 bc 03 87 74 ca 0b a9 68 f5 00 52 31 31 26 40 88 a1 09 a6 a0 89 7c c0 ea 58 dc 78 40 af d2 80 aa 4c e1 8a 87 25 98 21 24 80 25 2c 64 f1 6a 26 3e 9c 19 0f 51 90 8f 2d d2 d1 5a d0 9a 23 1e ef d8 82 7c f0 91 5b 7e ec a3 b6 02 d9 Data Ascii: "T-P$$I:@&D{(6W?^b7a/h9T-JeE9Ct1!-pT$z@,@<l1M&4 /(<`b5ejR0nu thR11&@\|Xx@L%!$%,dj&>Q-Z#\|[~
2025-01-02 05:12:34 UTC	8302	IN	Data Raw: 29 ce 4e ed b8 c2 e8 66 26 0d 20 ac c1 b8 01 ef 2a 22 60 c2 e1 21 2e a9 05 16 8c 95 90 20 42 28 66 06 90 00 09 3a 00 09 4c 60 c4 32 b1 10 09 21 2a 5a a3 22 f6 4e 2d 42 6c ec c8 2e 11 21 f1 e9 00 2f 2d 68 4c 16 5d 2c 91 8a a6 01 a2 a3 01 a0 66 f8 7a f1 f8 f0 a2 6e a8 81 6a 14 83 31 b2 06 51 ee 8f d3 22 c3 6e e0 26 0b 8a b1 6d 02 60 f4 36 6a 6d da e6 6d 18 23 6e ff 94 c3 17 3f ca 36 36 4f 37 9c 31 34 82 c3 1a 7d cf 6d 4e a5 cf b2 d1 1c 8d ef 1c f7 82 71 7e eb 09 a3 d0 34 16 8d 4b 18 8d d2 50 c0 34 e6 4d 00 ec 51 9b 9e af 05 31 c0 46 34 04 fb ee e9 1e f7 42 fb 4e 03 1f 4f e3 05 01 d2 3d c8 ea 49 28 24 08 80 ea d6 e8 d1 3d 3e 8a da ca cf 1e ed 71 06 94 00 b2 6a 47 9b b4 a9 22 09 d2 2f 42 a4 20 03 12 ad 08 60 06 78 4d d7 90 d0 fa 02 50 24 57 32 22 5b b2 1e 39 Data Ascii: )Nf& "`!. B(f:L`2!Z"N-Bl.!/-hL],fznj1Q"n&m`6jmm#n?66O714}mNq~4KP4MQ1F4BNO=I($=>qjG"/B `xMP$W2"[9
2025-01-02 05:12:34 UTC	3672	IN	Data Raw: 00 81 29 d3 2f 81 02 07 16 34 28 ff 2f 5b aa 85 0a 05 8c 1a d5 49 e2 44 8a 15 4f 55 dc 44 4a c0 ac 4b 99 b8 61 29 a8 8e c2 c8 14 14 d8 94 30 b1 25 90 09 6a 98 4c 04 42 59 02 53 89 40 5b 4c c8 a4 79 93 25 b7 97 40 58 ea 8b 79 73 a6 89 94 26 f4 29 cc 26 48 50 36 7f 9c 1e 6e b2 18 55 ea 54 8a 0f 65 09 f0 73 40 eb 56 ae 5d bd 7e ed 3a e3 d5 b4 39 1c cc 42 d8 40 b5 d3 06 b3 18 da 22 83 2a 55 59 5b b7 c5 4e 90 3a 41 a0 2d 07 0f 6a 3b 79 70 ab 36 88 d9 8b 51 19 b8 45 0c e1 6c 10 12 c1 16 08 63 40 40 b2 32 64 c2 36 0c 76 ab 38 b1 db 5d 53 51 ed 55 16 b7 f0 44 12 66 51 61 5c cb c1 6f 27 cc 1c 30 cc 98 55 1a 31 81 d5 a8 6d df c6 2d 91 81 6b 0c 53 4b 9f 16 5d 5b ae 5b da a8 35 bb 9e 36 4b c0 8d ae 94 c0 3e d7 aa 71 5a 66 b3 2d 0f 12 bc 9e 5d 3b f6 ed dd bd 73 6f 0d Data Ascii: )/4(/[IDOUDJKa)0%jLBYS@[Ly%@Xys&)&HP6nUTes@V]~:9B@"*UY[N:A-j;yp6QElc@@2d6v8]SQUDfQa\o'0U1m-kSK][[56K>qZf-];so
2025-01-02 05:12:34 UTC	10674	IN	Data Raw: 2e ad d5 08 55 ec 0c 9c 8d c6 60 e4 85 5d 70 24 6e d0 4f b8 2d c5 4b 2c bb 1f c8 44 31 d1 db b6 35 3d b2 9b 86 b8 95 50 16 a5 5b d3 4b 17 17 82 51 4c d9 48 9c e1 c9 c9 2b 1d 7a 89 81 32 88 81 21 20 84 12 a0 80 3e 00 dd 3e a0 00 6b 88 b1 df 9a dc d3 4d d3 35 cd 49 7b 7c c4 7f 69 91 d7 d5 03 74 cc dc 9b 90 5d 87 14 99 21 c8 dc 18 28 01 15 c0 5d 74 24 0a cd 1d 02 87 0c 87 28 90 80 28 30 de 13 90 10 80 79 0a d5 ad dc e6 9d 5c 2d 8b d9 03 30 be 65 98 bf 6b 38 55 40 55 85 47 05 d5 b2 54 4a 3a c5 de ed 55 85 4b 23 9c 62 38 c1 20 f8 5e 3b ff c5 de 3b 13 d6 93 c4 be eb c5 06 71 b8 d4 f5 01 df eb 3d 49 40 35 33 58 98 df 44 c5 06 58 7d df 53 bd b3 61 a8 df 00 a6 d4 fc 3d c9 23 30 d7 03 d6 d5 04 be d5 a1 9c 5f 04 76 e0 04 0e e0 50 8d e0 f3 a5 df 5c 98 60 46 f5 00 b0 Data Ascii: .U`]p$nO-K,D15=P[KQLH+z2! >>kM5I{\|it]!(]t$((0y\-0ek8U@UGTJ:UK#b8 ^;;q=I@53XDX}Sa=#0_vP\`F
2025-01-02 05:12:34 UTC	11860	IN	Data Raw: a0 ff a2 9e d8 90 14 f6 a9 14 3b 54 3e 0e ee ad 56 33 10 fd 60 16 38 61 e7 5c 55 3d 95 30 39 71 44 a0 60 80 05 d1 a2 bd 74 13 d4 80 ea 05 d7 73 63 39 36 d4 80 aa 2d 1a 76 0a d9 42 3b d1 70 2d 52 d2 61 db 93 8c 60 ad 4d d7 93 73 a6 80 0a 08 60 06 62 36 66 8b 61 06 64 76 06 e8 86 04 36 b6 3a 39 16 3b f1 02 3d 7f 53 3f 99 90 63 f1 03 db 3a f6 68 91 d6 06 97 ca 68 b1 67 3e eb d3 40 97 f4 01 a4 96 ab 6c ae 2d 02 01 43 b1 b6 3f 73 71 7c ba cb 05 78 e7 e0 5c a0 bb 1c 2e 3f b2 b6 6c d5 e1 3f 71 f4 2d 6a a5 69 67 8e 49 05 f1 15 ec c2 6c c7 29 17 49 a0 56 bc f6 60 ef 33 8a 2e 14 6b 8b b4 56 aa 96 6c e5 76 45 f5 c1 e9 1a 2b 12 3f ae b5 2e b1 46 55 d4 41 bd 6e a8 08 20 15 6d d1 46 17 77 6b c1 0e 43 71 14 05 ce 16 43 19 d6 e7 ee d3 60 a1 b6 73 f9 49 6a d9 51 77 14 6e Data Ascii: ;T>V3`8a\U=09qD`tsc96-vB;p-Ra`Ms`b6fadv6:9;=S?c:hhg>@l-C?sq\|x\.?l?q-jigIl)IV`3.kVlvE+?.FUAn mFwkCqC`sIjQwn

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	608	OUT	GET /318d22cf923239b38dec8c9337224fb4.gif HTTP/1.1 Host: go.imgmimi.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:34 UTC	962	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:34 GMT Content-Type: image/gif Transfer-Encoding: chunked Connection: close Last-Modified: Mon, 04 Mar 2024 13:40:35 GMT Vary: Accept-Encoding ETag: W/"65e5cf53-61f75" Expires: Tue, 28 Jan 2025 13:32:42 GMT Cache-Control: max-age=2592000 CF-Cache-Status: HIT Age: 315592 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j6odW6B%2FkJKZxbRGcC%2FWKUwgqxPfHDswsmj%2Bl0434W2T%2FWwusDywqpvEDfWOD8fS0Q7XaiCVwKMj49y%2BDnInMHjOzR3W2AdiRs7n0%2Foi%2FApHwNm%2B%2BfLmC7phY1u71R5M1w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb84141c9800fa8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1648&rtt_var=824&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4190&recv_bytes=1186&delivery_rate=178113&cwnd=252&unsent_bytes=0&cid=a0f66e7a5b09673e&ts=172&x=0"
2025-01-02 05:12:34 UTC	407	IN	Data Raw: 37 63 61 64 0d 0a 47 49 46 38 39 61 14 05 c8 00 e6 00 00 5f a7 f3 b2 a4 98 01 91 f0 f0 db d0 fc 59 16 fb db 64 dc cc b7 ea 20 e0 fc f1 d4 ed 60 5a f7 9c 0e 01 71 ef da d8 cf f5 d3 b7 e4 5d eb 8f b5 ed 67 59 54 e6 a3 f4 fe fe 04 b9 ef f8 00 51 dd 91 6d 57 fa 01 00 aa 8e 71 d3 b6 96 d4 b9 b0 1d 10 0b b2 d7 fa d9 00 00 d5 da f6 05 4b 9c 13 9f 03 1c 04 46 b4 04 04 fc d6 8c 93 d0 fb 01 66 dd aa 5a 1f fd f6 b4 72 fa 52 46 2a 20 63 d6 fd 62 45 32 ae dc a0 fb b7 6d f8 b5 b5 fb b9 43 f4 d7 f6 8d fb 6b 5d 69 8d 2a 90 f6 f9 26 03 f9 92 91 fc b4 91 ff fc 86 fa 29 28 06 af f8 00 88 da 77 92 ad 33 af fc fe 84 44 db f0 d8 45 25 55 01 51 f0 da 91 90 fd 93 6d 29 cb 0c bc c9 d4 d4 b1 70 d6 2b 28 c3 2a f3 27 73 ef 61 b4 55 1d d0 ff 8a 78 8b 27 6f d7 e9 72 84 52 7c db 50 e0 Data Ascii: 7cadGIF89a_Yd `Zq]gYTQmWqKFfZrRF* cbE2mCk]i&)(w3DE%UQm)p+('saUx'orR\|P
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 ff 0b 58 4d 50 20 44 61 74 61 58 4d 50 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 31 2d 63 30 30 30 20 37 39 2e 39 63 63 63 34 64 65 39 33 2c 20 32 30 32 32 2f 30 33 2f 31 34 2d 31 34 3a 30 37 3a 32 32 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 Data Ascii: ETSCAPE2.0!XMP DataXMP<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.9ccc4de93, 2022/03/14-14:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: fe fb 32 a9 1b c3 58 7f 2a 6e ba 78 b0 e3 c7 89 09 73 6d 4c 79 72 e5 92 53 b6 6a b6 5c 53 32 e7 c8 97 9d 55 1d 4d 3a 5d bb cd 9f 53 ab 9e 17 c0 6d dc b6 6b 0b f2 6b ab 10 2d c3 da 59 d2 52 41 01 f7 f5 6e 14 01 f6 e6 b5 3b bc 38 63 e1 c6 93 43 f6 cc 7c b9 f3 e7 d0 43 4b 9f de 39 ba f5 eb ab a9 6b cf 0e 1a b5 77 ee df 9b 77 17 bf 12 6a e9 f3 e8 c3 ab 07 bf da a0 6f d7 70 17 e2 96 6f fb f6 42 de 72 df f7 f6 97 61 bd 45 e4 e4 29 27 60 75 d8 15 18 e0 76 04 22 58 60 66 fe 29 c8 5e 82 10 46 28 a1 83 13 1a a8 0b 83 0d 1e 67 e1 83 14 8e e7 21 87 03 02 63 47 88 1a b6 34 04 7a 28 8e 56 06 88 2c b6 a8 0a 6e fb c9 76 56 05 17 d4 68 23 8d 38 d6 27 a3 6b 3c ea 18 57 70 1b 92 28 64 85 00 fe 67 64 87 07 06 49 e4 ff 92 4a 22 f5 61 93 19 32 09 a5 94 53 22 69 e5 95 2e 66 19 Data Ascii: 2X*nxsmLyrSj\S2UM:]Smkk-YRAn;8cC\|CK9kwwjopoBraE)'`uv"X`f)^F(g!cG4z(V,nvVh#8'k<Wp(dgdIJ"a2S"i.f
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: e4 14 ec 69 51 9b d1 d6 76 14 ad 33 1c 2b 62 0d 8b 24 74 be 93 ad 29 05 87 f2 e0 2a aa 8f ce 35 2b 6e 8a 11 5e 27 48 5c bd d2 54 65 7d e5 17 11 6e 55 57 0c 22 c0 b5 85 85 dd 45 7b 3a 05 2e 2e 36 a1 8f cd 2e 64 1f 60 5d a1 92 81 01 94 05 ed 68 45 bb 59 02 98 97 b3 e5 45 6f 7a d5 4b de f1 8e 36 5e d0 5d 10 6d e3 cb d1 fa d2 d7 be b0 fd 6d 7e 59 6b 0b 3c 5e 0e b7 bb f5 61 80 01 1c d7 b3 de 37 1e b1 b2 67 ad f2 3a d8 bd 2e 31 91 75 b2 d9 ff ea 18 92 44 0c 04 d7 7c 80 3c 8c 6a cd 1a 24 a0 5e 77 a1 8d 05 f1 76 15 fb 58 85 de 0a a9 ec 5d ef 79 55 bc e2 16 b3 d8 b3 2f a6 ea 81 57 1b 5d fc d2 f8 c6 61 6d e3 7e 6d ac 5f 03 ef 38 c7 4d b2 2d 39 f4 c8 ce 22 23 e2 b6 10 85 9e 19 63 eb db 03 1a a0 02 76 2d 64 f6 18 6c 5c 08 d7 28 c1 39 c5 d9 95 bb 20 05 b1 f1 32 b5 f3 Data Ascii: iQv3+b$t)*5+n^'H\Te}nUW"E{:..6.d`]hEYEozK6^]mm~Yk<^a7g:.1uD\|<j$^wvX]yU/W]am~m_8M-9"#cv-dl\(9 2
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 84 a7 07 8e 25 78 1c 5b 88 57 74 42 74 10 f7 7a a2 e6 96 9a e6 6e 32 d5 84 6d d3 8e 03 81 6a 35 10 3a e3 c8 1b 40 e2 1d 1a d9 7d c3 56 91 7d b8 59 18 a9 8f 8a b9 72 88 55 ff 80 86 77 37 00 50 90 04 49 7d 43 d0 7c 70 98 70 0c d5 05 f7 58 02 ad 44 91 65 67 98 5a e9 31 9e 09 91 cb 72 92 5f 79 88 61 b9 28 a6 79 9a a8 49 13 ab c9 9a b0 09 93 85 a8 92 b1 59 9b b1 89 09 b6 99 9b b6 49 0c 23 a9 9b 31 59 75 a9 29 09 29 60 8a 92 18 9c cd d0 9b ac a9 93 8a b0 92 b0 a9 25 f5 88 95 d0 79 94 a1 a9 1e 56 b9 8c d1 09 95 49 49 9a a8 d1 7b d6 79 9d 4f e9 8b 30 81 9c b2 e9 9b e3 49 9e e6 29 8b de 60 84 2a 42 24 ea e9 00 8b a9 96 ea 71 69 3a 10 97 ea 48 9f f4 66 2b 58 f8 3d 38 f2 96 b4 77 8e f8 51 02 b1 92 10 25 30 7e 0d 40 04 37 a3 04 c5 82 8b 14 a7 00 0a 20 86 9e e9 99 d3 Data Ascii: %x[WtBtzn2mj5:@}V}YrUw7PI}C\|ppXDegZ1r_ya(yIYI#1Yu))`%yVII{yO0I)`*B$qi:Hf+X=8wQ%0~@7
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: b2 35 48 4c 68 bf 29 53 c0 4d a8 37 6a 63 c7 f4 5a 5c 57 65 6a fc 50 c7 39 53 03 7f 45 b8 45 f1 9c 2f b6 99 23 3c 73 0f 48 c9 73 0b 0c 95 6a 81 b5 ba 92 3a a9 cd 9e ea cd 49 70 ba ab 4b ca 24 fc 7d a8 dc 3a 09 80 b2 b0 bb c2 78 18 8e 5a a5 c3 ba 2b 07 37 fc ca b1 68 ac ae 70 c3 93 d7 76 41 3c 07 2a 3d 9b 33 3d 6b c4 b9 b4 af 1a 9b be 7c d3 42 2b a4 5d ec cb 2d 2d 03 21 09 d4 2e 3d 9b 25 92 c2 d6 0c 95 0d ad 0d a0 dc d4 d7 f9 c4 af 10 06 52 1d 9d ce 18 d1 16 8c 0d 4a c6 32 63 9c c6 9f ec a6 e5 6c ce dd 72 2b 88 ea c6 6d 7c d6 11 0c c7 93 5a 12 7e 4b 11 fe 19 2c f8 0b c0 7b 6a c7 4e d8 ae 51 15 6f bd 04 05 73 22 b0 76 05 16 74 83 bd 0d ac c8 c9 08 04 a9 ab d5 94 8a ff c1 81 77 a1 8a 68 14 1d bc c9 38 d8 04 8f 1a bb a3 1a 91 c3 a8 ca 23 5d d2 a8 9c b2 d2 2c Data Ascii: 5HLh)SM7jcZ\WejP9SEE/#<sHsj:IpK$}:xZ+7hpvA<*=3=k\|B+]--!.=%RJ2clr+m\|Z~K,{jNQos"vtwh8#],
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 4b 26 c6 b8 ec f4 e9 73 d4 b2 a3 38 57 b6 24 ca 33 8c 01 9b 38 5b 0c 65 0a 93 c6 8b 9a 2a 13 50 ed 59 75 1d d6 82 5f c3 8a 05 09 76 65 d2 b3 68 9b 99 4d ab 2c 82 83 03 70 e3 1a 81 1b 01 ec db ba 8b dc ce 95 0b d7 01 de 45 6f f9 f2 fd 8b b4 c3 5a b2 67 31 74 51 e0 a2 80 e3 c7 8d 19 b3 80 6c 83 72 bb a7 03 32 f7 d8 ac b9 18 e2 b2 6a a1 1a 16 3d 6c 05 86 d3 17 52 07 c8 60 80 75 6b d4 98 3b 37 98 ad b9 45 ff 6d d9 b8 6f d3 7e bd 5a b5 0a 0d 1a 54 08 a7 02 1c 85 f1 e3 c1 89 1f 87 30 d6 ab f3 e7 9e a1 47 6f 4e 6c 8a 9d c2 a1 0f d3 e4 4c fd f3 f4 ef da 8d 09 22 c4 09 91 be 52 43 30 49 fc 05 40 bd a6 6f 84 e2 c0 71 05 2a 55 ec 4a a8 5e 4d a5 bf 3f 81 ac ee a0 05 08 e0 80 04 7a 27 dd 4a 1d 95 04 df 68 e1 1d b8 56 82 0a 2a c2 51 45 16 85 e4 91 84 00 51 f8 51 58 23 Data Ascii: K&s8W$38[ePYu_vehM,pEoZg1tQlr2j=lR`uk;7Emo~ZT0GoNlL"RC0I@oqUJ^M?z'JhV*QEQQX#
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 42 e4 61 3a 2f 64 ab c4 49 33 59 11 65 51 bd 8e f8 aa 91 ac b3 9d 29 1a ea 2e 1c 4a a2 b6 92 b4 41 fb 54 1d 0e 75 06 b1 83 2e 89 a5 51 f9 ff a7 db ca a0 d0 ad 32 31 34 4b dc 0a f0 f8 25 59 c5 8a 85 b0 80 1d a7 68 47 bb 20 30 d1 71 7a cd bb 63 59 4f 2b d2 64 36 43 0a d9 23 00 cc fe 44 33 ef b9 56 b0 d8 91 a9 f9 6a 4a d3 f4 f5 76 a6 bc dd 64 14 50 03 bf 4f f6 d4 53 bf 51 c1 05 70 6b c9 03 19 15 66 cf 05 54 f8 6c e1 ca a5 ce b2 a9 b7 bd ee e4 1a f8 8d e6 62 f3 a9 98 18 1b 7b d8 e9 1e ad 7a 10 b2 8b 10 18 58 8b a9 1f 64 31 b7 ac 1c c2 6e 39 31 87 4e 53 81 ce b0 49 7c ab 81 8c 28 d7 3c ac 35 44 d7 9c 6f 5a 1f 14 da 87 ee 15 c0 66 01 e2 a1 1a 37 d1 af c4 f3 5d f8 3d ac e9 98 d0 59 99 64 f1 95 13 a0 f0 c5 be 93 59 d7 21 93 b1 1d 06 a8 c3 84 54 e1 1f 05 54 2c 21 Data Ascii: Ba:/dI3YeQ).JATu.Q214K%YhG 0qzcYO+d6C#D3VjJvdPOSQpkfTlb{zXd1n91NSI\|(<5DoZf7]=YdY!TT,!
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 83 a6 c8 77 5d e0 77 51 97 13 e4 b6 28 ad 58 78 42 b3 8a b1 48 53 50 50 8b b6 78 8b 05 29 76 97 74 15 35 33 33 9a f7 8b 90 51 7b 3a e8 79 c3 f8 86 c5 f8 92 e2 d3 85 e1 c5 87 44 78 0f d3 88 8c f0 f1 06 16 d7 6d cb b5 35 ea f5 36 c4 02 04 e7 08 8e 66 75 85 ea f8 2e 19 23 90 55 c9 21 bb c4 88 02 39 97 74 59 60 70 e5 86 65 91 8f c5 97 42 5e a2 60 9f d5 96 e2 f2 03 b7 54 8f 77 79 98 6f 30 95 87 f8 13 68 c9 6d b9 06 07 89 28 71 01 10 88 93 a5 77 ec 77 7f 39 f9 15 94 c9 4f e0 c6 77 e6 17 97 1e 79 98 a2 e9 6b 30 25 80 95 08 12 cc 23 32 34 01 27 2a 69 9a 29 09 93 b0 69 13 ae 41 0a f2 26 6d 17 08 5d 36 f8 77 d4 46 4c 09 49 35 3b c5 8a e4 36 ff 84 45 36 5c 25 a0 06 40 39 79 c0 d9 78 f7 46 94 f5 86 5c b6 a7 83 31 a8 48 9b e7 94 01 d7 05 51 00 9d 2e 59 85 c4 18 1e ef Data Ascii: w]wQ(XxBHSPPx)vt533Q{:yDxm56fu.#U!9tY`peB^`Twyo0hm(qww9Owyk0%#24'*i)iA&m]6wFLI5;6E6\%@9yxF\1HQ.Y
2025-01-02 05:12:34 UTC	1369	IN	Data Raw: 4c bb c2 a7 12 8f 4a 69 c2 1c c5 9a 63 05 b3 8c ba b2 fc cb 4b 78 cc 73 29 b4 06 91 14 5b 3c c6 a5 3a bd 51 fb 25 12 39 15 d7 ac bd 16 3a b0 5b 52 cd 56 3c 3b d9 6c a3 60 f1 ba d9 20 c5 73 20 be bc fc a7 6d fc 4e 6f 4c 09 11 30 48 74 34 b6 a5 60 c7 f3 0b ac d9 a5 41 7e 37 8a 7a 82 ac c8 fa c7 d5 ba b7 82 1c 64 3d 2a d0 87 4c b7 bd 91 c0 fb 0a 04 65 e0 d0 0d ed c0 12 1d ff b8 14 fd 9b b3 21 c1 95 ac 5c 47 2b ae 79 b2 b6 7a 32 82 e6 26 95 a0 1c ca a3 1c 4b c7 58 c2 28 8d b9 2a 5d 84 2a e0 87 ab cc 5e 97 fc ca 65 9c 44 4b 3c bb 9b db b3 ec 1a 38 ce ac cb 26 fc c3 d0 ec 88 c1 cc cb 45 2c cc 84 59 2a 3c 4b 22 e0 49 95 ca d2 ba 08 c1 ba b6 e5 ca d9 d2 a9 dd ec cd 93 e5 89 cd 3b d5 54 cd 74 2e 1c 3d 96 85 d5 5e 0d aa a9 f8 71 35 7d cc ef c4 ce 42 3c cd b0 4c 4b Data Ascii: LJicKxs)[<:Q%9:[RV<;l` s mNoL0Ht4`A~7zd=Le!\G+yz2&KX(]^eDK<8&E,Y<K"I;Tt.=^q5}B<LK

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.rr8844.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 205

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 210

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Chrome Cache Entry: 217

Chrome Cache Entry: 218

Chrome Cache Entry: 219

Chrome Cache Entry: 220

Chrome Cache Entry: 221

Chrome Cache Entry: 222

Chrome Cache Entry: 223

Chrome Cache Entry: 225

Chrome Cache Entry: 226

Chrome Cache Entry: 227

Chrome Cache Entry: 228

Chrome Cache Entry: 229

Chrome Cache Entry: 230

Chrome Cache Entry: 231

Windows Analysis Report
http://www.rr8844.com

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	612	OUT	GET /wns1300x200.gif HTTP/1.1 Host: sezhang.s3.ap-southeast-1.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	448	IN	HTTP/1.1 200 OK x-amz-id-2: UY9VTU6SihUP6Zb+6/2TMsJiVfn69l0AArq+7laWH0EIzKHijyiPmXUQZA4aBXKXDwRDreZmGr2mbuXUnm51vAfKQEtA0EEUDgDuULHsMRA= x-amz-request-id: PR4TV0AZNR1DXP27 Date: Thu, 02 Jan 2025 05:12:36 GMT Last-Modified: Tue, 10 Dec 2024 11:40:45 GMT ETag: "6f3da74816d4b2b65413f732991f8c10" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: image/gif Content-Length: 569641 Server: AmazonS3 Connection: close
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 14 05 c8 00 f7 fa 00 10 03 02 16 06 02 17 0b 01 1c 0a 08 1d 03 04 1e 12 03 21 14 04 2b 0e 03 2e 15 11 2e 21 13 3b 32 24 3f 23 1b 4a 3b 2f 4d 35 20 56 46 36 5c 54 42 17 00 02 18 04 04 21 03 04 2d 04 05 67 4f 35 69 5c 44 6b 62 47 79 5d 3f 7a 63 41 7c 6c 51 85 75 4f 86 71 5e 89 7e 5e 2f 11 08 3d 04 05 40 15 0e 4f 21 1d 69 52 42 7a 42 23 8b 6f 4d 99 7d 63 a1 89 73 40 06 09 5a 3b 2f 8b 63 45 99 79 61 79 51 3e 98 6e 65 4f 0f 0a 4f 15 10 40 01 08 60 21 1f 3e 00 05 15 00 00 33 02 07 17 00 00 62 38 1e 37 00 05 41 02 07 44 00 07 1f 00 03 1f 01 03 2c 00 05 2d 25 1f 3e 38 2d 76 69 5f 0b 06 04 4c 0e 07 2e 00 03 0b 01 00 66 26 3b 21 00 04 29 00 03 1a 13 0c 54 46 24 5f 49 21 95 77 4c 9c 82 62 5e 1f 15 55 50 40 7e 6a 40 98 82 4c 9f 89 65 a5 98 77 a6 9b Data Ascii: GIF89a!+..!;2$?#J;/M5 VF6\TB!-gO5i\DkbGy]?zcA\|lQuOq^~^/=@O!iRBzB#oM}cs@Z;/cEyayQ>neOO@`!>3b87AD,-%>8-vi_L.f&;!)TF$_I!wLb^UP@~j@Lew
2025-01-02 05:12:35 UTC	576	IN	Data Raw: f1 b7 86 6b eb 84 a8 53 6e b8 f9 90 41 ba ae 6b 55 6e b5 53 b9 ab 01 d4 78 01 08 c0 8d e3 b8 8e 33 5b 03 a4 03 2f d8 b4 b1 96 66 03 cc 35 12 47 83 11 44 ff 66 ca 9e 72 8d 02 e9 59 26 f6 2b 3f 79 bf c6 b2 61 4b 49 5d 41 89 96 b8 55 2c 2b 09 5e f1 f2 38 47 51 fc fa 72 93 02 b3 30 9f c1 30 53 ec a3 88 81 06 0c 80 03 2c e6 b1 69 4a a7 20 c1 02 5c e9 a7 b4 a9 17 30 81 31 52 66 67 ad ac cb aa 56 13 34 c1 18 95 11 a0 07 ba a0 03 7a 9f 27 01 12 18 ba a1 77 41 12 28 fa 69 ad 56 14 48 41 18 40 7a 01 97 26 2f eb 6c 6e 7b 4b 1a 38 c1 f0 09 9f f0 dd a9 6b b2 f3 0c 0c ad a2 c2 33 d4 32 83 70 33 2d a1 d2 a3 09 a8 00 09 e7 33 c1 49 ad cf 22 27 6b c2 70 c5 38 60 73 0f 34 ae 13 34 09 4e 67 1e 88 44 34 50 03 8b 45 43 47 97 a0 33 e8 d2 f3 86 b4 55 84 f7 06 d6 97 48 98 44 4c Data Ascii: kSnAkUnSx3[/f5GDfrY&+?yaKI]AU,+^8GQr00S,iJ \01RfgV4z'wA(iVHA@z&/ln{K8k32p3-3I"'kp8`s44NgD4PECG3UHDL
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 37 4f 4c 7e 34 0c 28 4f 38 f4 89 2c 34 79 63 7b 18 07 4e e8 8f 02 df 1e 84 5f 7c 3b 45 84 bb bc e7 be 44 5c dc 4c ef 5c 87 c1 80 29 50 bb e5 2a 8e ae 3e 06 0b a0 c2 23 98 c2 28 8c c2 e4 b3 bb 48 8e 04 2f 2c af f2 ae b7 f2 a2 77 8a bc 83 f4 db 77 ca cb 37 7e e7 f4 68 7c 61 f0 c6 86 1d 4a 0f 55 3f e5 9e 2d 03 fa 93 e1 df 49 ab ef c2 94 4c e1 f1 87 6a 6b c3 1b a2 1f e7 9d de 09 22 6e bc 82 fa 77 6b 7f 00 44 2e 81 03 a1 19 5b 56 26 58 42 60 0a 17 32 64 78 06 d6 29 61 99 2c 55 b2 b8 08 10 a0 3b 76 38 ce f1 e8 d1 40 81 90 02 48 96 1c 40 f2 11 3b 6f f6 58 b6 c4 e7 92 25 3c 76 82 02 00 b0 09 60 10 3b 78 2f 79 c2 e4 d9 6d 1d a1 9b 41 88 16 55 64 f4 68 52 a5 92 96 32 75 da 14 aa d3 21 3a a6 56 9d 60 95 08 d5 ab 5a b3 76 e5 fa d5 ff ab 55 1c 59 25 8c 35 5b 16 ed 59 Data Ascii: 7OL~4(O8,4yc{N_\|;ED\L\)P*>#(H/,ww7~h\|aJU?-ILjk"nwkD.[V&XB`2dx)a,U;v8@H@;oX%<v`;x/ymAUdhR2u!:V`ZvUY%5[Y
2025-01-02 05:12:35 UTC	1024	IN	Data Raw: 5f ff 3c 7e 91 23 d7 71 11 b4 78 0f 32 14 aa a7 73 bc 16 6c 5d 36 f9 5b e6 6b 80 c0 21 30 c7 40 09 05 0f 22 24 98 70 e1 41 08 33 1c c6 00 20 71 62 10 8a 15 2f 2a c2 98 71 a3 24 8e 1e 3b 7e 0c 29 72 24 48 92 26 4b 7a d4 a8 f2 64 ca 95 16 5d c2 8c e9 43 e6 4c 8a 01 2c 0a f0 91 73 a7 80 1d 4e ae f0 39 13 74 28 51 3e 49 16 f0 14 b0 40 c3 97 a2 4e f9 5c 89 1a 55 8c 93 06 05 72 16 48 80 64 8b 98 3e 5e b7 78 35 b3 c5 0c d9 b2 64 c3 a0 45 db e5 88 81 a4 6e dd 2a 68 e2 65 6e 14 ba 75 ed ce 3d 32 a7 6d 81 06 72 ef e2 05 2c d8 6e da c2 61 cc 1e 4a 9c d8 6b 1f 31 8e c5 18 8a 2c d9 50 17 a4 03 04 5c ce ac 79 c0 89 2d 69 3e 83 56 23 7a b4 16 07 7c 2f 27 90 a2 a6 cc ea 32 ae 5f bb 1e b3 a1 c3 81 03 27 b0 c0 ce 0d fb 02 ed 06 54 74 b7 ff 81 ad a6 04 88 0f 26 8c 1b ff 61 Data Ascii: _<~#qx2sl]6[k!0@"$pA3 qb/q$;~)r$H&Kzd]CL,sN9t(Q>I@N\UrHd>^x5dEnhenu=2mr,naJk1,P\y-i>V#z\|/'2_'Tt&a
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 20 ac 2f 5d 78 0c c8 c2 92 98 81 ad a1 60 69 69 82 55 f0 b7 b0 56 61 00 63 78 e1 e1 aa 2c 16 98 23 06 26 2d 73 31 cc c0 02 f6 15 91 4d 46 32 95 f9 e1 66 12 90 04 34 b8 2c 66 ee e1 42 c2 d4 64 01 2d e8 0c 38 6a 98 82 55 10 90 81 31 00 27 37 57 38 41 6f a6 93 46 d6 10 07 39 5d 83 ce 77 b8 03 1d e8 94 2d 6b 58 5b 5a 1a 9a 06 b5 e5 d4 31 90 e0 69 ce 77 c6 73 9e f4 b0 47 6d 68 83 0f 1f 50 c0 82 b7 41 d2 3c 26 5a 50 de 2a 49 20 4a fe a7 41 0f 0a dc 84 1a f1 80 0a f0 c0 70 9d 60 44 e2 18 b1 03 0b c5 c1 13 0f 20 dc 03 36 d4 21 1a 54 ce 73 b2 9c 25 2d 6b b9 1f d0 dd 2e 97 ba c4 1d eb 78 e9 4b 2b f1 2e 98 c2 44 9d 92 48 f7 4b 60 ea c0 77 ca 0c 5e 9a d2 b4 19 8a 41 b3 78 6f 32 15 fa 22 c5 be f6 49 cf 9a a4 ca 54 f9 ba 89 3e 44 a5 ff 4f 9b e2 8c 9f 37 cb 09 4e 6d b2 Data Ascii: /]x`iiUVacx,#&-s1MF2f4,fBd-8jU1'7W8AoF9]w-kX[Z1iwsGmhPA<&ZP*I JAp`D 6!Ts%-k.xK+.DHK`w^Axo2"IT>DO7Nm
2025-01-02 05:12:35 UTC	1024	IN	Data Raw: 80 09 06 dc 01 01 f1 ca 00 1c b6 a4 82 70 78 e9 16 85 30 05 2a e0 a0 a6 64 8c 63 91 1b a0 12 26 36 d1 08 54 f0 89 4e f1 80 86 9e e6 d4 a7 3d f9 89 21 74 12 54 06 96 d5 05 87 4d 8a 51 ab 9c 80 2a 59 a9 ad 35 70 ab 11 98 58 01 26 42 c5 a9 5a 36 62 07 21 20 41 09 28 49 ab 77 9c 40 98 27 50 00 ac 18 80 2a 64 d6 4a 99 9e c8 15 26 7a 80 09 eb 68 50 5f 3b e8 c4 9b 46 90 46 2e 24 6b 69 6b 18 01 b6 66 e0 cd 6f 86 13 9c e3 14 67 39 b1 85 00 65 61 6a 63 ff f2 17 3b dd 89 85 0a 11 23 89 33 4b 22 32 a6 01 c2 99 fd ca 5e ea 22 46 28 3e 48 2f 05 f9 42 0b 32 82 42 bb 42 b1 09 62 08 e4 0d 16 58 96 17 12 00 31 88 5e 2c 00 12 6d 61 45 53 88 82 58 ae 21 53 8d 20 63 3b 3d 56 2e 2d fc a2 1c c6 28 07 24 4c 96 06 35 5c 21 83 c2 4a 11 08 99 79 ff d0 50 10 63 16 59 c0 c2 c9 d0 e0 Data Ascii: px0dc&6TN=!tTMQY5pX&BZ6b! A(Iw@'P*dJ&zhP_;FF.$kikfog9eajc;#3K"2^"F(>H/B2BBbX1^,maESX!S c;=V.-($L5\!JyPcY
2025-01-02 05:12:35 UTC	1749	IN	Data Raw: 02 fd ec 57 5c b4 27 82 05 6a df 9f ff 9a 11 40 f9 c8 07 ba 3e e0 00 17 be b0 0b 41 5c e0 02 7f 18 41 12 c0 6b c1 e6 54 61 0a 49 78 c2 90 c8 30 5e 89 4b 9c 0c 56 40 06 28 a8 d9 41 c8 73 90 bd 93 df 43 79 52 11 8b 4a ac 50 f3 ec 59 0f 0c fd c0 07 1a fa f7 c5 3c 24 fd 07 36 70 20 83 cd e2 89 9e 60 a2 a8 1f fc 06 05 09 b1 60 d0 d1 42 18 c4 30 85 5a 51 73 c4 19 1e 00 02 2e f0 dd 01 5d b0 0a 3d d8 c1 8a 7a df 7b 2e 50 81 8c cb bf 02 85 9d df fc 2b a0 51 0c 13 5e 83 8b 61 0c 60 17 e0 30 8e 73 d4 a4 26 fb 94 27 3e 56 e3 08 3c f8 83 9f 28 b1 22 06 a0 80 84 22 10 c1 08 40 60 02 1e 7a 20 0f 5d f0 c2 33 20 11 82 ea 04 a2 14 0b 90 c3 28 b2 cc 65 3c e1 b2 3d f9 32 78 b0 85 3d 51 86 31 33 25 35 42 14 1c 50 33 34 6b 25 08 7c 40 6d 31 ff 94 29 60 97 50 98 06 4f 00 05 21 Data Ascii: W\'j@>A\AkTaIx0^KV@(AsCyRJPY<$6p ``B0ZQs.]=z{.P+Q^a`0s&'>V<(""@`z ]3 (e<=2x=Q13%5BP34k%\|@m1)`PO!
2025-01-02 05:12:35 UTC	9000	IN	Data Raw: c7 3f 0d ad 84 4c 2b 5d 78 3a 52 68 2d 80 dc de f1 99 c7 42 bd 47 c0 e8 df c1 d8 d1 c8 e8 ff 03 df 72 48 e1 1a ae 88 2c 0d 8a 64 bb d7 78 8d d8 00 97 cf 9b bb 0d 18 01 38 e0 05 54 68 82 27 70 20 c0 6b d5 12 08 81 0d f8 bb e5 c0 a0 42 94 3c ec c0 d5 99 8c 49 f6 52 00 56 18 05 47 08 04 16 c2 af 00 98 1b 39 d8 82 9e f4 49 fb b8 be 1f e9 01 66 4d 90 03 99 85 80 2a 30 d9 a3 56 68 a5 85 da 60 96 6c 0d 01 2a fe 22 46 4b 00 05 08 81 12 78 83 10 08 11 09 22 d7 0b f2 5a 4c 00 83 6d eb 30 02 19 a1 42 80 d7 b4 a4 57 1f c8 00 da d8 02 7d 45 56 b9 ac 01 80 95 34 5e c8 05 bb ec 32 8e c5 04 28 30 06 85 bd 04 16 e1 81 10 20 21 38 b8 00 1a 78 3b 67 78 87 2e e8 83 65 48 06 f4 60 11 2c 6b 05 07 48 11 47 c0 e3 2c 33 86 5d 88 57 e8 63 db 4d 26 33 13 15 cd d1 2c 4d 51 7e 40 b4 Data Ascii: ?L+]x:Rh-BGrH,dx8Th'p kB<IRVG9IfM0Vh`l"FKx"ZLm0BW}EV4^2(0 !8x;gx.eH`,kHG,3]WcM&3,MQ~@
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: c6 31 76 d6 b4 35 e4 3f 72 68 1b 5c ff 92 b3 2a 48 43 ae 73 13 dc e0 54 9e 57 6a e4 c2 16 73 0d 5c 5f ff 5a 73 c3 a9 22 10 27 b0 00 1c 6a 51 8b 5b 20 a1 10 b8 50 46 34 ce 71 0e ec aa 10 74 a6 53 fa 65 73 70 59 d5 69 b6 75 3b 78 83 c8 8c a6 00 14 53 9b 16 c4 48 49 03 66 f2 02 9c 78 4c 01 d9 01 0a 20 34 73 5b 40 90 62 b7 df fb 8a 34 20 f1 0c 3f fc 82 17 b9 30 46 2e 72 21 c3 61 18 c3 e6 4b 61 07 74 c7 b7 3e bf ff 9d ba e6 bb c3 20 52 b1 85 60 5c 01 03 83 90 05 e3 be 2b 88 24 fc 65 04 14 10 c1 11 de a1 de 76 b4 83 1b 50 28 20 32 1a 71 51 a9 23 03 f4 6f 40 6d 7c df e0 0b 62 58 80 82 34 b8 c0 80 0f fc 17 92 93 5c 83 fc 21 0b 83 71 03 81 d0 51 18 f7 28 e4 d8 d1 46 d0 85 00 97 46 3e bb d0 c5 2e bc 40 81 21 be 47 3c d3 48 49 27 42 81 89 ff 99 75 c2 13 a0 50 f1 26 Data Ascii: 1v5?rh\*HCsTWjs\_Zs"'jQ[ PF4qtSespYiu;xSHIfxL 4s[@b4 ?0F.r!aKat> R`\+$evP( 2qQ#o@m\|bX4\!qQ(FF>.@!G<HI'BuP&
2025-01-02 05:12:35 UTC	1024	IN	Data Raw: e8 f1 82 da d5 7e dc 3f 50 80 7c 17 98 fb dc 05 01 60 3e 92 17 41 08 52 2f 8b 84 38 44 38 24 68 45 82 98 fb 1f ce 33 42 f4 64 60 7d 5e 48 81 03 32 80 5f fd 82 3d 89 32 2e 64 0c 16 10 19 24 a0 62 10 34 b8 c3 1f 06 f1 87 cf ff 41 bb 17 80 fb 1e be 05 23 64 38 40 c3 66 34 c2 11 d2 98 46 10 57 c2 f5 ae 1f 31 89 a5 74 62 07 31 01 bd 83 00 04 0d 4c 21 08 1d 27 01 01 33 1e fe 9b 47 6d 2b cb 9f 67 0a 50 18 87 38 50 21 4c 18 6a e6 15 2f 13 54 0f 36 d1 4c 4f 8a ab 04 b5 78 44 94 55 80 82 14 78 c1 7c 24 f8 14 a8 20 bc 29 5a 58 e1 0b a6 0a 47 16 0e 92 85 35 b0 ea 19 87 08 bf 0f 93 40 01 e3 c3 b9 f8 ff 1d 81 13 38 60 fd 1d 29 d3 ae 84 42 23 e4 48 23 ec 80 b8 6c d2 1b 0c 8b b7 70 d9 06 54 13 26 60 02 32 ac 4b 15 30 9a f2 41 c1 14 b0 4b 38 55 ff 01 a7 95 0b 15 a0 8b 15 Data Ascii: ~?P\|`>AR/8D8$hE3Bd`}^H2_=2.d$b4A#d8@f4FW1tb1L!'3Gm+gP8P!Lj/T6LOxDUx\|$ )ZXG5@8`)B#H#lpT&`2K0AK8U

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	586	OUT	GET /img/996a_180x180.gif HTTP/1.1 Host: ig79.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	1087	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 1848 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb838e588862b90-LAX Content-Length: 509971 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:06:52 GMT Etag: "6769630e-7c813" Expires: Sat, 01 Feb 2025 04:36:04 GMT Last-Modified: Thu, 02 Jan 2025 05:06:52 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOn2HhnTp8C7UjcX42DdIPDubi8neywq4MDfDQQqsZNAeZYMwcX%2FD2BXuoV9OjhBkp72wuIqWUZ1T7VaeDhLmF4nZSyvAiIbBeKgcPkTBpnsyBmD4EbiqJt4xAt1fxGZ2g%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=976&min_rtt=830&rtt_var=66&sent=11265&recv=592&lost=0&retrans=50&sent_bytes=15776986&recv_bytes=34493&delivery_rate=59182561&cwnd=266&unsent_bytes=0&cid=1b60333668623c9d&ts=37042&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:35 UTC	99	IN	Data Raw: 47 49 46 38 39 61 b4 00 b4 00 f7 00 00 d9 49 26 ff ff b1 0d 2c 49 f1 b0 93 a0 de f5 a3 b0 dc 4d 66 9b f9 ce b5 d6 6f 4a 0a 22 2f 22 fe 00 b1 0c 00 d8 4a 0c 5f af d8 00 cc ff f7 88 2b 28 4f 8c f4 b8 ae 5c d1 fe f9 44 30 f2 8a 71 fd f3 99 f2 67 4c 95 04 00 95 a4 aa b5 22 09 f9 b3 00 fe ec 67 f5 d5 Data Ascii: GIF89aI&,IMfoJ"/"J_+(O\D0qgL"g
2025-01-02 05:12:35 UTC	2372	IN	Data Raw: 8a fa 0e 08 f0 70 29 24 44 71 b6 47 2d d5 8a 51 a0 95 19 f3 99 86 d3 0d 00 6f 8a ad 11 44 6e 0c 8c cc dc 8e 6f ee 90 00 b6 5d 53 37 b7 f4 25 30 4b 00 75 b9 d4 33 23 01 11 24 9a 9d 62 0c 88 b9 4a 4d 49 d8 6b 2c 61 63 1f d3 d9 f4 d7 76 69 da 95 8f cf f0 f8 28 67 96 25 32 6b ef b3 76 22 98 d4 b4 32 1d c8 d3 d9 dd 66 03 ff 99 3d f1 77 60 d7 55 3c f6 33 23 10 52 89 29 aa df f1 55 3b 0d 31 68 d0 b6 06 43 52 74 dc ab 6a 2d 45 4c 4d 69 72 5e 20 21 2d 68 b0 a1 e9 a3 d1 b6 af ff ee 2f 54 fa 1f 26 2c 2f 15 ae 15 ea 77 00 d4 d2 8e 2b 60 d0 93 e3 6d 26 53 af 1c 55 1e 09 b3 ee 67 7a cb 66 de 5f 6d 6f 77 d4 d4 b2 0e 66 91 78 8a 61 6b 6e 4c 10 46 52 dd cc 08 5a db a5 db 67 91 54 67 52 d4 ae 92 8e 2b 29 fe ee 0c 56 30 45 10 4f ac 07 aa da 75 4b 4e d1 f2 d0 97 22 10 98 2b Data Ascii: p)$DqG-QoDno]S7%0Ku3#$bJMIk,acvi(g%2kv"2f=w`U<3#R)U;1hCRtj-ELMir^ !-h/T&,/w+`m&SUgzf_mowfxaknLFRZgTgR+)V0EOuKN"+
2025-01-02 05:12:35 UTC	538	IN	Data Raw: a8 92 09 60 a9 04 05 65 2b ae c0 ba 09 eb b0 c4 ce 6a ec 82 75 fe 0a ec aa 7b f2 ea a7 23 ca 2e 9b 2b 1c 6b 10 bb 04 0b d8 66 3b ac b1 c7 76 6a 88 72 d2 e6 fa a8 99 d6 45 0b ee b9 e8 f6 90 81 6b da 2e e1 ee bb ee 6a ab 6d ab dc 76 9b a9 67 9e 9a 9b 6e ba a4 ba c7 a4 be fb aa ab 2e ab d7 c2 6b f0 bb f3 c6 5a 2f 97 c4 36 ec b0 00 b5 02 1c 70 06 86 94 89 9a af 19 0c ac f1 c6 1a af eb d8 c1 06 cb 20 b2 c1 09 d3 7b ac c3 f2 a6 ac b2 b6 4d 18 92 71 c7 1c 77 dc 6c 61 cf 66 60 f3 cd 38 e7 8c 33 b5 d9 86 2c f2 cf 40 8f 1c 6f c9 28 17 6d f4 ca 48 93 c8 42 cb 3a 37 9d f3 b8 70 95 eb f4 d4 eb 56 0b 72 d0 58 03 8d 30 d1 47 a3 5c 30 c9 d7 66 2b f6 d8 64 7f b6 46 1a 54 3b dd 2f 56 ff a6 dd b4 63 3d bf 9b f5 19 74 9f 91 b5 d0 5c 77 4d 36 c8 7c 83 ff 5d 76 78 e5 b9 dd b4 Data Ascii: `e+ju{#.+kf;vjrEk.jmvgn.kZ/6p {Mqwlaf`83,@o(mHB:7pVrX0G\0f+dFT;/Vc=t\wM6\|]vx
2025-01-02 05:12:35 UTC	4744	IN	Data Raw: 58 3d 3c 24 e1 87 60 0c 23 07 fb c7 3f db 89 ed 88 48 1c a0 0e 74 c0 82 4e 30 4d 8a 70 ac 58 92 06 52 be 38 4a 51 4a 21 ac 22 0d 23 98 bc 3e be 4f 8b f7 c3 43 0f 73 40 c8 41 1a 20 07 78 48 a4 22 09 c9 48 27 38 f2 91 8f 04 62 07 89 68 44 34 12 81 84 6b 5c 23 b6 dc 08 87 25 96 69 81 76 6c a1 03 c7 00 b8 07 ba 8b 8f ae 4b 25 20 83 b8 c8 46 ba f2 95 8d cc 02 24 67 19 49 03 28 52 88 94 c4 5c 00 bb 87 c4 4c fa 92 8d d9 32 61 28 5b 68 a1 25 ba 29 3c a4 d4 e3 1e 55 19 c4 66 b2 b2 95 b0 94 65 34 65 49 cd 2b 58 f3 9a b3 b4 65 22 ef 47 46 33 86 90 97 98 cc 84 38 7f 09 4c 25 2e f1 74 8f 40 1f 32 95 b9 cc 55 3a f3 9d d0 9c 26 35 e5 79 cd 7a 5a 53 9a 8c f4 a2 f4 ce d0 ff cd 22 6a 4f 00 68 4c e3 38 d5 48 4e 1d f0 ee 9c 69 73 4c 96 d6 59 a2 19 b6 b3 6e ef 8c e8 20 61 f9 Data Ascii: X=<$`#?HtN0MpXR8JQJ!"#>OCs@A xH"H'8bhD4k\#%ivlK% F$gI(R\L2a([h%)<Ufe4eI+Xe"GF38L%.t@2U:&5yzZS"jOhL8HNisLYn a
2025-01-02 05:12:35 UTC	5930	IN	Data Raw: 4d c1 e8 80 9a a8 ba 0f 20 74 52 c2 ed 84 fa d0 3b 96 2e 54 6d c3 e9 3e d4 92 05 9d 42 8c 72 44 a0 2a 49 43 05 32 cb 2c 13 8e 47 c6 44 20 84 10 10 50 21 8d 47 2a 81 a8 89 47 40 58 93 4d 37 d3 68 02 a2 4a 9a 50 13 4f 15 40 78 64 8d 24 74 3a 52 a1 24 95 94 ff c8 c1 07 99 30 e0 d1 07 45 94 72 ca d4 aa 04 0f 43 0d 17 cc 52 4b 41 40 e4 a9 50 db c0 14 75 54 e9 4a 35 55 a2 26 9d 0c 15 d1 44 3d 5a 6b 89 46 1f 85 34 09 49 27 ad f0 3b bc ae d4 74 d3 2d 51 45 ef 50 52 83 15 56 d1 54 0d 88 74 8c db 04 01 73 51 07 1d 95 95 09 5a 81 55 d4 3c 2a ed ba 54 d7 5d 39 55 d6 d3 da a4 1d f6 5b 53 c3 75 95 4b 08 54 45 96 d4 25 61 75 56 d6 68 29 a4 d4 c2 6b ab 74 29 5b 6d b9 4d cf 5b 70 f3 5d 36 27 3c 20 ac 75 d9 25 63 9d 75 42 5b 43 aa d4 da 5c e5 85 6e 2f 4e 41 ec 72 55 56 f5 Data Ascii: M tR;.Tm>BrDIC2,GD P!GG@XM7hJPO@xd$t:R$0ErCRKA@PuTJ5U&D=ZkF4I';t-QEPRVTtsQZU<*T]9U[SuKTE%auVh)kt)[mM[p]6'< u%cuB[C\n/NArUV
2025-01-02 05:12:35 UTC	7116	IN	Data Raw: 16 85 dc ea a4 69 c7 7f 02 60 7d c4 48 b2 fd 69 b2 bb ca ad cc e3 21 d2 5a 49 ac 36 01 9a 85 62 66 7b b6 66 8b 18 68 bb b6 dc 95 16 6b 6b 61 a1 00 65 a8 85 5e 5d 36 b7 e8 e5 03 17 eb 9e 50 4b 82 b2 5a 59 55 eb 7c 3b 04 a5 87 ca 85 89 4a 4d 50 85 b1 b1 88 b2 e8 e3 96 61 ab 46 b6 d0 71 24 41 5f f2 25 b9 a7 40 5a 91 6b 27 95 3b 5e db 35 02 07 50 62 28 d6 71 9c cb 61 14 f0 5e 78 9b b7 50 78 53 49 a0 66 fb 37 b5 57 2b b8 e3 0a 93 e5 6a ae b6 a8 b8 ad 03 b6 8d cb 02 49 10 b7 2e 60 81 b3 76 62 52 b6 7e 4f d6 0a bd 76 78 14 a0 71 24 27 09 93 1b 6c 97 66 ba ce 07 73 f9 68 95 ab cb ba 58 ab 9c 5a bb b5 d3 07 6a 8b cb b8 c1 a5 46 5e d0 6a e1 f7 6d be ff d0 0a e6 a6 7e 42 b0 59 e3 4b 97 a5 70 0a 4f 76 6b 18 d6 71 ec 4b 97 95 3b 66 ab 75 b1 99 47 b5 56 b8 6f a0 e7 ba Data Ascii: i`}Hi!ZI6bf{fhkkae^]6PKZYU\|;JMPaFq$A_%@Zk';^5Pb(qa^xPxSIf7W+jI.`vbR~Ovxq$'lfshXZjF^jm~BYKpOvkqK;fuGVo
2025-01-02 05:12:35 UTC	8302	IN	Data Raw: 08 02 10 00 13 0a 50 c8 8d 84 b4 b9 75 7c 5f 56 d7 c4 0a 25 88 13 a7 e5 5b ae cc ae 46 e0 cb 2e 74 c0 04 3e dc 02 80 fb 41 71 66 60 79 03 60 ac e5 6e 2b 4e a5 02 8f b1 07 28 6e 7c 37 9c 04 0c c8 82 25 f7 cd ef c0 98 66 5a 58 a8 e0 02 0b 68 2b 85 db a9 de 06 4b 54 08 82 d5 e7 08 c5 19 de a8 5d 20 03 0a 75 aa 38 cd 4b e1 1e dc a2 04 1f 10 80 20 04 b1 61 01 e8 a0 04 9f ed 08 b6 06 16 91 26 37 99 c4 19 d1 45 60 2f 50 e3 54 3a 18 c5 28 2e ef bd 10 70 63 2c 5f 00 c5 42 08 01 67 7d f6 db 9f 56 b9 45 28 70 30 79 2f 00 02 58 30 41 ff 07 43 1e 72 91 75 f0 81 12 20 d7 be 4e ce 73 9e a1 dc 4a 0c c8 c0 0a fe bd 40 8b 9d 84 de 0b a0 80 03 03 e0 40 a1 b3 fb 89 13 1b 1a d1 3b d8 01 07 58 11 02 14 4f 96 14 82 bd 80 0a e8 26 04 4d ff 14 c3 fc 5a 80 a6 59 91 04 1d 74 22 ce Data Ascii: Pu\|_V%[F.t>Aqf`y`n+N(n\|7%fZXh+KT] u8K a&7E`/PT:(.pc,_Bg}VE(p0y/X0ACru NsJ@@;XO&MZYt"
2025-01-02 05:12:35 UTC	3667	IN	Data Raw: 4d e2 57 2f 0e ec 80 eb 53 17 f9 c7 0d ca f7 be fb bd ef b1 28 37 08 24 4b 78 b4 c3 61 7e 85 9f 81 de 11 9f f8 72 f3 31 f1 65 7f 76 18 04 90 00 01 24 01 03 b2 38 08 dc c3 23 f7 91 5c 02 68 a4 0d c1 05 2e 00 87 58 fc 3d 03 a3 4f 7d b9 57 cf fa d6 bb fe db a9 bf 80 e9 0f fa 4f 38 90 3e 16 b8 a7 7d e0 47 5f 7a dd 7f cc f6 bd d7 7d 06 6c 4f 7a a0 7b 81 f2 95 a7 bc e6 3f 1f ae ce 8b 84 f9 75 bf 7b ec a7 4f fd ea 5b ff fa d8 cf be f6 b7 cf fd d8 73 9b 03 68 48 02 ff f2 93 bf 7c c3 cd dd 05 13 48 ff 04 5c 90 6d 72 6f ff f5 f0 8f 3f fc bb 4f ff fa 7f df 0a 5e f8 80 0e c6 2f 80 f2 ab 9f 7c e7 a7 7e e9 d7 5f 3b 60 73 d7 f7 71 08 a0 04 21 50 78 0c d8 80 0e d8 80 21 70 2f fd 04 7f 16 e6 7a 3d 00 02 2a 50 76 ac 57 81 16 48 5a 56 50 02 10 a0 7f 3a c0 02 4b 50 82 26 61 Data Ascii: MW/S(7$Kxa~r1ev$8#\h.X=O}WO8>}G_z}lOz{?u{O[shH\|H\mro?O^/\|~_;`sq!Px!p/z=*PvWHZVP:KP&a
2025-01-02 05:12:35 UTC	10674	IN	Data Raw: bc f1 c8 11 30 9b 2f 82 c1 84 88 60 b9 27 93 1a 52 ca 22 87 b0 2a 42 25 05 23 a8 c9 94 5c d9 0f c9 a1 b2 9b cf 46 30 77 d4 2f 08 2b e9 9b 60 88 38 f3 14 93 82 e0 42 a9 52 c9 11 8c c0 53 4f 29 87 98 20 88 50 00 a5 ff 31 d0 41 09 0d f3 d0 3a f7 03 c0 15 94 06 58 0a 81 f3 00 fd 32 4e 1e 3f 29 2f b0 3b 1d d5 d3 88 2d ff 7a 45 50 51 f3 9c 40 be e5 4e 6d 34 d5 47 59 dd 8f 02 94 28 28 28 d1 be 42 19 c0 82 57 39 05 6c 00 58 09 1d 62 84 e5 80 0d 56 4f 62 fb 8a a0 d7 63 89 1c d6 b4 50 1e 73 f1 18 1b 2a 33 6d d9 60 3b 5d 85 14 63 f3 54 e5 5b 70 c3 05 73 d5 ed 98 f5 56 dc 42 73 3b 60 d3 73 d1 1d 37 d9 11 0a a2 00 b6 6a 5d e0 eb 80 52 da cd 51 db 75 cf 25 c1 10 80 03 2e 25 5f 4e 23 60 57 ca 81 03 16 98 60 30 49 45 35 ce 84 15 26 e1 12 86 a5 34 c2 3f 52 ce a4 34 5e 50 Data Ascii: 0/`'R"B%#\F0w/+`8BRSO) P1A:X2N?)/;-zEPQ@Nm4GY(((BW9lXbVObcPs3m`;]cT[psVBs;`s7j]RQu%.%_N#`W`0IE5&4?R4^P
2025-01-02 05:12:35 UTC	11860	IN	Data Raw: 89 0d f7 da d2 ea c7 ab f6 8b 82 a8 b3 09 21 32 c9 03 99 04 ef a7 9f 52 28 b5 d4 13 2f 6a f5 d5 28 38 dc 90 12 33 5c ed 75 bc 99 1e aa 26 02 24 10 7b 74 ad c6 dd 60 66 ab a8 44 fa d0 d3 a8 c8 c9 b4 40 26 91 0d 36 d4 78 e7 3d f1 c4 a8 f0 ff 3c f6 dd 7b df 2d 36 c8 16 ab ea d0 d3 a0 34 eb 90 ad a4 1a de d0 7e 9f a2 d0 eb dc 25 87 92 f4 00 11 64 ae 79 e6 36 00 ae b7 b9 2a 91 c2 b6 de 79 7f ea 78 7a 50 bb cb 50 ac d3 8a 4a ec ae d0 3a d4 31 09 9b ce cd d0 01 2e 7c ea f7 db f1 5e 82 65 e9 83 6f c4 2a 2a a5 17 0f 7b 8d af 83 12 fb e3 f5 7e c6 bb ef f6 e6 5a 36 09 b4 52 ce d0 f0 17 53 5b ad 0d 28 20 60 c3 f7 46 6b 98 fb c5 e0 97 ff ba ef 1b af f8 7a fa 37 7c 9a fe a8 a0 4b 6f f6 56 94 e3 04 8b 10 58 0a 5b eb eb 53 53 6d ba 4a 70 93 57 ff 10 10 af 09 a9 cd 4c 00 Data Ascii: !2R(/j(83\u&${t`fD@&6x=<{-64~%dy6yxzPPJ:1.\|^eo*{~Z6RS[( `Fkz7\|KoVX[SSmJpWL

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	587	OUT	GET /img/FF98t_180x180.gif HTTP/1.1 Host: ig82.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	1089	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 754 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb837c68d2578d7-LAX Content-Length: 476245 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:06:06 GMT Etag: "6769630f-74455" Expires: Sat, 01 Feb 2025 04:53:31 GMT Last-Modified: Thu, 02 Jan 2025 05:06:25 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vrIr%2FtVFEiVF0xhRwJjFpceXLmmstx%2B8Xguibe6nZiRZ4R4kDlDlIB1U%2BmXHv4CZQklckFVt7v9uDS%2FaOsmQLumK0unZ8jUETrPmYgf3vIqviK%2FZDqwndF9f9MUItgJUtw%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=6891&min_rtt=787&rtt_var=11629&sent=558&recv=45&lost=0&retrans=6&sent_bytes=781704&recv_bytes=2512&delivery_rate=1788130&cwnd=272&unsent_bytes=0&cid=06d2bfb77b177ca0&ts=2404&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:35 UTC	97	IN	Data Raw: 47 49 46 38 39 61 b4 00 b4 00 f7 ff 00 fd e7 ca 21 ff 00 ff f5 b7 f8 17 17 dd e7 f0 f9 b0 04 6d 90 a9 ca d4 dc ff f6 01 fe bc 74 a6 08 00 fd de b9 bd ce d8 ff de 00 8d a8 ba ec ef f8 01 01 01 d6 de fb 77 98 ef a9 bc cc ff ef 78 ff 98 fb fd d6 aa 8c a9 ef 4b 93 fe 59 5b 60 fd ce 97 a6 ff 97 Data Ascii: GIF89a!mtwxKY[`
2025-01-02 05:12:35 UTC	2372	IN	Data Raw: b9 ca f7 49 70 90 fe c6 00 fc c5 88 ff 01 f7 e7 ee ef a4 bb f6 ed db b9 f8 b6 6b 9b b4 c6 e1 bd 86 4a 73 e7 f9 90 0d 34 41 5b ff ea 30 6c fe 51 f5 de c6 0b 4d b2 ff 5a f5 ff f8 d9 ff fa 94 ef f7 f8 ff ef 4a 32 65 d4 da b5 71 6b 78 f8 52 fd 30 e9 cc 99 36 93 fa b8 b9 b8 79 86 fe ee b5 66 d7 a8 56 ce dd e7 ff fa c9 8e fd 70 ec d6 ac 46 6b d3 c9 d6 f8 cc 11 0a ee b6 4d 64 88 e7 fe cb 2a 8b 8c 8f fd da 69 d6 71 00 9a 94 47 33 44 fe fe d5 4a fd 78 0e 26 59 ce ff cb ff 0d 51 cd e9 bc 78 fb ef e7 7e 9c b2 54 7a e6 f7 4e 13 c8 32 05 ec c6 8b dd c5 91 b2 a0 2e d7 ff cf f0 59 a6 8c 9a f9 35 65 87 45 4e fe f4 2c 13 d6 4e 05 f7 bc 31 ef e7 cb d7 de e6 e9 ce a5 c5 ff ba fd 48 23 ff ca 11 db b3 12 ff 27 f7 06 c7 f7 fa 0c 24 e9 ad 60 72 ab fa 67 82 9d 1f 57 bc 8f 72 e8 Data Ascii: IpkJs4A[0lQMZJ2eqkxR06yfVpFkMd*iqG3DJx&YQx~TzN2.Y5eEN,N1H#'$`rgWr
2025-01-02 05:12:35 UTC	538	IN	Data Raw: 60 30 af ce 79 8b 3c ab 62 84 67 ae 27 ea d1 67 ad c4 a6 19 22 a1 b9 1e 8a 52 af 0b 2d 9a 6b 22 25 3c 5a ec b4 80 12 e0 40 a5 af 62 9a 1d b3 04 71 8a 6c a7 c1 94 20 25 b5 e4 a6 59 ce 04 b8 5a fa 6d 0b aa f6 da 6a 91 32 12 2a 6f 0b f3 ce ab 07 03 e5 e6 ab a6 38 b7 be 51 2f bd 00 23 3b ef 89 a4 3d a0 69 84 fe ca eb 2f bd 84 2e 12 30 c3 53 f4 f0 8d 3d fa 56 ac e6 b1 f3 3a ac b0 c2 0c d3 eb db b2 0f 12 b7 70 c2 24 97 5c 32 b4 d2 5a ac 32 95 df f4 d8 81 c9 30 97 9c 62 a6 db 05 16 f3 cd 09 07 33 c1 b8 2b f7 9c e6 37 e4 ec 12 0c ce 38 b7 db 18 98 a1 24 f2 86 d2 4c 13 ed af 1e c0 f8 2c 75 a4 c0 e8 a1 b4 d3 24 2b 1d ca 2d 75 fa a5 5a 22 4e 2c bd b4 27 4c 27 62 f6 d9 67 07 e1 40 04 b3 4e ed 36 cb 3d f8 88 f6 dc 74 8b 9d c8 c7 6b b9 45 36 d9 89 cc ff 70 b7 d9 7b ff Data Ascii: `0y<bg'g"R-k"%<Z@bql %YZmj2*o8Q/#;=i/.0S=V:p$\2Z20b3+78$L,u$+-uZ"N,'L'bg@N6=tkE6p{
2025-01-02 05:12:35 UTC	4744	IN	Data Raw: c8 06 32 0d 38 e0 f0 8a 51 0c 63 11 70 f8 c3 1a 8c b1 06 b6 88 5f 0a 97 c8 46 2a d9 e3 01 76 b0 85 19 c9 48 c6 39 f2 f0 8e 38 ac 41 0d 00 28 10 98 e8 f1 8f 80 2c a2 0f 03 a9 47 2e 00 03 54 6d 4c e4 a8 ec 41 0e 60 70 81 90 79 fc 63 24 b1 a8 c7 9c e4 51 8e 73 14 a4 1e 31 79 c6 1a 9c 50 91 a0 24 d6 37 5a 88 49 3d 0a 12 93 72 3c 25 20 75 b0 49 34 d6 80 95 72 44 25 1a d5 18 ca 5a d6 aa 89 22 40 85 2b 5d 19 cb 56 c6 12 0e 70 d0 81 1c 59 09 4b 61 be 52 8e 86 fc 83 2d 97 49 ac 37 72 00 15 c6 1c 26 1a 75 40 cc 57 be 92 98 d4 cc e6 35 75 c0 85 5a 90 63 7e cc 0c e7 a8 c8 21 04 2e 64 53 9b e7 d4 01 30 d3 99 4e 4b 44 40 9c f0 a4 56 04 2c c1 ce 7a d6 93 0b 29 8b a7 3e 6b 45 ff 00 73 d6 73 9d f7 dc a7 40 8b e5 4f 7b da 93 0b 03 4d e8 a8 0a 9a 4e 80 b2 13 a1 0a 8d a8 9f Data Ascii: 28Qcp_F*vH98A(,G.TmLA`pyc$Qs1yP$7ZI=r<% uI4rD%Z"@+]VpYKaR-I7r&u@W5uZc~!.dS0NKD@V,z)>kEss@O{MN
2025-01-02 05:12:35 UTC	5930	IN	Data Raw: 7a 34 f2 48 23 83 c8 e5 48 25 93 ec 31 88 02 85 94 32 c8 05 8b 64 12 c9 26 b3 ec f1 84 20 9c f1 70 4a 30 83 24 71 93 13 b8 34 33 88 32 cb 44 d3 cc 32 37 79 85 c5 30 e3 74 11 1a 32 d3 54 33 cd 35 9d d9 04 48 39 fb 14 72 3d 2a 4e 08 34 50 41 03 8d d2 4f 44 85 5c 15 70 93 41 a9 10 e4 96 0f 13 95 34 48 72 60 74 13 ce 49 bf 0a 08 00 21 f9 04 09 03 00 ff 00 2c 00 00 00 00 b4 00 b4 00 00 08 ff 00 ff 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 f1 41 2d 38 5e bc 58 aa f5 87 a6 cf 9f 0b 23 f8 ab e1 05 90 ae a3 5e e0 f8 7b 00 b4 29 d0 5a 96 04 79 39 aa cb 15 20 57 48 6b 58 62 ea b4 ab 4b 7f 5c 98 61 ad 6a d5 15 d6 b1 55 05 ed f4 ca f6 a4 3f Data Ascii: z4H#H%12d& pJ0$q432D27y0t2T35H9r=N4PAOD\pA4Hr`tI!,H\#JH3j CI(S\0cIA-8^X#^{)Zy9 WHkXbK\ajU?
2025-01-02 05:12:35 UTC	7116	IN	Data Raw: 1e f0 e9 c8 fb 04 a9 cf be 23 9b dc 8f c8 9d 6a ea 81 42 7a f4 59 b0 1e 7d e8 d1 d0 24 7d ac 74 30 43 e6 94 01 06 3a da ac 74 67 1e 07 d7 b8 ae 89 e3 b6 71 c7 c0 01 e8 f1 80 47 65 84 80 c1 a4 0e b3 9c e7 cd e5 b0 23 a6 25 05 14 00 54 50 b9 ac c4 c6 1d 05 64 d9 ff 51 05 1f 04 e8 71 26 28 a1 ea 49 10 fc 9a 24 6a c9 a3 28 d5 54 d3 27 23 d5 a9 07 1f ac 81 d1 4c 37 95 5b 88 cd 33 dd 71 67 41 42 0a 40 40 00 21 08 38 b1 80 78 06 20 95 1e 17 27 2a f5 4c 0d fd 42 a7 87 08 28 30 a9 9f 7a 56 5d 55 9f 01 5c 45 d1 0a 05 98 75 d6 0a 42 b0 71 73 c1 44 b1 d3 48 a3 06 64 80 e5 01 4f 77 32 72 d3 4d 31 4d 0a 5c 4a 3b ed f6 a6 07 ee 2c 60 41 55 f5 59 b5 cf ab 54 4d 75 8d 2f bc f2 81 80 08 ee 44 c1 56 37 6d dc a6 cf 43 6c 95 57 9f 35 aa c8 48 1e 02 62 a8 ea 2a 77 fd 1d 40 c4 Data Ascii: #jBzY}$}t0C:tgqGe#%TPdQq&(I$j(T'#L7[3qgAB@@!8x 'LB(0zV]U\EuBqsDHdOw2rM1M\J;,`AUYTMu/DV7mClW5Hbw@
2025-01-02 05:12:35 UTC	8302	IN	Data Raw: b8 84 bb 08 1d 20 b8 06 f0 9b f0 39 01 3c 86 b3 06 73 a5 5d db 03 e0 d6 03 07 d0 03 96 1b 98 69 1a 8e 9e cb b2 ee 49 07 5d d0 01 74 f0 9e 90 8b a9 eb b0 80 2d 98 51 34 9b 1c 81 1a 3b 69 35 5c 35 3a bb b4 5b bb b6 fb 1e 35 23 0e 21 c0 01 77 6b b0 76 4b b7 3f ab b7 81 39 b6 6e d0 01 1d 30 ba c6 4b 07 ca fb 98 cc eb 06 cd bb bc c6 7b bc c6 eb 9b 2d ca 63 21 10 03 f6 20 0e 89 0a 6e 54 39 05 ce ab bc bf ff e9 a2 76 60 07 7d eb bd 74 90 01 4d 3b ba be 09 9c 66 4b 00 21 30 b9 59 ea 53 9f f9 21 1b 74 57 54 00 72 78 b5 8b fa cb 8b b1 ea ab 4a 35 4b 2d 85 03 74 eb bb 1a 51 aa 02 2c c0 18 20 0a 0a 3b 9e dd eb bd 82 fb 98 8d db b8 53 30 c1 14 5c c1 bf d9 b8 ce cb b8 64 6b b6 98 7a 2d 17 d6 33 53 59 02 ee 29 b8 90 f9 b8 5d 4b be 7f 6b 00 cb 0b c1 ef 19 96 7f 79 bd 06 Data Ascii: 9<s]iI]t-Q4;i5\5:[5#!wkvK?9n0K{-c! nT9v`}tM;fK!0YS!tWTrxJ5K-tQ, ;S0\dkz-3SY)]Kky
2025-01-02 05:12:35 UTC	3669	IN	Data Raw: 40 7e 98 42 95 94 dd 4b 23 55 3f fa a7 d7 bd df 1c 01 b3 16 e4 e5 2f c7 5a 5a df 98 67 07 27 9d 1d 4e 44 11 40 1a 6c 23 ca e8 51 a9 ba ab 64 7d 70 b8 99 03 ad 61 dd 36 76 f9 03 f2 8a 3a aa b9 ed 09 50 dd 1b a2 8d 46 1f 40 6c 75 36 13 c5 b1 bc 6e cc a4 fb 21 b9 49 75 6a f2 49 28 58 45 1d 9f 2e a5 19 7b d2 de 8a a1 8d 76 d6 ad 0c 0d 16 dd 4e b5 86 1c dc 5d af 72 75 55 ce 3b 77 5d 3f 2d 43 26 57 f5 63 ed d6 f5 c2 5d db 96 e6 72 45 a5 e8 ff a1 f7 ed ec 3d df fa 56 7a ba 7d 18 83 38 7a 76 50 64 e6 29 02 fc a5 69 96 3f 0e 72 31 db 4f 6e 5a dc d0 dd 94 dc f0 e2 22 56 e5 de 9e 78 b8 39 6a da 2a 66 1a dc 91 9c 00 57 c9 e9 21 8d 43 09 85 b6 2c 9e c9 bb 5a 49 42 07 01 55 21 e7 0a 79 a8 40 64 bb 91 a5 83 86 8d 0c 52 51 09 f1 7a 1b 1b df b9 2b af 0c 33 7d dd 3e 4c 20 Data Ascii: @~BK#U?/ZZg'ND@l#Qd}pa6v:PF@lu6n!IujI(XE.{vN]ruU;w]?-C&Wc]rE=Vz}8zvPd)i?r1OnZ"Vx9j*fW!C,ZIBU!y@dRQz+3}>L
2025-01-02 05:12:35 UTC	10674	IN	Data Raw: 81 b1 c5 db 4a 96 6c 81 a4 80 f1 e2 8d 1a b1 8a 60 c5 17 09 19 36 1c ef 2f 64 c8 37 25 16 50 8c 19 ef 5f cd 12 9b e6 55 ac 96 6d 44 6b e1 de ae 84 65 6f 6e 03 6b 56 04 5a 91 05 06 a1 ff c2 90 49 71 cb 21 b4 b1 c1 99 dc bb 07 df 5e 18 9a 72 83 26 8b 83 0f 1f 3c 19 e7 f2 e0 49 4f 1f 6f 80 58 38 74 39 f4 7c 4b 44 c1 3c 29 d4 83 c3 2f 6b e7 8a e2 b6 ee a4 6a 15 78 f0 e8 f6 ad 4a 72 b0 5e 46 24 46 8c 3b ee bb 97 f3 e7 27 64 bf 3a c2 fd 00 bc 6b b0 c1 ee e8 88 ba 06 2a 49 8c 40 01 2f 1b 42 a2 05 2f fb 6b c0 c1 0a 43 90 33 02 bd cb 4f a1 c6 3c 4a 4e c0 c1 d4 1a c2 32 d2 a0 f2 2f 22 ce 48 a3 10 1b f5 88 39 b0 01 0a de 2a 67 b5 19 05 a0 ac 89 09 73 cc d0 41 ee f6 db 71 c7 de da f2 41 00 01 86 54 41 22 90 7c d4 71 38 b6 80 53 72 c0 bf 26 d4 8c 82 22 89 f4 61 3e e4 Data Ascii: Jl`6/d7%P_UmDkeonkVZIq!^r&<IOoX8t9\|KD<)/kjxJr^F$F;'d:kI@/B/kC3O<JN2/"H9gsAqATA"\|q8Sr&"a>
2025-01-02 05:12:35 UTC	11860	IN	Data Raw: fa 0a b0 4a 3b da 91 8d 74 74 87 7e 56 a2 87 20 54 8d 5e 0d 58 26 04 37 39 ce 37 1e 2e 5f d9 dc 26 3c b7 41 c6 72 10 00 68 25 cc 22 37 c1 a9 c9 c6 79 28 9a 11 a9 84 3b f8 06 50 78 4e 6b a0 11 41 c2 37 58 f2 0f 88 ea c5 2f a8 29 d9 2a b9 f9 ce 5f c2 ec 9d 16 c5 68 40 07 e2 83 75 e8 21 11 04 b0 87 d0 60 89 51 8b 82 13 46 ab ec e7 2f 01 1a b5 90 ed 85 a2 85 bb e8 2a 6d fa b5 21 54 cb 6d 0b 95 c8 46 5b aa 49 42 b8 d3 a5 37 3d c4 40 ac d1 12 88 46 54 92 eb 5c 26 4a 5d 0a d4 81 34 01 a0 37 9d aa 26 1f e4 d0 44 bc c1 1e 38 1c 08 e5 a8 ea d4 ce a5 f4 a9 9b 6c e1 5d 56 12 82 10 f8 85 a9 63 fd ea 10 0a 44 b2 26 16 60 00 54 a5 6b 55 ed ba ca 2a fc eb a1 49 a5 e4 5e 4a aa 3c 8e 3e 75 95 d1 db 28 42 53 9a 3d 7b 04 23 18 0e 1c 80 60 11 ca 4d f2 3d 96 ff a3 16 f5 e4 b5 Data Ascii: J;tt~V T^X&797._&<Arh%"7y(;PxNkA7X/)_h@u!`QF/m!TmF[IB7=@FT\&J]47&D8l]VcD&`TkU*I^J<>u(BS={#`M=

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	586	OUT	GET /1300x200.gif HTTP/1.1 Host: 5967.5967007.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	480	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:35 GMT Content-Type: image/gif Content-Length: 1399506 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001695112; path=/ Last-Modified: Fri, 20 Dec 2024 06:12:57 GMT Vary: Accept-Encoding ETag: "67650ae9-155ad2" Expires: Thu, 02 Jan 2025 05:42:35 GMT Cache-Control: max-age=1800 Server: layun.com Access-Control-Allow-Origin: * X-Request-Id: cd6246953ccd6cf43a81c9e6bc4ce1ac cache-status: EXPIRED Accept-Ranges: bytes
2025-01-02 05:12:35 UTC	15904	IN	Data Raw: 47 49 46 38 39 61 14 05 c8 00 e6 7f 00 fe ec 6d ff da 03 ee 05 25 ef b0 61 e5 a9 9c fe a7 02 fd e5 a2 f7 f3 d4 22 a0 df f4 63 73 33 30 2f 78 74 71 b4 b2 b1 af 86 60 90 8f 8d da db fb 6c 6c f8 f5 dd ee 03 01 6f 05 03 8b f9 ba d3 45 47 f4 88 88 fa 0f 09 f7 47 b2 e6 a2 d9 f5 22 11 f8 0e 00 da 05 ff 3c 03 01 00 58 5d a7 02 74 b9 57 29 26 44 44 33 b4 b3 d9 29 22 dc 21 0b dc b3 b2 f3 72 53 4c 5a cc fe d4 ee f8 42 20 67 69 66 5d 33 44 f2 91 91 d5 bb 95 89 c0 82 30 68 84 b5 95 70 77 ba aa 8f 72 71 d1 47 46 db 9d 06 ff 45 33 ee 07 88 c8 9e fe b1 54 4e 69 8b b1 d5 8c 90 b9 25 0f 0f 89 77 e9 6e 50 6c d5 f6 d7 55 66 f6 32 3c 46 22 22 1f 35 31 8f aa 98 ab 57 fe 80 56 55 f4 94 ae b3 55 66 54 ab 99 d6 90 b0 f1 51 68 6e 9c 99 f6 ca 6d f9 31 44 33 5a 54 dc c0 c5 1c f8 3a Data Ascii: GIF89am%a"cs30/xtq`lloEGG"<X]tW)&DD3)"!rSLZB gif]3D0hpwrqGFE3TNi%wnPlUf2<F""51WVUUfTQhnm1D3ZT:
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: a6 13 04 79 13 b5 35 6d af 95 0e 5d a1 2c 2b ba 05 98 e1 10 3c 79 79 73 75 57 04 23 59 e9 86 71 f1 08 1b 70 f0 06 4a 03 6f 3b 82 80 09 e8 27 14 98 27 fa 36 92 f7 96 7a 82 d0 27 8d 63 35 64 53 0d d7 f0 5c 25 89 4b 04 c7 3c bc d4 98 06 d1 1d f8 49 37 f6 b0 00 39 31 06 60 10 04 38 92 3d ec a5 37 2a c3 52 05 83 06 7b 30 31 be c6 3d 2f b8 23 c3 b3 36 35 c8 85 95 10 09 3e 97 4d 06 86 95 27 77 18 52 22 85 11 01 04 75 23 09 64 29 43 fd 92 39 c6 86 11 47 b0 96 58 19 2b 26 e4 a2 70 89 07 72 19 24 76 3a 06 77 79 9f 04 05 32 64 18 63 96 92 0a fa 92 ff 46 b2 c5 05 91 d1 02 b1 f3 97 c2 31 08 d3 36 6d 87 89 1f d9 65 64 59 ea 87 03 e7 0b a3 38 21 09 81 3c 93 f9 91 2a 69 99 83 e8 0f c5 33 ab 28 41 36 92 49 52 93 41 73 c6 58 ac c6 7a ac c8 0a 1d 6f b0 0f ad d9 65 ef f3 65 Data Ascii: y5m],+<yysuW#YqpJo;''6z'c5dS\%K<I791`8=7R{01=/#65>M'wR"u#d)C9GX+&pr$v:wy2dcF16medY8!<i3(A6IRAsXzoee
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 27 34 5b b0 25 9c 30 7b b0 d8 4b be 74 7b 8a 70 50 a9 a0 97 24 58 43 0d a2 74 52 12 6d 2e 98 7b cc 56 20 2d 23 3c 2a 17 5d 90 61 61 8e 32 91 bd d8 3c d9 65 4d c6 f7 6d d6 77 5a b3 e5 6e a8 25 99 8b b1 95 5b 99 7d 96 59 1f f6 c1 3d e0 17 7e e0 63 6f f2 b5 8c f0 a7 30 ec e7 6f c4 31 1c c6 51 8d b0 79 9a 6f 90 58 0d c7 70 ad 19 41 f6 c4 2e 09 d3 9a f0 d5 25 ac 90 28 4d d1 29 8b 69 5f 22 67 0c ed f8 59 3b 40 05 68 30 3a f6 c0 48 2a b0 03 c9 f9 41 dd b0 8f ef e6 8f 28 16 90 93 90 82 33 59 32 49 27 63 bb f3 31 db c9 9d 8b e0 90 31 b8 21 b4 70 ff 1e 17 89 91 b4 a5 33 e5 15 44 ee 69 71 45 d6 3d 48 25 92 4c 34 84 e1 69 09 f3 d6 10 24 21 8c 3a 52 05 fe 19 23 c2 18 0e 30 79 0c 52 78 9f 97 90 9f ef 61 65 70 17 66 40 88 46 3c 49 04 76 07 94 12 aa 36 b6 88 94 21 20 3a Data Ascii: '4[%0{Kt{pP$XCtRm.{V -#<]aa2<eMmwZn%[}Y=~co0o1QyoXpA.%(M)i_"gY;@h0:HA(3Y2I'c11!p3DiqE=H%L4i$!:R#0yRxaepf@F<Iv6! :
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: d6 56 9b f6 85 f3 83 7a a9 57 27 35 c7 7a 88 f6 73 b8 38 0c 54 78 62 94 31 1d e8 f4 37 eb 85 4b 51 b7 10 33 c1 06 89 f5 4b 06 71 04 5d c7 7c 09 e8 20 dc a3 8a 05 66 0d 99 55 47 e1 b0 73 da 20 5c 98 b0 7f da d0 7f 97 e0 82 e8 97 7e 1a 81 8e e8 a7 7d a2 24 31 c1 11 0e 7a 00 85 c0 50 7d ef 41 71 e9 f8 7d ea b6 0b fb 07 05 f2 f3 8e c0 00 81 96 40 7f fd 31 6e e5 c6 4a d3 75 20 fb 68 09 18 52 5f 41 b3 71 2a 10 03 12 c2 82 9d e4 69 c9 88 7b 00 37 2b 02 89 7c 9d 02 70 cc e1 53 ec d0 0b 0b e9 07 43 10 5e 89 57 22 52 f0 31 cc 67 09 fa 85 7b 01 28 ff 15 cd c1 23 b0 11 60 90 c0 25 15 d7 2d b7 b4 72 19 35 72 2c f9 1a a1 68 28 54 01 72 a8 13 6f 9f f1 00 65 70 8b 50 28 3c cb 43 4f 21 06 31 60 b2 3c 49 19 74 c5 28 64 6c a2 94 51 14 0d b5 70 26 8e a6 18 57 08 0c 50 69 0b Data Ascii: VzW'5zs8Txb17KQ3Kq]\| fUGs \~}$1zP}Aq}@1nJu hR_Aq*i{7+\|pSC^W"R1g{(#`%-r5r,h(TroepP(<CO!1`<It(dlQp&WPi
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 4f fd f5 c7 1b df a5 1e 89 3e bb f9 bd bb cb 4d b8 ff 0b 57 fc be 5f 0a 43 e0 b6 45 f7 08 0a b1 07 f8 b9 8b 3f 7e ac b4 1e 7b ea f0 9c 35 8e ff fe f3 51 c0 7f 6d 0f 80 80 19 20 00 a1 ff c5 ac 0d 99 4b 81 db c0 b7 40 06 e6 6b 5f fa d2 97 03 27 b8 40 09 36 90 82 5c c3 81 78 f2 30 07 d6 8c 61 55 0a 23 4f 0f 70 b7 bb 12 e6 ce 05 81 39 9c 10 ee 67 c0 16 46 88 01 b4 13 21 09 4d 58 42 17 f4 e0 70 29 38 83 6d fc 00 af 56 8d 07 63 33 a4 e1 f8 fc 95 30 21 08 0c 7f 92 62 99 0b 97 c8 c4 0c 95 21 0e 10 a0 c3 05 be 70 44 3e 3d 80 66 4d 74 cd 16 56 55 2d b8 c9 4f 88 60 0c e3 db e4 a6 35 13 88 27 87 ab 19 83 0c 80 65 3b c1 c5 4d 8c f1 d3 da bd d0 60 3e 0f 68 2c 8b 78 cc 8d a7 d8 68 2f 2f c2 11 6b 72 73 81 ac 4c a6 04 b2 c9 66 76 0a 93 00 0e 16 30 00 3f fe f1 8d fa 32 5c Data Ascii: O>MW_CE?~{5Qm K@k_'@6\x0aU#Op9gF!MXBp)8mVc30!b!pD>=fMtVU-O`5'e;M`>h,xh//krsLfv0?2\
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 25 c2 88 1f 6e f4 16 86 70 9b 08 97 60 23 bf bd d1 ff 20 14 ca 69 17 56 77 a4 4a 07 5e 7b 12 2c 50 e4 28 cd 49 30 05 c3 c5 4a 15 5e 53 48 8c a1 d5 04 f4 65 2c d5 00 5d bd 57 ca 18 f3 89 3c 55 03 d5 49 80 44 bd 30 bf e6 9f 00 00 be e2 87 03 06 6a 28 89 02 0a 9c 31 f0 87 0c 8a 38 08 14 13 97 12 b4 d0 02 54 28 ca 18 3c eb 3c 09 24 43 fc 1c 33 2d 70 20 2d 00 14 c0 4e ad f5 d6 6a a9 b8 cb 1a 67 6a 70 90 b4 07 ed d2 d3 99 3d 61 b3 cd 1a 64 af 98 f6 68 a6 91 6d 8e 69 70 b3 bd 0b 1d 07 15 03 36 90 6e 0e 39 71 48 64 b8 24 8c dd 6b cb 74 f6 2e ee ac b0 46 0d 35 cc 30 03 e3 5f 38 fe 78 0d 2b 38 be 02 e3 33 38 c1 78 e3 8e 63 2e 83 13 2b 82 2d 53 dc 66 83 3d 1a 1d 10 a4 5e 42 b9 46 fe f1 19 a2 6a 77 74 d8 1a 14 91 f1 59 39 ba e8 62 46 05 10 14 a1 06 0f 22 5d b6 f6 68 Data Ascii: %np`# iVwJ^{,P(I0J^SHe,]W<UID0j(18T(<<$C3-p -Njgjp=adhmip6n9qHd$kt.F50_8x+838xc.+-Sf=^BFjwtY9bF"]h
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 7f 28 a8 e1 2a 1c 42 c3 cd 84 d5 38 50 1b 2d 0c 44 ff 48 a2 2e 1d 74 71 22 3b 1e 6a 18 62 83 34 d6 68 e3 8d 0e c5 71 01 45 06 61 b2 0f 04 32 3c 15 09 2d 2c 20 95 93 4d 87 e4 43 55 55 ee 40 e4 92 48 48 59 94 13 94 15 21 99 54 95 3d 22 44 25 49 26 11 f8 07 93 9f b0 10 91 4f 2b ac d0 d3 4c 22 49 e9 91 48 33 6c 52 d2 4f 6b 54 f0 43 11 3c fc 71 c0 0b 46 32 22 03 0f 3c f0 83 84 1c a3 e8 f1 87 0c 11 f1 40 06 98 ea 8c 11 47 1c 22 c8 e0 81 07 7d 09 21 5f 58 74 a1 83 44 77 68 b1 f7 5c 0f 5f 79 f0 40 83 63 e4 c5 97 10 1e e8 20 42 0e 39 30 e0 00 73 99 6a 5a 58 01 71 49 20 04 4a af 10 0a 1a 26 8c 50 06 89 24 98 45 04 99 66 85 00 db 12 b0 c4 0e 2b 1a b1 c2 02 7b 81 4b 48 fc 51 1a 8e d0 de 08 44 0c aa b1 36 5d 33 50 10 80 db 5d b5 d4 d6 db b7 b8 fd 16 1c 71 c3 b5 e6 da Data Ascii: (*B8P-DH.tq";jb4hqEa2<-, MCUU@HHY!T="D%I&O+L"IH3lROkTC<qF2"<@G"}!_XtDwh\_y@c B90sjZXqI J&P$Ef+{KHQD6]3P]q
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 95 91 61 4f da 88 19 4e 9c 88 38 f0 e7 5c 9c 96 d8 ff 72 ea 8c b6 a6 82 13 6f 5b 7c 09 1d 4a b4 e8 00 03 11 0d fc b1 63 c7 00 00 03 06 e0 40 6d ca 14 ea 23 00 7f 9e 8a 19 b3 a5 ab 9f af 60 c3 3a ea c5 80 63 0a 17 22 d3 3a 94 48 60 a2 45 81 42 82 92 92 61 56 ad dd 85 24 25 a6 38 29 41 86 29 74 d6 a0 cd f8 a1 cb c9 32 55 0f 46 e0 dc 39 4d b0 05 63 ee fe fc f3 f4 29 41 a6 04 a9 04 29 da cc d9 90 83 b1 bd 28 6c 1a 4d ba 34 8c 36 45 1f 8d 51 d0 b9 35 a2 2e ff 7c 59 2a bd c9 05 e5 d4 b8 73 eb de 9d da d5 01 23 6b 66 8d a8 35 e2 07 0f 08 2c 78 97 22 83 64 d6 2d 63 10 8c b1 e0 05 ae d4 33 5a c4 a3 0d b7 35 62 cd 9a 11 dd 6b 7c ef ee 1d bc f7 f2 e4 c7 af 11 6f 1e 7d 76 12 da a4 c1 9c 81 64 4c 75 52 3f 48 f0 90 34 c6 55 30 5a e0 69 47 42 0d 33 cc 50 ce 7d bf 90 31 Data Ascii: aON8\ro[\|Jc@m#`:c":H`EBaV$%8)A)t2UF9Mc)A)(lM46EQ5.\|Y*s#kf5,x"d-c3Z5bk\|o}vdLuR?H4U0ZiGB3P}1
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 17 4c 61 72 aa 20 a4 43 2a 6a 23 6c a4 cd 5c 0a 4f 06 12 1d 73 0a f8 1b 12 92 19 cc a2 8a 9c 5e 3b cf 25 77 d8 4d 8a d7 7a 61 d8 28 13 7f 39 ad 73 3b 83 43 6e c6 7f 96 0d 8d f1 cc 4c cd b8 d9 97 f5 7f 41 53 75 80 36 16 49 9a 25 ea 37 c2 88 05 cf 12 85 91 54 eb 69 1d 39 42 24 51 8b d5 d5 b5 dc 04 31 c8 09 b6 6c 38 58 bb 40 12 c2 f0 09 15 51 ff 9a 3d 38 d7 c8 d9 b1 11 fa 32 e4 07 73 1c fb 0b 89 13 a7 ff e7 ac b8 45 25 7b ad 0a 51 4d d1 24 7a d1 d4 2d 5f 2f c5 d5 f3 65 92 89 5c c9 3e 76 c9 22 fd 6a 3c 89 b9 ad 50 ac 91 91 5d cb b5 3a 8e 71 95 a7 18 47 b9 84 21 a4 1a 32 4d d9 27 0e 85 d6 91 8d 13 b8 80 c7 bb 80 b7 06 e1 61 70 9a 5d dc 93 21 36 8c 48 81 ac be cd f0 8d 8b 21 29 e2 b5 d1 33 59 0f 8a eb 6e df ed 6b d8 40 d5 7f 10 dd f0 30 0f f2 60 86 c3 db c8 fa Data Ascii: Lar C*j#l\Os^;%wMza(9s;CnLASu6I%7Ti9B$Q1l8X@Q=82sE%{QM$z-_/e\>v"j<P]:qG!2M'ap]!6H!)3Ynk@0`
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 06 60 a0 b3 64 d3 3d c0 48 b3 07 5c a7 33 78 2f 7f c5 c0 c1 ec 21 ac a5 4a 7f c0 bb eb 11 02 3a e7 5a 7a e6 27 84 35 cd 7d 76 00 13 0c a8 18 c4 29 51 d3 9b 8e 10 06 60 8c 11 ee a8 c6 c1 c9 23 21 3c 0c 06 06 81 f1 f4 6b e1 0c c7 99 41 9c 93 c0 48 6c 55 40 dd 11 02 23 06 55 00 e3 ba 18 b7 71 79 91 17 c0 6a 71 fb ec cf fd 1c d0 fc fc cf fd 3c ff d0 1b 27 a5 b2 cc 0a 76 30 c4 5c 6c 09 f9 7b 2e 93 f0 27 40 30 06 cc 14 20 73 b5 03 1f 45 05 26 40 d1 53 bc 05 2a f0 51 66 a9 26 53 68 17 96 8b b9 1b 0c 12 eb 3c 12 80 a6 6f c4 25 ce 74 3c 5c 6c 0c 00 12 0c 19 28 4c c6 ec 9c 19 45 87 d2 36 6d 11 1e a1 ba 94 c6 65 91 70 1d fa ba 1e 1c 16 03 6e 10 21 9f 70 c8 dd 61 bb 1c 6b 20 f3 01 c9 c3 d7 06 64 e0 06 54 4d 00 57 90 49 20 4b 0a aa bc ca a3 e0 07 5c c0 bd 9e 3c ca e8 Data Ascii: `d=H\3x/!J:Zz'5}v)Q`#!<kAHlU@#Uqyjq<'v0\l{.'@0 sE&@S*Qf&Sh<o%t<\l(LE6mepn!pak dTMWI K\<

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	580	OUT	GET /11.gif HTTP/1.1 Host: 5967.5967007.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	476	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 05:12:35 GMT Content-Type: image/gif Content-Length: 18662 Connection: close Set-Cookie: X-SUDUN-WAF-R-C=0001695112; path=/ Last-Modified: Fri, 20 Dec 2024 06:12:50 GMT Vary: Accept-Encoding ETag: "67650ae2-48e6" Expires: Thu, 02 Jan 2025 05:42:35 GMT Cache-Control: max-age=1800 Server: layun.com Access-Control-Allow-Origin: * X-Request-Id: 3b00e0cffe412ec464bcdf643b519696 cache-status: EXPIRED Accept-Ranges: bytes
2025-01-02 05:12:35 UTC	15908	IN	Data Raw: 47 49 46 38 39 61 96 00 96 00 f7 ff 00 fd da 2d ff f0 39 c6 0f 2e ff c6 0f fe e5 32 a8 90 15 bb 06 24 5e fb 54 f6 cc 36 f9 c7 2a ff d1 1a ce 15 35 df 22 45 f4 ba 28 dc 20 42 f5 b7 19 01 55 de e7 4e 6a ff e8 50 e9 a0 33 fa d7 36 ff c1 0a ff d6 22 db 1f 41 c5 0e 2d de 21 44 df 98 2d e6 93 2b ff c5 0e e9 97 33 d2 18 38 e3 89 24 1e 19 03 8d db 5b c5 27 29 d9 70 1e e6 84 34 c8 11 30 ff be 07 ff eb 8e de c5 25 d5 66 1e 02 f9 8f 02 b2 b8 ff f4 cd eb a3 29 ff bd 06 e8 96 1a dd b6 16 d5 30 36 d6 58 2b f3 bb 34 e4 7b 34 ff fe f7 db 74 27 f2 ac 17 ff d9 50 ce 51 1e ff fe 01 89 73 0e e3 6c 3e e4 8d 16 f2 9c ac dc 62 32 d8 1d 3e c9 38 27 d7 2a 38 ee a4 1b d3 19 3a d4 4a 2c ff e8 6f d8 53 31 66 56 09 d5 1a 3b e4 59 3e ff f4 b8 ff d2 1b dd 47 3b fc c3 17 e0 83 1d cf 16 Data Ascii: GIF89a-9.2$^T65"E( BUNjP36"A-!D-+38$[')p40%f)06X+4{4t'PQsl>b2>8'8:J,oS1fV;Y>G;
2025-01-02 05:12:35 UTC	2754	IN	Data Raw: 47 94 1e 18 4a 57 18 12 80 d4 47 d4 14 10 46 a2 e2 8a 91 cc 87 c4 7e e8 85 c1 e2 79 7d d5 b2 e2 14 1a a2 05 02 8b 96 f5 b5 c3 8a 8d c0 b8 13 0a 2c 9a 18 c7 14 2b 32 88 56 01 2c 36 a9 62 2d 3b e9 21 a3 88 0d ca b8 a2 78 44 31 c9 a2 84 b5 ad 48 23 5a 48 38 89 e5 4e 5a 46 c2 e5 5b 48 b2 48 25 51 71 b0 08 ce 9b 70 be b9 83 25 70 ae 19 63 9c 1e fa 33 45 9c 6f 2e f6 96 27 70 0a 49 27 9f 5f 12 85 04 9c d9 a1 05 08 9f e0 9c 89 56 9c d7 44 5a 4b 55 94 22 81 82 9d e3 85 11 69 a4 1b 6e ea 29 a6 82 6c 3a a6 3f 9a 7a 7a 4d a2 1f 6e 8a 69 01 a6 72 5a 5b ab 98 92 ff c9 4a 18 b4 d2 5a e8 4e b5 e6 6a 6a a7 b0 4e 27 6a 5f a5 7a 8a 2a 51 aa 6e d6 ea 35 26 06 8b c9 b2 b1 fa 23 48 ae b6 02 0b 6d 18 28 2c bb 6c 61 ac 58 6b ad 90 48 58 3b aa 25 da 2e 0b 65 5f d6 62 0a 48 b8 98 Data Ascii: GJWGF~y},+2V,6b-;!xD1H#ZH8NZF[HH%Qqp%pc3Eo.'pI'_VDZKU"in)l:?zzMnirZ[JZNjjN'j_z*Qn5&#Hm(,laXkHX;%.e_bH

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	587	OUT	GET /img/1KKky_150x150.gif HTTP/1.1 Host: ig23.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	1093	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 5956 Cache-Control: max-age=2592000 Cf-Cache-Status: HIT Cf-Ray: 8fb83de2ab2b524b-LAX Content-Length: 507238 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:10:16 GMT Etag: "676a971d-7bd66" Expires: Sat, 01 Feb 2025 03:31:00 GMT Last-Modified: Thu, 02 Jan 2025 05:12:30 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zbj81QzA9ArLTxVePLawV07neaJNL6PReufwuFF5WqwzyXWronKb0mPw2xmcSciHHYY8FrqyZiYYmXp01piS3AUKrURs8z5eoj%2BIxkqOM2TMR0l%2BaXdNz9%2BhwS3BhrLGCw%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=6918&min_rtt=732&rtt_var=11551&sent=851&recv=101&lost=0&retrans=0&sent_bytes=1175206&recv_bytes=6653&delivery_rate=316750000&cwnd=633&unsent_bytes=0&cid=b91984593079846f&ts=38194&x=0" Vary: Accept-Encoding X-Cache: HIT, server, memory Connection: close
2025-01-02 05:12:35 UTC	93	IN	Data Raw: 47 49 46 38 39 61 96 00 96 00 f7 00 00 fe f8 aa fa b3 00 d8 4b 0b ff ef 00 da 49 27 ab 93 73 f2 d1 8f 01 cd ff 9d 6c 61 b7 4a 2a 9a e3 f7 d3 90 8c b5 a7 88 02 75 b8 d4 af 8f f3 8e 73 b3 0b 01 21 fe 00 d0 0f 04 d4 6b 4b ef 90 00 5b d2 fd 0f 0f 10 5b 50 17 93 04 00 fa 0f 08 ee 8a Data Ascii: GIF89aKI'slaJ*us!kK[[P
2025-01-02 05:12:35 UTC	2372	IN	Data Raw: 33 b5 22 09 f4 99 8e ff cc 52 69 5c 53 a0 8a 01 f2 67 4d 4c b7 ec f2 44 2b fe f4 97 d9 90 6f ee 71 2c 0c 8f d0 de 66 01 31 b6 f3 ef aa 73 cf b3 00 d9 6b 2b da 76 63 da 8b 52 47 2f 1a fe 99 3d d2 33 22 f4 77 61 db ce 96 d3 54 3f f5 33 23 10 87 b8 95 e5 66 da ae 6c d2 b2 ae cd f1 fa b2 31 22 52 f9 1a d4 d7 d4 d6 cc b2 e8 77 00 f3 cf 75 24 97 d3 a8 f8 95 f2 55 3c 2d 28 25 ff f1 4a ff f2 27 56 8d af 28 aa e0 2c 25 11 fe db 2f ff f1 6f bd 77 7e 18 52 10 f2 b6 d4 11 11 22 8b bc ce 12 50 65 78 f7 53 1d ae 02 0b b0 ee da ff d3 ee 4b 0f 64 db 9f 07 ad db d9 8d 00 a3 ee 03 26 10 10 95 22 10 c9 fb b4 ff dd f0 da 94 b0 d4 b3 4b dd cc 00 1e 35 42 97 2c 26 d6 da 29 c4 dd e8 f2 97 b4 c4 c5 76 57 a2 0d 49 3a 3f 0e 22 2a 0e 28 0f 23 11 22 d3 b3 2c 7f 82 66 d7 ee 00 d6 f7 Data Ascii: 3"Ri\SgMLD+oq,f1sk+vcRG/=3"waT?3#fl1"Rwu$U<-(%J'V(,%/ow~R"PexSKd&"K5B,&)vWI:?"*(#",f
2025-01-02 05:12:35 UTC	538	IN	Data Raw: c2 f8 a6 6d 90 9e d2 29 a0 0b 7a ff 6a 25 8f 97 2a a4 12 26 5e 06 1a 68 81 9b 30 e2 20 a1 30 06 cb a8 a9 a9 0a db 66 b1 b6 2d e1 88 ac bb ee 7a 65 96 b5 0a c4 67 97 9c 8a e9 ea b5 65 9e 69 ec b6 c7 a2 ea 6d aa 88 36 8a c6 12 0e 30 7b 6d b3 a7 3c 1b ed 1d 4d 6c c2 2b 95 8b 58 bb 2b 02 1e 34 0a 2e b7 f7 be 17 ee b7 f7 de ab e4 9b 8f c6 0b ab c0 05 56 59 c6 26 96 fa 58 4b bb d5 0e bc 88 83 2c 7e 4b ec a8 32 92 9a af b6 68 2a 9a aa c6 68 ae ea 41 ab e8 ee fa 4b 13 36 01 97 a9 9f 61 a6 6c 49 bc bf 76 3b 71 bf 17 e3 6b a8 bf f6 9e 39 6e ac 2a df 69 25 c9 1f a6 c5 d7 2f 5e e6 6c 09 af 8e 38 a7 2f cd fd 4a bc af 16 19 53 4c 73 c6 1b 5f 3c 2e c8 43 d7 19 e4 c1 1e aa 45 19 d0 55 de 78 8a d7 f1 d2 5b 6a c5 e1 22 a1 b4 d3 65 17 fb f4 a9 31 7b fb e8 b2 5e c7 7d 30 ad Data Ascii: m)zj%&^h0 0f-zegeim60{m<Ml+X+4.VY&XK,~K2hhAK6alIv;qk9n*i%/^l8/JSLs_<.CEUx[j"e1{^}0
2025-01-02 05:12:35 UTC	4744	IN	Data Raw: f8 95 21 4b 99 12 8f 0c 9b 58 42 cb 2c cf 84 36 74 01 84 e2 33 2c c1 f9 d0 82 f8 bb e0 17 f7 37 ba 26 7d 70 88 df 0b 61 f8 94 05 3f 1a 5a 31 7e 2b e4 11 d0 16 60 c2 3a ae 06 8b 76 b4 0c bd 5c 70 01 17 68 71 08 9d 4b da f5 c8 98 43 2f 16 32 58 3d ec a0 06 35 06 c0 10 a6 31 59 55 cc 23 1e 25 f9 46 2b 56 f2 79 2d 41 83 1f 35 a9 c9 3f 02 d2 7e a9 ca 9f 28 43 c9 41 20 0a 12 7b 87 24 a4 f7 6a c6 ca 00 0a f0 6d 77 a4 a3 2c 2d a9 1c 3c 6a c6 96 7b 1c 02 1f d1 70 01 5e d2 c7 8f 9f 0c a2 f6 38 27 4c 52 1a 33 70 c7 5c e4 30 d7 86 a4 33 ba f2 51 58 bc 65 2d 35 43 cd 59 9a 70 36 45 dc 64 2f 7b e9 c7 6e 06 f2 90 a8 5c 26 06 8b 09 c6 70 8e f2 82 8d 2c 62 1a 0b 95 06 35 de a6 8e b7 ac 66 34 35 d3 12 e9 58 40 8d bb dc 26 1a 38 09 ff 48 2e 96 32 91 8a ec 5e fd 90 69 ce de Data Ascii: !KXB,6t3,7&}pa?Z1~+`:v\phqKC/2X=51YU#%F+Vy-A5?~(CA {$jmw,-<j{p^8'LR3p\03QXe-5CYp6Ed/{n\&p,b5f45X@&8H.2^i
2025-01-02 05:12:35 UTC	5930	IN	Data Raw: 31 c3 ee f8 a3 cf a7 0f 71 14 31 38 18 61 94 d1 8b f3 52 5c f1 c8 e3 46 23 b1 00 08 83 2c f1 b9 1d 41 44 8b 31 1b a3 e4 e9 a6 9f 68 f2 e0 b2 25 1d ec b2 00 22 d1 43 72 4c a5 56 69 42 41 12 bf 24 71 a8 02 3c b0 aa 31 f9 a8 94 b3 4a 0f e7 4c ec bf 05 4d 54 b3 80 25 7a 69 82 4c 40 41 bb 23 17 05 1b 64 73 81 25 4c 84 ff 71 89 c1 5c 43 0c cb c3 a4 44 69 d2 9b 80 4a 03 0d a1 1e e4 f3 c1 44 11 85 70 89 25 9a c8 25 50 52 05 4d 30 d1 43 51 55 f4 41 04 a0 ac f3 d5 1c a5 ac 2d cb 47 4b fa d1 d0 3d 41 0d b3 54 5e 43 ab 25 17 4f 4d 54 b5 53 54 5d bd 90 4a 4b 39 a4 14 ab 95 b6 4c 95 c9 61 37 f5 22 97 02 7b b5 36 b4 26 bc 00 95 cf 4d b9 8d d6 cd 64 b7 db af 3a 58 f7 c3 33 51 6f bb 25 96 b3 51 af 75 b7 38 42 b7 4d 97 53 75 1b 3d f6 43 fb 5e ba ca 05 a1 a2 ed 94 db 4d 8f Data Ascii: 1q18aR\F#,AD1h%"CrLViBA$q<1JLMT%ziL@A#ds%Lq\CDiJDp%%PRM0CQUA-GK=AT^C%OMTST]JK9La7"{6&Md:X3Qo%Qu8BMSu=C^M
2025-01-02 05:12:35 UTC	7116	IN	Data Raw: 10 7b 02 d0 02 e1 d1 02 d7 a8 07 ed ff 85 fc 42 20 04 c0 df 92 89 a8 fb ba 0f e8 84 2f 0b 31 a4 f8 89 af f5 8c 9f b1 61 4f f5 64 66 96 c1 e6 32 16 6f 09 43 5a 0c 04 50 54 76 b3 ee 88 0e 10 90 1e b9 12 01 c1 85 0b 08 87 62 3c 82 24 28 d0 c3 87 86 30 2d 02 41 20 c1 85 04 55 40 2c c2 64 08 62 c4 44 9b 62 10 ca e3 c2 82 93 93 29 d7 a8 64 89 72 e5 c9 36 94 44 4d 0a 04 69 d1 4d 9c 02 33 e1 bc a9 ca d0 4c 51 69 5a 6a 51 33 d4 65 4a 84 1b fc 70 b8 f3 20 c6 d3 18 0f 6a 11 38 b4 48 10 aa 53 31 40 08 e1 2a 04 44 8c 53 57 39 28 92 f0 c0 e3 a6 07 5b 8d 75 8d c1 a1 e1 25 18 10 66 90 12 94 88 43 8c b5 6c 1f 74 84 14 a3 51 31 a3 2d 8b 1e 85 09 60 66 dd 48 3c 23 e9 54 dc 51 d6 24 19 5a 52 0e 0e 2c 59 a5 a2 bd 1e 63 64 e0 cc 19 8f 29 0e a4 20 81 c0 d3 d9 b4 e9 18 3a 05 3d Data Ascii: {B /1aOdf2oCZPTvb<$(0-A U@,dbDb)dr6DMiM3LQiZjQ3eJp j8HS1@*DSW9([u%fCltQ1-`fH<#TQ$ZR,Ycd) :=
2025-01-02 05:12:35 UTC	8302	IN	Data Raw: 26 13 75 3a d3 b4 51 5d 1c 4d 9d 70 c6 6c ac 07 0f 00 a8 55 fa 45 10 e1 b1 06 f1 70 33 d1 85 ce 08 86 0c 41 c2 15 4a 61 e9 7b b8 c0 59 6b fa f2 c7 31 33 03 c6 b4 71 27 33 4d c9 ff a4 c5 2b c5 c6 df ab b5 33 d3 c6 af 74 09 0c 60 a2 46 7c 97 1c ec 85 29 a8 c9 b7 57 1a 25 ec 9c 63 65 b8 85 cc c6 8d 6b 6e a2 8c 33 9c 74 51 8a fb 4a 02 d0 33 13 2c 49 2f a5 07 a2 8c 7f 6c 55 cb 51 d4 4d 0b 7a a1 cc 18 7b 94 08 71 3f 69 9b bf f1 c9 5f d4 03 dc d4 20 86 60 5a 4e e2 ca 68 ab 4d 0c 72 b5 ad a5 49 05 f3 4a 9a b8 ca 34 cc 4c 69 0c 21 15 eb b0 f0 8a 09 2c 10 57 18 bc 9e 23 88 c9 07 b1 97 9a ec 5b 5f c8 a8 a3 80 bf e2 e9 01 3d 60 5a aa 7c 40 44 c5 6a 0b d2 cd 67 0b 2c 25 a5 cc 8c c7 5a 2d ec 20 1c b0 01 2e bc c2 0e d2 cd 04 f0 cd a1 f4 45 24 48 c7 7d f7 62 d0 fb 66 4f Data Ascii: &u:Q]MplUEp3AJa{Yk13q'3M+3t`F\|)W%cekn3tQJ3,I/lUQMz{q?i_ `ZNhMrIJ4Li!,W#[_=`Z\|@Djg,%Z- .E$H}bfO
2025-01-02 05:12:35 UTC	3673	IN	Data Raw: d1 89 7d 36 e3 6c da 06 64 91 86 51 db 88 3d d0 4d 9d 4e 01 33 30 ad da 2f bc ff ad 1a 58 13 20 b6 70 97 c5 0d bd c2 2d a6 a5 cb 38 d7 e3 da 5f ed 8a b7 45 23 2d 30 d7 6c 03 08 fe 1c d9 d9 03 d2 57 73 17 d7 1c 12 8c 40 4d 75 34 15 fb 4c 19 eb f4 4c 66 51 47 ea 96 16 e4 9d de 67 4b dc a3 0a bd 22 12 3f d4 dd 89 b1 ed 47 ec 4d 19 0b 14 e1 be 5c 47 38 88 10 fd 7d 49 39 e5 dc cd 44 e0 d9 23 01 90 1d d2 53 51 4e e5 24 01 9e 5d b6 e6 9d 11 a1 80 de 66 7b 07 02 26 46 11 31 1e 1a 35 15 10 50 df 26 41 4b 48 4d 27 70 42 d8 ab 2c e2 33 10 12 79 22 01 ce 23 37 17 0d e2 78 82 e4 4c 7e 09 48 2e 1a e6 85 5e a2 db ae 2d 8e 11 f8 db e0 cb 33 15 3d 6e 0a 2c 40 00 4b 46 00 d2 b7 54 1b 5e d6 75 74 d6 f3 9d 3d 1b d0 e3 78 b2 40 66 9e da 62 bc 41 70 c8 ae f5 6b ba 1d 3a bd a5 Data Ascii: }6ldQ=MN30/X p-8_E#-0lWs@Mu4LLfQGgK"?GM\G8}I9D#SQN$]f{&F15P&AKHM'pB,3y"#7xL~H.^-3=n,@KFT^ut=x@fbApk:
2025-01-02 05:12:35 UTC	10674	IN	Data Raw: 47 51 54 c9 a2 50 c5 b5 3a 43 9e ec 41 4b ec c6 4b 04 bd 5d 2c 49 a5 04 be 20 8b 0b 88 18 13 bc 58 02 0c 60 49 51 70 c9 e0 d2 49 3d 43 ca a4 9c b1 ee fa be 45 3c bb 28 fc 38 08 30 3a f0 6b ca af 0c 36 7e d4 8d 24 54 09 ac 64 c9 3d 0c be 70 63 4a 20 db c5 57 74 2c 09 9b 01 18 b1 bb 8a 3c bb dd 92 30 d4 80 80 1b d3 cb b6 fc bc 89 83 80 14 c0 18 c7 58 80 bc 98 4b a3 bc cb 9b 6c 39 df 5a 4b 85 b4 2d f8 4a 00 70 64 81 b1 ac b4 c7 5a 4b 45 80 2f ea 1b 01 f7 40 3f dc b3 4b f3 eb ae 50 e9 47 ac 98 3a a2 e4 cc 49 d0 40 ae ac 4d db 5c 32 b1 00 af 0c 83 30 5b bb 40 ac 01 c7 d1 79 0b ff 09 90 32 bc a4 ad 0b dc 80 d6 04 47 21 ec 2e e4 a2 4d c1 34 ad d8 7a 40 5b 8c 99 2f 71 00 d9 90 4c 03 88 2f ed dc 4e 08 80 01 03 98 14 1b 49 af e1 1c 4f d9 ba c0 3b c4 8f b7 01 80 1b Data Ascii: GQTP:CAKK],I X`IQpI=CE<(80:k6~$Td=pcJ Wt,<0XKl9ZK-JpdZKE/@?KPG:I@M\20[@y2G!.M4z@[/qL/NIO;
2025-01-02 05:12:35 UTC	11860	IN	Data Raw: 1b 78 66 d6 02 30 4f 1d ba 71 7b 9d 10 c0 0a 08 c0 01 46 a4 00 43 19 4d 40 0a 5c b3 02 08 7a f4 68 d8 ec 09 23 48 b0 02 3e 4e e0 97 19 6c 01 23 66 da 02 7b ce 80 13 03 34 84 08 37 30 4d 49 2a 33 9a d6 54 68 d6 5a ba 87 64 6a f1 04 79 98 a1 0a 80 59 d4 13 58 ac 70 1b f0 a3 24 bc e9 ce 0c 26 60 05 27 e8 44 0b 33 e8 87 15 08 60 92 1a 3d 41 02 f8 78 55 b1 ce 13 98 b7 63 25 4a 09 70 82 0b 55 74 61 94 a8 e2 54 09 e0 4e 30 ea 40 8b 7e 08 24 fc 48 e5 ce 48 ba 8b a2 49 75 e8 fd 92 f9 cf 93 f1 41 13 93 4c 66 29 24 d1 11 4e b4 00 02 79 e0 ea 06 26 4b d9 ca 5a b6 13 94 c5 ac 66 2d 0b 59 cb 4e 36 af 93 35 e7 91 7e 29 54 e5 f1 d4 b0 ee 3a 6b 69 87 89 05 2d 46 0d 94 81 b5 d7 9d 06 17 32 0a ff 54 f4 a5 8c 25 20 27 36 57 55 7b 42 56 02 bf 0d ae 70 83 eb 59 60 ee 92 b3 93 Data Ascii: xf0Oq{FCM@\zh#H>Nl#f{470MI*3ThZdjyYXp$&`'D3`=AxUc%JpUtaTN0@~$HHIuALf)$Ny&KZf-YN65~)T:ki-F2T% '6WU{BVpY`

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	631	OUT	GET /media/dd9a87_34be67cd0dc34bedbba06a4a787cba19~mv2.gif HTTP/1.1 Host: static.wixstatic.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	765	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 148349 Connection: close Server: openresty/1.27.1.1 Date: Tue, 31 Dec 2024 15:24:45 GMT Expires: Tue, 31 Dec 2024 16:24:45 GMT Cache-Control: public, max-age=15552000, immutable Last-Modified: Wed, 13 Nov 2024 08:10:42 GMT ETag: "6543c524ce4220d5af9217f0adb44911" Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Timing-Allow-Origin: * X-Seen-By: gcp.us-central-1.media-router-9fdb4b487-2wl4v Via: 1.1 google, 1.1 3095e870e1a1a1b03178e40ab1872de4.cloudfront.net (CloudFront) X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA6-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: yajdQNWwqmeoU15-zbUdbUaISdnON5_UkXV_3i7KkjEq8Jf90QovuQ== Age: 136070
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 f7 ff 00 b8 ab a4 ce ec ef f7 d2 d8 5d 25 d6 70 5b 61 b4 a6 9d 49 4a e6 d5 c8 bb 6f 63 5c 8c 83 79 f7 ba c8 97 78 74 9c 93 89 8e 59 66 57 52 59 aa c6 c7 30 35 4b 7b 72 6b df 18 29 14 12 20 a7 79 81 0d 09 18 d9 d7 f8 78 56 5c 2f 66 f6 b9 d7 d9 47 3a 44 ae a3 99 59 59 64 e9 54 6c 76 86 88 e8 10 4c 77 75 76 48 43 49 95 66 6b 6f 77 84 84 99 99 ca bc b4 95 a8 a8 85 7b 73 a2 ba ba 55 45 49 a7 8b 83 f5 ae ba c5 b5 ad 9a 68 73 a3 6e 7a b7 c5 fb b8 b6 f3 a4 9a 93 73 6a 63 94 8b 83 6b 63 62 fb f8 fb ed 70 87 68 75 78 53 4c 53 9c b5 b6 94 74 6d 87 85 87 ad 9c 92 30 41 62 b9 9a 94 4a 48 52 be b0 a8 a3 88 7a de d4 c6 63 5b 5c 74 6c 6a 28 26 34 c5 ad a4 8b 71 e2 83 75 6b 69 49 52 d9 cc c3 8c a4 a5 a4 95 8a 91 85 7c d0 c3 b6 83 89 ef 62 43 Data Ascii: GIF89a]%p[aIJoc\yxtYfWRY05K{rk) yxV\/fG:DYYdTlvLwuvHCIfkow{sUEIhsnzsjckcbphuxSLStm0AbJHRzc[\tlj(&4qukiIR\|bC
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 41 14 bc 5d dd 45 c1 ae 5e 9c 23 88 42 c5 8a 42 dc 0e a3 dd 36 eb 6f 7a 2c b1 ca 82 30 c8 82 df ce 40 32 dc 69 9c 6e 24 b1 3e 2b b1 e2 5c 30 04 2b ce 6d 64 28 cd 80 de 7d ec 46 26 9b 87 26 e7 af b9 43 29 b8 28 98 7a 40 3d ac 68 6c 59 cf 29 e9 ff 56 cf 0a 5b e8 ca 41 2b 04 ed d0 56 42 2b 0c ed e2 98 63 bd 5e 00 29 60 aa 1d 60 4a ec 5a 6d 93 e2 86 fe f0 2b 92 72 13 b4 a4 aa 3e 42 66 1f bc 47 8c ad a2 91 ec ca ac be 26 56 a1 12 c7 c5 d6 32 d6 61 1c d6 ad 23 b8 81 71 f6 e6 30 6e 41 c7 a6 e9 16 78 ac 2c 68 01 36 c8 02 36 30 80 df 7a 2f b3 0a ee 9a 8a 82 54 d9 42 f9 9a af f9 fe a6 b1 de a9 2c e8 5d 9a 7a 28 cb 72 68 b2 95 60 33 82 a9 e5 c2 96 f5 ed 00 f3 81 27 98 12 82 da fe af b7 f5 6c 00 87 2e 17 b4 81 4f 7e c1 20 bc 97 50 5e 40 3c 28 ad 1d d8 81 1a 30 c2 05 Data Ascii: A]E^#BB6oz,0@2in$>+\0+md(}F&&C)(z@=hlY)V[A+VB+c^)``JZm+r>BfG&V2a#q0nAx,h660z/TB,]z(rh`3'l.O~ P^@<(0
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 53 6e 35 67 ee cb 6a 1b 57 58 93 8a e7 95 13 12 d2 90 cb db 8e ad ab cd 72 65 7b 52 b3 fe cd b9 cd 09 d0 df 31 44 de bf 27 8b 2d 0d 92 71 05 68 64 5b dc a0 dc c3 9e a1 21 68 76 18 7d 16 d0 18 81 ba 57 93 33 c7 31 1a 0c 80 78 00 35 c6 51 f5 48 97 35 03 dd 08 07 ed f1 ad 1b 11 59 c0 ac 8a 3a ca 12 e4 ff 94 85 66 08 e3 1d ef 40 7b cb 84 81 57 61 cc f5 80 be 25 66 08 5c 04 97 ba db dd b3 3e e2 d7 8f 8e c1 77 86 8c 87 78 c7 3c e1 99 4a 3e 32 31 87 2a e5 e5 14 30 7f 17 df df 21 44 be cc 7f 90 bc fa db 3f 86 38 c0 3f 0e 2e 77 80 1e 22 e1 d4 3d c0 16 94 35 8c 43 d1 f9 ac 87 a5 63 38 37 b1 b0 51 3a 1f 33 40 bd 3c 91 19 15 a3 86 1c b0 8d aa 33 ab 49 93 bd 54 b0 3d 0f d1 0d e5 d2 8d 79 2b 1a 33 68 8a dd 9a 05 08 31 8d 62 50 04 45 30 01 45 00 29 45 63 99 94 18 8d 91 Data Ascii: Sn5gjWXre{R1D'-qhd[!hv}W31x5QH5Y:f@{Wa%f\>wx<J>21*0!D?8?.w"=5Cc87Q:3@<3IT=y+3h1bPE0E)Ec
2025-01-02 05:12:35 UTC	15019	IN	Data Raw: 20 4a db 1b 0e 89 12 48 1c 12 df 80 04 00 5a 8c ee 9f a6 1b d5 3e 80 ba c8 f5 de 77 ef 9e eb e4 82 ef be cb d5 db 9e 23 27 f4 bd 45 4e 84 e2 83 ed 82 67 9f a2 01 a7 38 85 b3 2d 2f 82 cc 73 41 da f8 d0 01 3e 3c ff 79 a5 a7 39 10 df 36 f7 8c a1 ae 6e 74 b6 7a 55 57 71 64 70 00 4e c0 13 f6 26 04 0a 10 ff 2b bc f5 75 b7 87 7b 7d 36 76 09 f8 13 04 87 80 0f 86 2b c2 77 09 c5 b7 76 c6 77 09 8e 96 7c 12 97 0d cb c7 69 46 70 58 ea 06 80 a6 66 6a 78 97 77 a8 76 0b 35 c6 63 2f 88 2e e7 82 2e 82 a7 5e 42 32 18 ea e5 6b 0d a0 78 32 e7 83 89 a0 3d e7 17 6c 46 b6 7e 22 d0 6c 40 d7 02 d5 56 6d 0b 50 6d f5 e7 84 fc c7 7f 6a e6 6d 6e 66 0a 94 20 72 51 67 60 ac 67 04 12 07 7b 0a 30 40 b3 07 4e 15 d2 67 71 e5 67 19 e6 13 76 55 6f 0b 43 31 18 88 2b 0a 50 7c 68 92 26 4e b0 70 Data Ascii: JHZ>w#'ENg8-/sA><y96ntzUWqdpN&+u{}6v+wvw\|iFpXfjxwv5c/..^B2kx2=lF~"l@VmPmjmnf rQg`g{0@NgqgvUoC1+P\|h&Np
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: c3 1e e7 33 06 1b f2 49 e8 9e d9 41 d2 64 06 42 04 0a 0e 3c c2 c6 a1 0e 83 64 e4 4f 7c 81 6b aa da c6 54 1f 4f d4 c6 48 f0 08 cd 69 eb 0e fa e7 4f f9 94 93 ad 1e cd 46 81 36 65 a2 7c 4a e6 e7 99 6b 8f d9 02 ba ae ab bb ba eb 0e a0 ab bb fe 2c d4 49 ea cf 16 ed a5 b2 27 4f 6a 01 4f 6e 2a 7a 26 40 65 11 d9 94 7e 1a 13 66 5a db 2c 4c c3 1e 0f 20 39 ec c2 54 02 12 78 ad d7 e2 6a 2d 90 ec 17 8c 0b 9a 6a c6 05 20 80 1d d8 01 23 5c c0 f3 a9 a5 5a b2 e1 85 3d 42 66 e0 19 26 40 e5 6a 22 81 c5 b0 a2 03 22 40 d6 65 0c 4f 5c 17 a0 de 40 4b 61 2b 02 76 eb a7 51 e2 d0 11 25 93 2e 80 23 30 69 a6 06 a9 93 6e 81 cf ee 28 e6 66 2e ba 06 03 ba c6 eb bb 86 ff ea d3 71 ee cf fa ac 90 66 2e 4f f6 98 63 ae a3 36 b1 2a 39 d9 67 62 89 6b eb 92 5a 63 b5 42 25 38 99 1c d4 ae c3 72 Data Ascii: 3IAdB<dO\|kTOHiOF6e\|Jk,I'OjOnz&@e~fZ,L 9Txj-j #\Z=Bf&@j""@eO\@Ka+vQ%.#0in(f.qf.Oc69gbkZcB%8r
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: 99 17 14 f6 d1 0f 98 17 03 a8 00 35 dd a0 6c 14 52 00 ba d5 5b bb d7 7b 25 13 22 15 75 1d de 95 68 d9 b5 46 dd 55 3c b9 73 21 15 60 3c 73 01 3d 39 f5 5c c5 13 22 3d d2 23 df 80 08 ad 96 0f b4 d6 22 bf 8d 5e 1b 16 56 5f 77 00 ae 34 66 a9 f4 3e e9 81 58 f9 f1 09 2e 56 80 f7 11 06 80 55 77 f7 f1 4b 91 55 64 c5 74 59 cb b4 4c eb 96 7a 33 18 5a 31 20 22 a9 80 7a 93 b6 70 69 2d 73 11 c1 7b b9 d7 7b fd 14 7c ff f7 51 00 1c f5 3a 87 a1 46 85 56 5d 5d d4 06 1a d7 3a 5d 14 48 7f b4 68 65 b8 3c 1b d7 09 04 96 74 4f 97 0c 74 ee 14 4b ca 41 01 78 00 fc a1 81 03 f8 35 73 b5 3f 8f e0 1b fa d6 1f 7a 95 56 17 12 14 ba 74 81 e9 56 6e 13 58 59 93 15 4d bb 18 83 cd 94 7a a9 60 83 37 98 0a fc 80 1f f9 e1 18 5b 41 21 fd 01 0d 4e d8 8d 51 78 21 57 a0 51 2f 97 8e 2d 17 52 c1 77 Data Ascii: 5lR[{%"uhFU<s!`<s=9\"=#"^V_w4f>X.VUwKUdtYLz3Z1 "zpi-s{{\|Q:FV]]:]Hhe<tOtKAx5s?zVtVnXYMz`7[A!NQx!WQ/-Rw
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: 47 0d 22 37 49 70 01 8e e2 42 97 b2 7d f7 97 7f 90 15 1f f3 11 0b 45 50 1a d7 a7 01 45 65 82 8f c4 1f dd 34 1a 81 85 03 57 80 0c 1c e0 18 10 70 12 27 a1 34 1c 00 86 12 86 81 42 91 02 cb a7 1d d9 e1 4a 2b c7 31 79 24 82 a4 51 30 38 94 82 2c 38 87 2c 48 2f 31 44 1f db 80 03 53 60 09 38 50 63 05 52 51 bb 70 59 fa c6 3c 38 b0 2b 41 a1 2d 6c 30 66 2e b4 88 47 78 7f 34 ff c5 10 fc 81 53 91 11 12 05 52 20 3f 50 0e 30 60 49 05 92 79 34 21 12 02 28 0d da b0 09 49 d2 24 77 c6 01 38 e0 12 43 90 1f a6 68 6d d7 f6 37 8f d0 5a db d1 6d 7c 87 14 b1 c8 32 41 51 82 31 65 87 9f 42 87 74 b8 0d 2a e8 8b 1e d6 17 4d 08 65 9e 98 79 14 15 02 bb d0 41 11 60 47 96 f0 07 f0 17 78 f3 67 2e 2c 65 84 b2 b6 7d 58 37 48 95 52 04 3f a0 2f c5 16 20 9b 18 0b 23 f0 0b 1c 50 1a 0e 10 80 3d Data Ascii: G"7IpB}EPEe4Wp'4BJ+1y$Q08,8,H/1DS`8PcRQpY<8+A-l0f.Gx4SR ?P0`Iy4!(I$w8Chm7Zm\|2AQ1eBt*MeyA`Gxg.,e}X7HR?/ #P=
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: 4c fc b5 e1 f2 c4 4f 1c 36 91 30 39 20 dc 0e 4f 49 81 f4 00 28 3f 83 85 47 58 ab c6 fb 03 2a d4 c2 32 d8 05 4b 28 03 5a a0 81 ff 5d d8 83 cc 13 3a 72 7b 45 04 70 45 2a 24 b7 2a 74 c5 65 03 49 57 14 ba fd d3 bf c1 d8 83 21 68 86 89 a2 ab ae f8 03 78 0b 8c 63 b9 31 c4 80 43 ac fb 37 79 b8 03 57 f0 85 6d 7c 86 67 08 87 a0 7c 86 00 20 ca 6f fc 43 66 f0 85 6a a2 16 6a 4a 3e 12 a8 3a 66 c9 34 01 d9 16 33 88 b5 a7 8c af 59 70 49 7b 00 96 06 29 89 76 c8 8d b1 e2 47 2b c8 c4 ab 19 ae e1 42 ad 99 80 1a b5 b9 1e 0e fb b0 55 41 2b b4 f2 b6 50 da 42 02 10 ba 5d 28 83 32 d8 03 5a b0 84 5d d8 42 5d 74 c5 71 43 80 71 23 b7 8f 34 b4 5d 19 03 4b b8 c8 2d ec b9 93 14 3d 8a 82 06 3d 80 06 68 98 02 76 60 8f 89 8a b7 07 8b 83 63 c1 ab 2e 61 16 4f e0 2e ac 53 47 c6 72 05 6c 24 Data Ascii: LO609 OI(?GX2K(Z]:r{EpE$*teIW!hxc1C7yWm\|g\| oCfjjJ>:f43YpI{)vG+BUA+PB](2Z]B]tqCq#4]K-==hv`c.aO.SGrl$
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: 21 34 81 3d 22 c7 8c b5 53 da bd 44 3b 15 97 18 80 c0 33 3a 0a f2 61 dd ed a1 62 e8 bc c5 ba cd 59 14 c0 52 fb ad df fa 45 d9 14 3a c2 02 f4 94 38 d4 9f 5b f1 87 34 2c 1a 32 ee 83 c7 08 63 24 b0 04 d7 2d 02 62 2a 02 03 0c c9 09 28 60 10 6d db af bc 11 93 d8 62 ae 19 c2 d2 e1 61 1f 00 1a 1f 6d e6 06 96 98 3b 14 c9 7f 06 68 f4 6d e2 f4 39 82 23 92 20 42 42 9f 3b 4a a2 52 ee 8b 28 b0 53 55 b2 93 0e f2 a3 54 5e 9f 52 ce 44 13 38 c2 6b d6 df 7f d2 98 0d 92 15 d7 a9 d5 4b 60 1d ad 40 a2 39 9e e8 0a f1 85 06 76 db 9c 39 07 e1 d1 41 17 b0 1f 4f 62 67 03 2e 40 62 88 82 34 4c 42 35 2d 83 34 4c e2 0e 44 82 17 ca c2 3e ac c4 2f 9e e7 3e 08 23 b6 f9 53 10 45 ff 47 2d 04 85 4d ba 81 d2 41 59 13 e2 67 53 89 e3 53 e5 96 51 12 65 db 05 68 52 ba c4 ad 1c c9 4c a8 55 d3 3c Data Ascii: !4="SD;3:abYRE:8[4,2c$-b*(`mbam;hm9# BB;JR(SUT^RD8kK`@9v9AObg.@b4LB5-4LD>/>#SEG-MAYgSSQehRLU<
2025-01-02 05:12:35 UTC	5712	IN	Data Raw: e7 f4 0d f6 94 30 d1 4a f6 1a d0 07 12 91 74 62 14 06 0b f5 05 03 6f a7 72 8e 47 27 c4 11 64 68 01 1c e1 32 83 b4 53 76 62 29 3a a9 88 82 e3 45 76 c2 34 8b 28 11 9a 54 48 a0 f4 29 6e 05 13 ac 50 40 c1 e2 7d b0 63 3d 4c e2 23 54 a3 4b c5 a8 97 1a b4 2c ed 6e eb 74 8d 0f 22 94 1c 78 91 1c c8 c1 cd a8 86 17 a6 b3 f9 ea 94 24 e5 72 4e e1 74 19 59 e0 17 86 95 4e a5 a6 4d f9 80 4e df 00 24 f7 f4 0d 8c a0 4f 65 8f 0c ff 61 12 1b 4b 6c fb 78 c0 a5 68 d4 46 33 c1 06 81 ca 48 ea c6 11 c2 d5 d1 5c 60 3d 27 95 88 78 c2 05 5a 61 01 c4 21 53 dd d5 fe e2 b3 e8 be e0 70 06 61 f3 84 04 13 a4 54 5f ad 10 3c b6 02 65 64 c6 11 66 23 24 9a 87 4b 69 91 37 0f ce 55 13 2e 02 d1 92 0c 78 11 4d a7 53 1a 8b f1 44 49 32 58 29 16 4f 85 15 24 8f 15 59 e5 34 22 21 c1 63 21 e1 21 59 80 Data Ascii: 0JtborG'dh2Svb):Ev4(TH)nP@}c=L#TK,nt"x$rNtYNMN$OeaKlxhF3H\`='xZa!SpaT_<edf#$Ki7U.xMSDI2X)O$Y4"!c!!Y

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	631	OUT	GET /media/dd9a87_b1d6c5504d164c40835d918239dcd10e~mv2.gif HTTP/1.1 Host: static.wixstatic.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	764	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 975329 Connection: close Server: openresty/1.27.1.1 Date: Wed, 01 Jan 2025 06:59:53 GMT Expires: Wed, 01 Jan 2025 07:59:53 GMT Cache-Control: public, max-age=15552000, immutable Last-Modified: Wed, 13 Nov 2024 13:00:11 GMT ETag: "c935ad6dde4cf98f305eaf0d69f195cc" Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Timing-Allow-Origin: * X-Seen-By: gcp.us-central-1.media-router-9fdb4b487-hm64q Via: 1.1 google, 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront) X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA6-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: JynjEA68Sw8oPfOAo3dxVsTX7Eb5L_3l8iN2jiM2yRlGq6Twj1VYBA== Age: 79962
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 14 05 c8 00 f7 ff 00 ce 99 8c 67 44 32 d4 95 73 ff 50 03 df 5f ab b5 aa 97 75 6f 68 1a ae 72 91 66 50 f1 b9 b0 2b 26 27 f6 ee db f8 dd f7 a3 0e ab 61 92 b1 b8 cc d4 aa 00 dd 72 54 46 23 bb 88 62 af d5 b4 bb ce 92 b6 ce 06 05 05 4c 32 2b d0 b7 da 4f 48 47 ae 77 6a b0 70 4c 9c 71 94 8c 50 2e ff 87 16 8f 88 75 93 1c 1a d5 11 f1 b3 ce ef ef 67 64 59 76 90 dc ee f1 26 0f 0b ff 1d 0b d8 b2 ef b2 62 e5 8b 54 49 f5 b2 d6 20 58 98 f7 b0 f7 98 99 ac ee 22 ff c5 18 9a fe 99 ff 90 d8 f9 25 2c 4f 8f aa b7 aa 99 ab 6d 11 11 71 11 cd 6b 66 5b 2b 48 68 f8 70 c9 22 96 c8 6d cc f2 2c 22 11 4e 2d 46 ef aa 75 45 23 16 a8 dd c6 dd aa 77 f3 72 fc fd 54 d9 cc 87 5d f5 cc 98 4f 09 0b 6d 31 29 25 0f 26 b7 b1 ea f6 8f d8 d4 94 d7 91 28 52 d4 93 ad 0d 23 27 10 11 Data Ascii: GIF89agD2sP_uohrfP+&'arTF#bL2+OHGwjpLqP.ugdYv&bTI X"%,Omqkf[+Hhp"m,"N-FuE#wrT]Om1)%&(R#'
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: a2 c5 54 0c cd 14 e3 c4 88 98 40 5c 86 df a5 85 00 fc 51 5b a8 40 07 f0 09 88 61 4c 07 e4 ac 09 e0 41 cb d6 c8 13 f0 81 ec b4 ac 1c 18 c0 35 32 e3 8f f9 0c 91 fd 8c d3 1e cd 33 96 8b b9 2c 0d d1 2c 4d 34 12 0d 01 50 81 01 b0 23 0e 7c 80 80 04 00 ef f8 41 29 48 17 98 d4 40 fa cc 82 ac d8 63 02 9d 19 59 79 5b db 98 cd 0c 90 1b 89 a8 8d b7 35 0c 55 6e 04 df 70 4e e1 fc e6 9c d9 08 b7 02 4f 00 34 41 37 c1 c5 84 ec d1 84 2c da 1e f1 02 2f c0 45 5b 44 86 a5 80 16 c9 7a ab 45 70 a5 b9 7d 8e 81 68 c4 41 2c 84 a9 8d 51 8c c8 99 9a 5d ff 0a 1f c4 4f 8b f0 c1 fd a4 5a ac 49 84 44 c4 4d 05 05 88 aa f9 40 1f f4 9a f8 d4 90 bd 7d 10 08 91 90 0e b9 e5 7c 84 d4 f7 7d c7 95 44 43 dc 46 1b 3d 52 c4 cc 25 90 fd 64 da 59 29 40 03 51 10 a6 85 d9 57 d9 4f ff dc 8f fc 10 d0 57 Data Ascii: T@\Q[@aLA523,,M4P#\|A)H@cYy[5UnpNO4A7,/E[DzEp}hA,Q]OZIDM@}\|}DCF=R%dY)@QWOW
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 91 31 72 79 c3 2f 30 05 7b 94 97 7c 4c 48 7b 31 05 5c 80 32 25 1b 98 81 51 98 c1 75 4a 82 12 18 26 43 18 6e aa 81 53 b8 84 49 2b 86 2a 7b 1b 78 a9 c7 c1 75 85 79 30 80 31 08 00 0c d9 99 61 f2 25 67 38 a4 99 b9 80 d0 d0 ab 4d f0 d6 52 68 d4 61 40 19 94 3c 99 ff 30 18 00 e3 00 be 42 1a 50 60 43 3e f3 33 67 c9 d3 c0 98 9a 3c 3d 34 af 21 8f 46 6b 34 13 28 3b 3e 60 07 b7 01 05 a4 e4 b1 7a f1 db c9 55 98 68 e0 00 bb 09 19 86 91 4a 22 18 35 c5 21 4b bb 48 1c c9 21 4b 58 93 9c ed 0d 3f ca 09 dc 5a 13 bf bb a8 1e eb 69 a6 16 6d a6 18 ff cc d2 08 c8 04 6e c0 05 8f 08 89 0c 00 80 5c 78 84 6f 50 84 04 d0 86 5e 00 80 55 48 a1 4c 58 85 55 18 90 b6 5a 1d 02 59 85 7d 93 99 7f 3d 3e c5 6b 99 67 32 9e 05 f6 36 2b 10 9e c8 0c 1b 05 78 1e 73 23 1f bc a8 9e 0b 0e 4d 7a fb 1e Data Ascii: 1ry/0{\|LH{1\2%QuJ&CnSI+*{xuy01a%g8MRha@<0BP`C>3g<=4!Fk4(;>`zUhJ"5!KH!KX?Zimn\xoP^UHLXUZY}=>kg26+xs#Mz
2025-01-02 05:12:35 UTC	15135	IN	Data Raw: b8 a3 01 c1 84 94 8c 85 5e 16 30 68 41 32 68 3f 91 01 c0 22 25 e2 c6 7d 8c e5 88 8e c3 b0 b5 22 0e c0 c0 0a b4 50 a9 ba f1 2b 0a 10 07 eb c0 71 20 27 44 90 e0 0e d0 d6 43 ec 63 6d d5 c6 96 e5 01 97 f5 03 0d f8 e3 91 88 95 04 89 f3 a5 13 3a 40 05 d4 3f 49 82 89 ec 35 12 08 50 b0 b7 15 21 2f 42 0b bc 91 13 85 d7 0a 7d 24 6f 29 f2 08 c3 d0 0c ae 90 2d a8 50 5d bd 60 2a 86 74 48 8a 50 09 2a a4 83 13 7a 6e c8 e3 0a 14 90 44 1f d7 43 a3 80 71 cb 26 0a 96 70 3e a9 c9 c1 1d 1c 3e b0 99 3e 26 6c 72 b8 b9 9b 2a 6c 45 52 54 45 60 e4 03 ff c2 e9 5b 8d 12 bc 8c c2 67 49 a2 78 47 23 1b bf a1 02 5b 60 1b 9e 56 74 df 30 3b ad f0 0c 08 d0 0a 0b dc 74 7b 17 09 2d e1 08 4b 71 48 51 97 2a 7d d7 12 2b 00 4f 2d 80 01 cc d0 02 e6 79 0c 1a 1a a3 ef 59 79 1a 8a 01 98 60 11 0c 50 Data Ascii: ^0hA2h?"%}"P+q 'DCcm:@?I5P!/B}$o)-P]`tHPznDCq&p>>>&lrlERTE`[gIxG#[`Vt0;t{-KqHQ}+O-yYy`P
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: b8 21 19 18 60 17 8a 11 03 b8 81 01 aa 05 c0 6c 41 17 b0 65 05 ba 81 c0 14 ec 1e 96 80 09 0a 84 a6 f6 8c f1 f0 a0 2e a0 00 1c d9 25 09 5a ee 11 fa ca af 5c b1 11 98 30 7b 02 00 52 82 82 0e f8 2c c4 ea 6c fa b6 2f a0 c8 60 03 5e c1 b0 84 e6 56 64 a5 bc 62 a5 19 3a 40 00 f2 00 1b 12 00 46 7a 21 01 b4 a1 13 5e 01 16 2e a6 17 7a 01 46 3e a1 c8 56 a0 13 26 32 19 96 60 09 ba 41 1a 9a ec c9 64 21 66 fe 2b 01 72 61 2a be 69 01 90 06 69 3e e1 ff 13 bc 6c 27 6e e6 15 54 a1 21 10 e2 15 f2 2f 86 a4 c6 22 10 20 77 84 a0 12 de ac 12 10 e0 02 a4 c0 c1 50 ec 1d d1 46 7c 30 2e 60 22 44 89 82 43 89 54 20 14 4a e1 16 40 61 29 15 cd 29 77 85 d0 f2 46 2a 09 eb 13 fa 66 6f 26 8d 11 56 80 00 5c 00 71 1e 47 d3 64 27 3f 14 e7 d4 50 ed 73 28 e7 72 32 27 d7 48 87 80 40 c7 73 48 07 Data Ascii: !`lAe.%Z\0{R,l/`^Vdb:@Fz!^.zF>V&2`Ad!f+raii>l'nT!/" wPF\|0.`"DCT J@a))wFfo&V\qGd'?Ps(r2'H@sH
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 42 7a 1a 1c 34 ce 24 c0 82 24 e4 c2 16 58 24 ab 61 64 ab a5 1a 12 b8 9a e6 a5 08 10 b4 c1 3a 40 c2 00 f1 0f 33 fc 8f 00 8d 42 00 e1 1a 4a 0e 50 09 e8 da c4 c5 e0 b1 4d 83 b1 d1 e4 25 a4 49 01 b4 c2 07 f8 46 08 71 10 09 a1 c8 06 59 db b4 a9 50 06 54 de 0c d0 93 ba a8 8b 05 28 00 2d 78 05 2b 35 11 39 91 13 2b 80 c2 b8 21 62 29 00 40 29 c8 90 2b 49 55 56 71 82 12 8d 05 0d b1 42 be c9 90 01 b0 c1 0c 44 00 2d 6c 45 2e 00 dc 15 55 9e 09 6d ff 5f 25 e1 41 4a 80 90 15 18 00 2a 9c 02 05 50 1c 1c 31 44 c5 55 1c 43 2c c4 03 1c 04 45 88 04 08 79 84 47 54 04 20 7d 84 61 7e 04 3d 41 41 49 20 01 21 20 41 49 34 12 4c c8 44 24 25 c1 8a 3c d2 6e 7c 9c 4f a0 8b 52 0e 45 0f 0c 05 01 0c 41 1b 34 81 fc c4 13 3c 59 c0 11 fc 84 53 44 85 0a 50 05 2a 51 c2 77 6c 42 2f 34 11 2c cd Data Ascii: Bz4$$X$ad:@3BJPM%IFqYPT(-x+59+!b)@)+IUVqBD-lE.Um_%AJP1DUC,EyGT }a~=AAI ! AI4LD$%<n\|OREA4<YSDPQwlB/4,
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 37 75 98 82 21 48 21 10 68 09 1b d8 84 75 fb ca 75 4b 87 92 20 23 8b 28 9a 46 48 93 10 09 1c e5 db 37 83 db 37 49 80 a6 96 92 84 4c 70 05 57 78 05 45 60 4b 49 c8 9c 14 28 09 36 a2 a0 34 42 08 8b e8 21 87 98 a0 08 ea b6 66 ab a0 30 5a 08 87 88 38 87 6b 4c 88 73 b8 8b 28 21 46 b0 23 99 b8 21 3e 52 21 98 b8 a3 3d 9a 89 3e 60 82 9d 48 a4 cf 3c a4 9f 20 24 d0 64 8a 97 9b 04 a3 80 24 0a e8 39 4f f8 b9 aa 58 9b 02 a8 01 53 28 00 be d8 84 50 ff e8 81 bc f0 24 24 0b a5 86 92 8b 4f b2 82 1c a8 b1 0c c0 a5 dc c9 01 67 78 84 d9 60 85 e5 33 05 e0 94 bc b0 bb 8c b2 9b 83 4b 10 8d dd d8 84 31 78 82 62 d2 0c 2f 01 8e 5f 62 8c c8 61 05 ee a4 97 79 11 05 50 10 0a 44 02 05 dc 08 26 33 cc 26 c9 e9 a6 2f 51 0d d5 d0 8d 59 c2 80 c6 13 05 48 70 8e cc bb 25 ee 80 02 7a 72 0e 5b Data Ascii: 7u!H!huuK #(FH77ILpWxE`KI(64B!f0Z8kLs(!F#!>R!=>`H< $d$9OXS(P$$Ogx`3K1xb/_bayPD&3&/QYHp%zr[
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 20 0a 9e 29 3c 44 11 02 bc a1 1b 87 51 9a ba 11 02 b6 84 4b 07 c7 07 bc 04 1a 4e 87 09 c9 80 09 a4 61 1a 55 d7 4c ad 91 4c b4 11 1b cc f4 09 d2 e0 0f 64 17 76 ba 81 77 ba 51 4d 28 10 76 fd f0 05 e5 30 11 9b 40 4f c8 60 79 bf e1 76 0e 62 1d 9d 50 4f 8a f0 1f c7 50 06 fd 40 1d 52 45 9c fe 80 0c b5 e0 0d e7 61 04 f2 d1 1e de 50 05 de e0 0d d4 70 0f f7 40 0a 8c 27 1f b5 90 00 a9 70 0d d7 30 50 4b f2 7a d7 37 20 07 92 0e 5f 12 7b 70 a0 04 ff 3b 97 02 d3 07 22 20 02 07 17 72 09 e8 f7 4d da 29 26 04 e2 54 e0 31 11 13 10 5b b1 35 01 1d 90 30 30 c2 0b 94 c0 30 a5 80 23 36 f5 08 40 e5 30 1d 07 24 b4 60 01 33 30 03 c6 42 03 b9 10 54 44 e1 51 14 72 54 4b 35 1d 25 82 55 d6 67 7d 63 e2 79 e3 27 a3 98 87 55 e2 e7 24 ed a4 55 8c d0 55 71 02 02 84 a0 26 67 45 56 e8 27 a4 Data Ascii: )<DQKNaULLdvwQM(v0@O`yvbPOP@REaPp@'p0PKz7 _{p;" rM)&T1[5000#6@0$`30BTDQrTK5%Ug}cy'U$UUq&gEV'
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 22 85 ab 50 e5 04 33 21 02 18 43 01 92 c0 ac cc ea 02 f8 e0 02 d8 ee f8 24 43 55 7e c5 fb f0 ea 59 32 85 15 c4 6f 10 15 2b 59 bc a5 11 b4 81 5c 70 06 fe 9e 0d 59 06 d1 55 9e 82 11 b2 21 19 3a 87 f9 8c 45 11 72 41 03 4c a1 04 e6 c4 61 30 a5 5b 84 65 2a da 6a 52 60 04 51 b2 ad 5d b2 e2 b3 44 01 5e 9e c0 07 98 20 1e 5a 81 17 4e 2b 45 22 4b 58 0a d0 66 d0 93 ab 62 cb 52 4e 90 12 02 20 00 2a 81 a1 72 c1 65 26 10 64 24 41 03 b2 40 10 12 01 ff 63 74 e0 0b aa 6b b7 52 e6 11 50 a6 51 be a1 60 8e 6f ba 54 26 05 53 f0 1b b4 85 66 0c 14 01 87 65 0d 97 20 11 84 c6 06 81 10 68 c0 b0 2e 18 60 07 cd f4 68 1a 00 06 b6 c6 be 1a 60 17 d6 0b c0 c0 26 09 e1 d4 2e 76 61 6e b8 c0 bf ee 26 6d da 06 03 ea 62 17 da a6 6f f8 82 03 22 0c 1e fd c1 18 0a 87 0b ca 14 2f 3c 4c 0c d0 90 Data Ascii: "P3!C$CU~Y2o+Y\pYU!:ErALa0[ejR`Q]D^ ZN+E"KXfbRN re&d$A@ctkRPQ`oT&Sfe h.`h`&.van&mbo"/<L
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 08 35 c4 be 7c 8b b6 00 60 c0 4c c1 a7 5c 4a 58 89 c0 c4 ec 68 c4 48 0c 1b b0 00 c6 b0 00 09 8c c1 1c 44 83 03 44 43 34 d0 40 5e 59 42 68 6d 42 2f 3c a9 7f f5 97 cb 4c a9 ca 8c 0d ca c8 54 98 54 82 0a a0 c8 ce fc cc cf 8c 40 22 bc 41 1b 6c 00 2f 7c 09 70 3a d8 37 f4 82 24 80 e0 37 00 40 3c 10 c0 7c c5 17 0e 7e 83 36 50 57 ca bc 4d 23 44 42 cb 48 97 04 f5 a0 80 d1 0c 9a d8 4d 2e 90 4c 73 c1 02 cd e0 0d 99 38 98 99 e0 cd 23 2c d7 a2 16 ff 18 08 ca 94 0c e6 82 06 74 01 11 10 c0 72 71 89 99 64 0d 75 f1 20 a0 aa a9 98 50 42 26 8c 81 82 f6 00 14 48 09 14 48 81 19 04 43 34 10 41 17 20 a2 ee 08 80 2a e4 4f 25 f0 02 fe b4 99 00 bc 83 24 74 c2 24 ec 02 57 fd aa 6c 9d 90 b8 dc d5 31 50 8a a6 01 60 ae 68 10 29 08 01 29 50 03 27 4c 01 ea 04 0c ba bc 0e ee 84 0f e9 a8 Data Ascii: 5\|`L\JXhHDDC4@^YBhmB/<LTT@"Al/\|p:7$7@<\|~6PWM#DBHM.Ls8#,trqdu PB&HHC4A *O%$t$Wl1P`h))P'L

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	586	OUT	GET /img/GYyh_180x180.GIF HTTP/1.1 Host: ig55.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	1055	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: PUT, GET, POST, DELETE, HEAD, OPTIONS, PATCH Age: 844 Cache-Control: max-age=14400 Cf-Cache-Status: HIT Cf-Ray: 8fb8304e1a582f43-LAX Content-Length: 353124 Content-Type: image/gif Date: Thu, 02 Jan 2025 05:01:00 GMT Etag: "67700c5f-56364" Last-Modified: Thu, 02 Jan 2025 05:01:00 GMT Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4CMk%2Bjf0TF62pF9qK20cpRASVt8rmubadlD3n4Hngjj%2F88Tz8AvAzwn1VWNv%2BUw%2FBcil%2B6NB4wT%2F0eqaphhzu5HevNTYi3oXPt4W6qrYSHn%2BUcvRmsHYQMv0y4ZqgxTsRA%3D%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Server-Timing: cfL4;desc="?proto=TCP&rtt=944&min_rtt=832&rtt_var=84&sent=2248&recv=264&lost=0&retrans=0&sent_bytes=3089202&recv_bytes=15253&delivery_rate=305262693&cwnd=609&unsent_bytes=0&cid=581ea9534db1ee0a&ts=112891&x=0" Vary: Accept-Encoding X-Cache: HIT, server, disk Connection: close
2025-01-02 05:12:35 UTC	131	IN	Data Raw: 47 49 46 38 39 61 b4 00 b4 00 f7 ff 00 ff 26 26 ff ee ab ff db 00 ff 01 f3 da dc e6 a0 fe 90 ff fb e5 18 7e a4 88 89 8f fb d7 ce f5 f5 f5 91 76 41 ff 9c 5a ff 53 30 00 cf ff e2 e3 ee ff c7 00 ff 5d f6 35 b5 ba ff 00 b6 ff f2 01 02 02 02 24 ff 00 97 4d 84 d0 f5 fd 60 e0 fd ab 92 6a eb ed f5 92 88 52 ff f3 8d ed ed ed ff ce b8 ff 3b 3a d5 c7 b2 74 fe 59 6d 6d 71 fe f8 d9 ff 30 0b ff 94 10 01 Data Ascii: GIF89a&&~vAZS0]5$M`jR;:tYmmq0
2025-01-02 05:12:35 UTC	2372	IN	Data Raw: ad d9 ff ac 0c ff f5 c5 ff 32 32 ff d1 48 95 71 3f a3 8d 56 bb bc c6 e3 e3 e3 c7 b1 97 ff 02 02 ff 67 29 c5 c5 ce de de df ff d0 ff ff 6f 0d ff 4b 40 53 90 94 ff 4e 10 ff 1a 1a ea e4 da bc aa 8b 8d fb 71 ff ec 6c f5 ef e9 fd b7 a9 b6 a2 38 56 ff 39 ff 12 11 ff b3 fb ff d1 2e ff 0a 0a ff da 65 fe de 86 ff 8f fb fd a9 92 d2 fe cc ff fe f1 f5 f6 fc b3 f0 fe e9 f9 fd d5 d5 d5 3b d9 fe ff 2b f3 d7 d7 e1 cd ce d2 b8 b9 bc be c3 ca ce bc a5 b4 36 95 ff 76 68 ff 82 24 ff 90 83 a4 a5 ac 8a e8 fe c0 fe b3 2a c3 c8 fe e7 dc 3f 3f 3f db be 1c 59 a0 70 ff 68 59 ce b3 27 e0 d6 c3 ff f7 4d 96 97 9d 36 ff 15 ff ca 13 53 a3 c6 ff 38 1d ff ed ff 44 9d a9 fd f5 f3 79 77 69 74 75 7c 59 6c 65 ff 14 05 ec fd e9 aa ab b1 ff f3 26 fd ea c2 ab d3 e3 ff b1 3e 7b 5b 7d db 18 a6 91 Data Ascii: 22Hq?Vg)oK@SNql8V9.e;+6vh$*???YphY'M6S8Dywitu\|Yle&>{[}
2025-01-02 05:12:35 UTC	538	IN	Data Raw: 2b ed 78 d7 1d 2a 1a 6a b3 4e ab ed 7e b7 5e a6 94 14 96 6e 2b ee b2 9a 7a 0b 16 a8 e3 a6 8b 20 b3 e6 62 a6 99 ba f0 4a 58 ad a7 10 86 17 ef bd 13 76 4b 15 13 f8 f6 eb 61 3c 73 f9 2b b0 bc 73 f9 3a f0 c1 c9 05 8c f0 c2 d6 15 cc f0 c3 be 29 0c f1 c4 9e 39 4c 31 c5 12 5f fc 30 c0 68 19 ac b1 c0 19 7f 8c 30 c7 67 79 2c 32 be 21 9f 2c 30 c9 5f 99 ac 32 bc 29 bf 8c 2f cb 5e b9 2c f3 b8 31 df 0c 2f cd 55 d9 ac b3 b6 39 ff 3c 2e cf 54 f9 2c b4 b2 41 1f ad 2d d1 4a 19 ad f4 af 49 3f ad 2c d3 49 39 2d f5 aa 51 5f fd 2b d5 3f 59 ad 75 a8 59 7f bd 2a d7 3e 79 2d b6 a3 61 9f 1d 2a d9 32 99 ad 36 a1 69 bf ed 28 db 31 b9 2d 77 9c 71 df 4d 28 dd 23 d9 ff ad ed 0f 3f 60 8c d6 c4 3b 98 11 cb 0e 10 f3 2d 92 df ca 9a 01 43 02 3b c0 60 06 c4 79 8b fb c6 15 04 34 42 cb 14 30 Data Ascii: +xjN~^n+z bJXvKa<s+s:)9L1_0h0gy,2!,0_2)/^,1/U9<.T,A-JI?,I9-Q_+?YuY>y-a*26i(1-wqM(#?`;-C;`y4B0
2025-01-02 05:12:35 UTC	4744	IN	Data Raw: dc 28 c7 d6 7c b1 8e 34 a2 23 1e fb 13 c7 3d f2 47 8f 7e bc a3 1f e7 a8 c4 41 ae ab 8f 86 1c 0f 20 f7 28 c8 44 1e 68 91 78 6c a4 23 f7 03 c9 3a 4a 72 92 ee a9 a4 1c 2f 89 49 f1 68 f2 8d 9c ec a4 72 3e c9 c6 50 8a 32 62 85 3c a5 8a be 93 2d 55 f6 e6 13 b2 f1 56 04 da e0 4a df 94 23 09 ed 9a 49 62 6a c9 98 ff e4 32 26 e0 72 65 b9 7e 09 cc 56 e2 11 96 c2 52 0a 10 ac 04 25 5a fa f1 96 88 fa 87 b1 a8 82 98 3a fa 52 46 1f 30 08 a5 e6 b3 cb 31 0e 73 3e 9c 32 c8 1b 90 c2 4a 7b 39 11 99 16 32 80 45 96 d9 1c 67 16 11 9a 38 d2 c8 34 95 52 4d 1e 5e 73 4b d9 44 c9 36 87 d5 ff 4d bd 7d 73 58 e1 44 c9 38 93 99 14 f0 bc 0d 9d 42 52 67 4e d8 79 18 77 4a 0d 9e 61 2a ca 07 98 89 a7 7e fe ec 9e 82 ca 27 54 ee b0 ab 0d 5d 94 a0 3f 21 d6 56 06 8a 2d 73 5e 0c a1 6a 7a c3 60 18 Data Ascii: (\|4#=G~A (Dhxl#:Jr/Ihr>P2b<-UVJ#Ibj2&re~VR%Z:RF01s>2J{92Eg84RM^sKD6M}sXD8BRgNywJa*~'T]?!V-s^jz`
2025-01-02 05:12:35 UTC	5930	IN	Data Raw: 22 c2 d8 b3 cf f1 b5 34 b1 81 3d c2 2c c0 c3 f5 f5 d4 c3 25 44 d0 6b 04 78 43 b5 84 7b bd 91 57 84 6d 4f 23 a0 44 13 cd 03 b5 00 02 18 cc 10 8f 5f f8 ef 17 b4 d8 c0 02 16 d0 ba fb bd 6c 44 1b 62 48 fc 32 d2 96 e9 29 84 52 0e 94 d4 02 ff 50 a3 4f 1c 03 14 7d a8 43 2d ea d1 84 68 f4 a1 11 e0 b8 47 2d 98 00 b6 f5 65 b0 1e 0b 73 c8 04 31 32 3f 86 64 10 4b f9 d3 00 96 ee 71 8c 3e e8 a3 84 7a f8 c4 27 ff 8c f4 07 e5 0d ef 86 11 5c c8 0c 2f 52 41 fa 21 b1 46 da 83 86 3d ba 61 0b 5b 50 a3 16 9f 00 47 34 0c 58 a4 6e 98 c2 8a b5 a8 86 fa 9e 28 43 bf c9 4f 2c b8 1b c8 13 6b 41 37 7e f8 01 1d a1 18 c3 22 72 b1 88 50 d8 e3 1e fa f8 84 07 c6 40 c7 31 68 22 14 dd d8 81 f2 a0 75 bf 32 62 2e 7a 57 b1 60 42 d6 c8 81 05 10 90 79 f1 b0 85 26 72 31 8a 7b dc c3 14 b8 a8 a3 07 Data Ascii: "4=,%DkxC{WmO#D_lDbH2)RPO}C-hG-es12?dKq>z'\/RA!F=a[PG4Xn(CO,kA7~"rP@1h"u2b.zW`By&r1{
2025-01-02 05:12:35 UTC	7116	IN	Data Raw: 69 cb f6 77 b1 f0 5f fc a0 0b 45 28 69 5f 86 4b 92 61 5d 0a 66 06 66 10 0b 46 f7 29 88 c2 6c ab f3 6c c0 d2 5f 42 ff c8 25 1c 50 20 53 56 35 1a c0 6d 0a b0 4c 5b 16 7a 85 37 7a e5 d6 16 64 c7 1b d6 c5 57 a6 65 06 57 f0 82 57 40 79 60 90 0f da 97 22 6c f2 29 ba c0 03 f5 70 2d 7f 47 7f f2 96 39 b5 c0 56 dd 51 22 d0 80 58 88 65 08 82 d6 1b bb c5 01 80 28 19 3b b0 57 bc 98 39 8a f5 07 3c e0 8b 1a d0 8b 1a 10 7a 71 d8 89 79 91 62 66 c0 03 24 e3 8b b6 a7 01 30 10 63 3f 60 06 d8 40 63 29 b2 03 7f 30 8e 7f b0 5d e9 a0 62 3f a0 00 ea f8 06 9b 95 8e ea d8 46 3b e0 8e b4 57 20 98 76 8e a2 e5 8e 0a 60 86 3a c8 59 9b 05 20 e9 10 6e d1 08 85 b0 a4 3c 72 16 61 06 89 57 4e c8 89 02 39 4d 8c 75 90 0e 19 5e 09 59 7c d2 88 18 54 f5 90 16 39 5c 0c 18 70 0b 49 52 4e 72 91 1e Data Ascii: iw_E(i_Ka]ffF)ll_B%P SV5mL[z7zdWeWW@y`"l)p-G9VQ"Xe(;W9<zqybf$0c?`@c)0]b?F;W v`:Y n<raWN9Mu^Y\|T9\pIRNr
2025-01-02 05:12:35 UTC	8302	IN	Data Raw: fc dd df fe fd df 00 1e e0 02 3e e0 04 5e e0 06 7e e0 08 9e e0 0a be e0 0c de e0 0e fe e0 10 1e e1 12 3e e1 14 5e e1 16 ce 13 01 01 00 21 f9 04 09 03 00 ff 00 2c 00 00 00 00 b4 00 b4 00 00 08 ff 00 ff 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 93 2a 5d ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ba b2 96 57 ae 53 bd 8a fd 0a d6 e9 d8 b1 65 cd 9e 15 9b 76 e9 d8 37 b1 d0 b6 4d 3a f6 07 8f 74 72 e7 1a ad ab 41 41 5e bd 44 c7 fe 31 f4 e7 2f e0 a0 67 a1 2d 28 6c f8 f0 ce b5 5e cd 2c d8 01 b9 96 e3 c7 95 63 2d 80 56 d9 f2 65 9b 9d bd 5e d9 1c da f3 e7 98 90 Data Ascii: >^~>^!,H\#JH3j CI(S\0cI8s@JH]PJJXjWSev7M:trAA^D1/g-(l^,c-Ve^
2025-01-02 05:12:35 UTC	3635	IN	Data Raw: 81 fb a7 1b aa a1 4a 3b a0 11 70 99 5c 4b b8 00 62 a4 c6 9b 22 49 37 b1 b0 3b 56 18 c0 25 8c 1b a4 e1 8a aa 4a 0b 19 4c fb 37 92 5b 0f 69 5a 0b de 3a b9 14 8b b9 99 ff 3b 16 52 8b 99 9c 89 b8 da 29 4b c2 4b 4e f5 70 a2 f6 09 b8 93 6a b6 c8 43 ba 92 2b 16 7e c0 25 b5 20 52 da 79 0f f2 5b bd 46 0b a9 c8 46 bb 7f 2a 9e 4a ab bb 91 a9 b0 03 74 63 37 a6 a1 e5 59 a3 80 5b a1 90 db b8 89 1b 49 ec fa 9d 76 0a 27 e3 ba a1 b5 40 ac de 19 1a 7f da b0 f3 fb 06 60 fb a5 04 bc 11 90 71 9b 3f 6b a4 e5 80 b8 5a 9a b3 90 d1 ae 48 fb bd d6 8b c1 b7 2b ba 95 01 bc 40 4a bb dc 3b 9e 95 ea 15 23 5c 99 65 2b c3 88 da 9d 39 aa bd f7 69 68 46 ea be 1a db bc 4b 0b b8 9f 60 bb a5 f1 9c 13 3a c1 51 7a 47 59 db b4 03 f0 ba 42 2c ab f7 fa a2 18 b1 16 1f aa b5 7f 3b 47 0c 7a ae 6f 7b Data Ascii: J;p\Kb"I7;V%JL7[iZ:;R)KKNpjC+~% Ry[FF*Jtc7Y[Iv'@`q?kZH+@J;#\e+9ihFK`:QzGYB,;Gzo{
2025-01-02 05:12:35 UTC	10674	IN	Data Raw: 01 44 d0 98 5e 51 0e 97 19 1a 88 b9 99 84 59 03 95 41 99 95 f9 98 9d 81 98 a9 99 04 a1 f9 80 10 01 19 35 20 05 03 30 00 8a 19 01 b5 19 01 9e 79 16 6d 90 04 b5 39 98 49 40 9b 03 a0 9b 5e 51 9b c6 79 9c b5 79 99 44 80 9c c6 99 04 05 d4 9b c2 39 9c d1 19 01 e5 50 03 b5 79 9a b8 f9 9b d1 a9 98 6b b1 9c cc 69 9c 9d 11 9d cc ff e9 9c 71 47 11 59 42 04 d1 d9 98 f1 e0 9b b6 b9 9b 5e d1 06 c2 49 9e 9f 50 0f ec 39 00 86 19 0f de 79 9c 52 60 98 62 11 0f b3 d9 9c fc 59 1a f5 39 00 49 a0 53 c1 89 9c 90 51 9f fb 29 16 0a fa 9a 72 53 0e d9 89 9c 0e 2a 16 e5 f0 9d 0b ca 51 17 b1 16 15 da 9c 38 b5 a1 b6 79 16 d9 29 05 6b 91 9d 11 80 24 f9 f9 9b c2 26 16 de 59 03 29 da 19 11 3a 00 4d f6 9e e2 99 a2 6d 10 a1 11 b0 16 d6 d9 9c 1a fa 9d 37 ba 16 be 29 9e 03 40 04 2d 2a 63 16 Data Ascii: D^QYA5 0ym9I@^QyyD9PykiqGYB^IP9yR`bY9ISQ)rSQ8y)k$&Y):Mm7)@-c
2025-01-02 05:12:35 UTC	11860	IN	Data Raw: 7f fe fa fe 4c 8c 97 dd 59 3b 75 d7 9f 7f 42 1d 38 1b 44 72 71 a5 56 6e 0a 22 f8 9f 82 5e 35 58 d4 7b 83 45 08 db 53 1a be 74 9f 50 06 18 b0 5f 87 a5 71 48 e2 6c 01 18 30 a0 49 7c f1 77 a2 84 43 bd 58 cb 1b ed 6d a4 99 8c 25 3a 85 23 4c a9 59 e4 d0 1d 12 ed b8 a1 89 42 da 07 e4 8a 06 ed e4 92 8c ff 28 c5 95 90 3d b1 e6 db 76 5f 41 99 a3 56 56 c2 d4 9b 51 1e 41 98 e5 70 5b 7d 09 93 57 7d fd 53 8f 81 62 c2 48 a4 98 f5 64 d5 e4 8b 6f 12 46 57 9a b0 d1 09 26 5a 76 52 67 27 66 79 0a 94 a6 6a 7d c6 e9 9d a0 78 95 27 a6 9f 42 96 67 90 95 88 32 a9 28 42 89 12 1a 99 55 94 3d 1a 5b 7f 94 d6 39 29 a4 6d 59 7a 51 5e 61 6d 66 98 9e 85 52 e4 96 9a 9e 66 54 ea a8 8d 52 95 6a 68 49 99 ff 4a aa ab af f2 19 ea 77 a6 9d ea 64 ad b6 e1 da 59 ab 43 f2 ca 6b 61 bb 0a 6b 2c b1 Data Ascii: LY;uB8DrqVn"^5X{EStP_qHl0I\|wCXm%:#LYB(=v_AVVQAp[}W}SbHdoFW&ZvRg'fyj}x'Bg2(BU=[9)mYzQ^amfRfTRjhIJwdYCkak,

Timestamp	Bytes transferred	Direction	Data
2025-01-02 05:12:34 UTC	608	OUT	GET /f3dab33316b44c64a6f119272fb4489e.gif HTTP/1.1 Host: 555ww666yy.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.rr8844.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 05:12:35 UTC	328	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Jan 2025 05:12:35 GMT Content-Type: image/gif Content-Length: 708549 Connection: close Last-Modified: Mon, 23 Dec 2024 08:29:11 GMT ETag: "67691f57-acfc5" psc-cache-status: HIT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Accept-Ranges: bytes
2025-01-02 05:12:35 UTC	16056	IN	Data Raw: 47 49 46 38 39 61 14 05 04 01 f7 00 00 fe 01 04 fe 01 10 fe 00 00 fe 01 00 f0 03 02 ec 0d 01 d6 0b 02 e3 0f 0c ed 12 0f f2 24 0d f2 21 1d de 27 27 d7 28 10 cd 19 24 b8 1e 22 b3 20 11 b3 18 06 a1 12 0c 92 13 16 85 17 0a 82 06 02 70 12 0a 5d 15 0e 61 19 11 5b 23 1b 3f 19 18 24 15 18 1f 1e 23 24 22 3b 26 24 4a 33 2a 4f 4f 2b 53 4a 29 63 33 32 80 29 3a 8c 43 4f 6e 42 4f 59 48 53 4b 25 61 2d 2a 86 39 49 93 42 67 9e 40 75 99 56 6b 71 78 6f 77 8f 7d 84 93 8e 99 92 a6 9d 96 b1 8c 8a aa 79 74 a6 6d 5d a7 73 48 b8 7b 39 b4 8c 2d aa 74 2a 90 66 28 72 66 2c 84 4f 32 78 3e 25 88 33 21 95 48 11 a9 4b 14 b1 54 23 b4 67 12 c8 71 13 d6 66 22 d7 52 1f e7 43 31 f7 3e 37 f3 4f 20 f5 6d 25 f2 6e 09 fa 87 05 f5 92 06 f2 91 13 f0 96 2a da 90 28 d5 9b 13 e2 b1 13 ea b2 0f f6 b0 Data Ascii: GIF89a$!''($" p]a[#?$#$";&$J3OO+SJ)c32):COnBOYHSK%a-9IBg@uVkqxow}ytm]sH{9-tf(rf,O2x>%3!HKT#gqf"RC1>7O m%n(
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: ec 36 3a 9a 2b 58 5a 52 27 b5 a2 31 35 52 03 d8 2e a8 03 3f a8 43 2c 88 42 26 10 4b 42 21 54 5d 49 0c 26 60 02 cf 64 35 58 d7 55 26 60 42 b0 60 02 58 11 4d ad 74 b5 d2 6c 42 3c 1f 4d 59 3f fe 54 c4 b8 f5 55 6b 0c 28 c0 82 31 a0 03 3f 18 03 52 37 35 d1 26 2d 2c a0 c2 5e a7 c2 36 7a 96 67 b1 02 61 83 16 32 58 40 07 2f 36 d9 fd 26 b7 a5 ae 91 30 b6 64 ff c0 2d 25 03 68 55 83 05 dc d2 0f 14 09 b7 29 a5 05 64 f6 2d 51 00 68 8f b6 68 df 12 69 23 83 1f 2d 81 52 96 41 67 ef c8 7f 3c 76 6b ab b6 af ed c8 63 ab d2 0f 7c 56 81 10 12 81 f0 c1 04 3c 93 33 51 80 38 ed 00 0c 10 88 35 a4 01 13 10 14 a1 88 81 22 fc 87 37 41 93 73 13 8a 98 ec 80 65 a7 02 0c 54 d3 33 f5 93 33 f1 c1 24 1d c2 71 1b 8a 6f f7 ae 0c c8 02 67 c1 c0 32 fd 36 a6 d8 40 20 4c 52 21 0c 94 73 fb b6 18 Data Ascii: 6:+XZR'15R.?C,B&KB!T]I&`d5XU&`B`XMtlB<MY?TUk(1?R75&-,^6zga2X@/6&0d-%hU)d-Qhhi#-RAg<vkc\|V<3Q85"7AseT33$qog26@ LR!s
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 69 88 07 9f 8d 07 68 88 86 12 2b ec 15 b0 06 e2 c9 1c dd 11 6c 0f 70 da 6b ae ec 72 3c c7 dd 11 ec 65 58 1e aa 8d 04 59 a8 59 11 38 9e e3 61 33 bb 9e b3 55 f8 80 64 88 84 b2 1d c8 9c ec 1e 8c 2c 06 11 60 81 35 58 82 fb a2 5b bb 15 83 71 ad db bb 9d 83 f5 a9 49 5f 1b 1f be ad 1f e1 6e 49 c1 45 38 22 c2 8a 83 3b a2 59 53 00 95 94 9f 9c 9c 9f 97 24 b6 5f b8 49 5e 38 9f 5f 20 36 5e b8 dc f3 29 36 9a cc ee 9a 28 b5 cc e5 1f 97 38 49 13 6a 00 75 43 38 13 ba 36 59 7b 21 04 9a 21 f7 8e ca 19 a2 4a 25 e0 1f 17 3a a2 d1 48 22 31 d2 1f 78 53 ee 30 42 00 28 98 02 7a db dd 97 ac 85 b4 a4 85 5b 20 f0 df fd 5d b8 a4 9e 04 5f 70 df 2d de 04 48 38 6f 43 00 25 98 82 5b ab ef 32 ea 83 48 c2 8c 88 a3 38 0f 3f 0b 56 48 05 54 48 4c c1 d0 0b f3 65 39 96 63 4c 49 08 85 50 f8 fe Data Ascii: ih+lpkr<eXYY8a3Ud,`5X[qI_nIE8";YS$_I^8_ 6^)6(8IjuC86Y{!!J%:H"1xS0B(z[ ]_p-H8oC%[2H8?VHTHLe9cLIP
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 3d 84 20 08 bd 3d 01 32 10 09 b1 ad 06 90 d0 db b3 2d db bd 3d 62 30 e0 b5 ac fd db b3 ed dc d8 9d dd 43 b6 0c b4 ba 41 dd 7d d0 de 0d de dd 5d b8 40 b9 00 42 e9 b8 f4 b0 00 6d e0 06 27 e4 42 e4 36 43 4b 19 01 99 9b 42 6d 90 43 13 01 11 6a e4 0c f9 ad df fc 4d 13 14 77 11 f4 c6 0c ce f0 0c 88 30 07 cf f0 0c cb 90 0c 30 90 03 5b c4 03 02 91 03 3c f0 b3 34 90 06 6a 80 06 33 d0 95 5e c4 03 75 b9 d6 13 50 20 77 e9 95 5e 29 03 67 47 47 80 09 98 43 71 98 28 be bc 23 87 98 a2 50 0a cc 8b 09 a0 b0 bc a6 90 09 de 0b bd 46 21 0a 9a 10 6d 23 55 09 7f f4 47 a4 e0 bd 40 6e 0a fe 43 61 06 32 f7 15 5c c1 03 d4 39 16 67 31 49 40 e0 c2 4d 40 06 77 b1 07 82 90 c1 cb 89 08 79 00 03 33 00 d9 63 77 11 88 00 08 5d ee 75 3d 60 01 18 50 20 3a b0 02 5e 89 01 3a 50 01 6c 30 06 80 Data Ascii: = =2-=b0CA}]@Bm'B6CKBmCjMw00[<4j3^uP w^)gGGCq(#PF!m#UG@nCa2\9g1I@M@wy3cw]u=`P :^:Pl0
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 77 36 24 ef 25 71 2b 78 fd 72 02 18 20 19 2a 04 79 cd 80 06 d0 20 06 d0 40 06 d4 40 06 26 fc 0e f6 77 ed 88 97 7c 0c 84 10 fa 60 ed 3e 9c 7d 45 5c 10 1e 6b 3b 3a 6e 13 58 23 3d 6e c9 10 46 7c c4 53 84 3f 42 11 19 10 81 7b 1d 3b 11 38 44 7f 5f 13 0f 98 61 11 e4 e3 12 1c 5b 10 f8 40 10 d8 0b 46 12 61 19 38 a1 9a 44 a9 10 94 bc b0 16 98 0f 00 61 c9 0b 81 9f 22 78 ca f7 40 4a 8d fe 85 19 64 c0 11 92 8e 83 87 b8 9d ea c3 46 04 01 0c c0 00 0b c0 e0 09 0f a1 9d dc 29 41 9c 22 a2 36 64 3b dd fc cd e1 fc cd 09 84 88 2d 81 c4 be f7 ce 09 01 cf f5 3c cf f9 fc ce 23 a1 40 4c 8f 12 c8 49 d0 21 a4 d0 0f 41 cc cb 9c b1 0b 9d d0 19 7d 9d 64 ea d0 c7 1c 0c f4 69 32 0b 81 d2 2d 1d 7c 2f bd d2 d1 fc f5 90 ca 2a 0e 9d cc c5 9c 0f a2 82 d3 29 ca 9a f8 c3 6c 2d 56 14 b7 58 9c Data Ascii: w6$%q+xr y @@&w\|`>}E\k;:nX#=nF\|S?B{;8D_a[@Fa8Da"x@JdF)A"6d;-<#@LI!A}di2-\|/)l-VX
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: ac 81 18 54 6e 8e 7f 41 18 8c 01 1b b0 81 1b 0c 01 11 14 c1 12 50 6e 91 7f 01 8e 83 6e 95 23 e4 9b bd d9 de bc 4a 9e b5 ae ae 10 0b a1 d1 40 0d 9c af f1 32 81 4e 8e 6f f2 d8 2e ae e0 00 fe 06 cc 8f 0b d8 81 a9 9d 4f f1 9c 01 19 cc cf fc 5c 99 f9 90 0f f7 d6 80 16 04 10 59 16 da 19 40 6f 0d fc af a2 55 6f 0a 90 6f f2 94 c1 12 a4 4f 0a 88 c1 ac 25 65 f2 3c 5a 1d 3c ba 4e e2 c0 0c bc 80 f5 3e e5 12 00 5f 29 28 c2 0b b4 c0 0b 18 1b 13 e0 5a 56 72 d0 07 49 db 07 71 10 22 2c 83 3c a0 c1 1e 98 41 9c af 64 c6 e5 8c d5 1e 30 35 c0 03 3c 50 c3 64 d6 50 10 c5 c1 06 bf c1 1b 38 c3 33 78 c2 a0 6c 42 24 40 43 1c cc 43 1b cc 77 29 ba 01 1d d4 75 d1 24 02 21 f4 41 be d8 41 33 30 c3 33 24 f0 65 f2 10 0c cf 30 66 56 8c b7 db 20 1a e1 f0 67 3e a6 43 6c 04 55 8f af 4e f6 a2 Data Ascii: TnAPnn#J@2No.O\Y@oUooO%e<Z<N>_)(ZVrIq",<Ad05<PdP83xlB$@CCw)u$!AA303$e0fV g>ClUN
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: b4 a1 49 19 47 fb f3 b4 5c e4 ac c1 9a ab b9 1a ba 1c 1b b8 6c f4 2f be 8c 03 46 1b 4e e0 09 51 00 4c 2a 48 82 f6 89 60 02 f8 b7 81 f3 1e 24 98 02 5a c3 84 48 a2 04 0e 06 a2 4c a0 1c 69 d3 84 c6 c1 84 50 68 f5 c7 d3 04 51 88 75 dc bc 0c ce ac f5 6a c3 75 d9 59 66 1f d6 e1 dd f1 f5 63 f6 75 5f ef 75 da d1 9d 5f 37 b0 a1 db cd c1 dc 1e 29 48 02 ed 41 62 26 c6 37 7d 8b 02 7c 73 b7 27 96 37 04 78 b5 b9 71 60 04 38 82 4c 77 e0 82 03 b8 c1 e4 76 b8 f9 83 b3 e1 1f 89 06 63 52 1b 8c 63 d3 9f ff c1 20 c2 61 a1 02 32 b9 79 a7 f7 7a 97 20 0a 02 e4 00 02 85 5e b0 f7 7e f7 f7 93 cb 77 40 de 77 75 c0 1a 1c ca 1a 1c 22 05 e0 29 ba 52 58 05 83 3f 05 48 3e 50 53 50 85 66 28 22 23 12 83 33 f0 81 24 8a 00 06 b8 80 26 ba a5 57 98 05 67 86 57 5a a6 22 33 b0 3a 21 58 86 fe c4 Data Ascii: IG\l/FNQL*H`$ZHLiPhQujuYfcu_u_7)HAb&7}\|s'7xq`8LwvcRc a2yz ^~w@wu")RX?H>PSPf("#3$&WgWZ"3:!X
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 20 0b c0 2e ec c1 4e ec c3 6e ec c5 8e ec c0 ce 0b c9 03 ec 6d d3 ec dc e3 ec c9 b3 ec 6d 33 ed c4 4e ed d6 2e 0b c6 e0 0e ea e0 0e ed c0 0b 9c 00 82 c8 92 4b ee c3 2c b9 55 40 24 78 5c 4c 66 8a 8f c2 bb 4a 4a 5e 9c e9 89 3f b6 5c c1 24 c9 f8 97 36 38 36 ef f5 5e 8a 46 c6 ef f8 ae a4 4a 56 ef 8d ce 63 b9 05 66 9b d3 8a be 45 5e a8 83 af be a5 35 bb 45 62 bb 05 64 0d f4 f0 da e2 f0 eb 65 f1 c7 e8 65 70 b6 5e 83 16 3e da f8 66 78 f6 f1 0c bd 31 1a 04 41 34 d6 41 fd e3 40 27 ef 3f 94 06 36 ab c3 68 89 f6 f2 95 16 0b 27 3f f3 91 a6 40 0f d4 41 1d 84 8f 94 96 41 fe fe 83 6a ab 50 41 19 24 0b ab b0 8f 3f bf 40 1e 34 f4 a2 46 6a 26 6d d2 fe 08 d3 6d 83 f4 2a ad f4 31 0d 43 34 1d d3 32 7d b3 0d 29 11 31 e4 6a b1 76 91 3d c4 b3 16 b9 11 44 1d 12 d1 e6 91 20 d9 6c Data Ascii: .Nnmm3N.K,U@$x\LfJJ^?\$686^FJVcfE^5Ebdeep^>fx1A4A@'?6h'?@AAjPA$?@4Fj&mm*1C42})1jv=D l
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 31 e3 e7 68 49 df 7f 8e 15 16 21 0d 96 c1 18 b2 ca 17 76 e1 10 1c 01 11 46 d4 05 2a d9 96 ae 61 4c 34 78 e0 59 21 19 60 60 19 ea 00 05 52 c0 06 a2 e8 1a ea 20 98 83 59 07 66 e0 2c 6e 80 95 39 20 07 38 80 95 d7 ae c0 ad 89 04 40 00 07 ae c8 03 30 e0 03 64 a0 04 4a b4 44 c7 43 9b 6a de 04 46 fe e2 92 43 07 74 20 90 56 a0 05 68 54 0d 98 00 0a b2 20 0b b0 20 0b a4 a0 09 e4 80 fe 11 3a 61 12 0e 01 97 eb e0 11 9a e1 0d 36 6f 41 20 6a 49 bd b9 a1 c8 d4 9d b9 54 4b 3f 00 1f 6c a0 09 e6 e1 1e ee e1 03 d6 5e 48 84 e4 1e 50 2f 9d ed e1 06 78 e0 8b 02 01 f6 20 e4 a4 36 8f eb 19 24 0e 40 81 05 ea 89 11 16 e1 11 1e 01 11 da 03 10 f2 20 0f c4 80 0d 82 c0 08 4c 42 09 96 80 0c d0 23 9e fe 6e 04 80 46 b7 af c1 0e 36 3f 1b be 01 68 66 a1 64 8f 81 17 da 24 fc 58 80 05 00 49 Data Ascii: 1hI!vF*aL4xY!``R Yf,n9 8@0dJDCjFCt VhT :a6oA jITK?l^HP/x 6$@ LB#nF6?hfd$XI
2025-01-02 05:12:35 UTC	16384	IN	Data Raw: 05 58 90 06 e8 c0 07 c8 c0 0e e8 1e 15 51 d1 07 90 80 52 28 85 57 c4 40 0b c0 80 65 d8 42 2b 94 c2 2c 64 82 26 b4 c2 2d dc 42 30 84 02 27 84 82 30 74 c3 37 64 6e 39 94 03 21 c1 ed 1c fe cc 81 f7 79 01 53 06 c1 3b b3 a9 29 b8 99 9b 82 16 29 5c 56 fa 3d c3 74 68 74 3e bf 9f 9e 92 07 9f f2 3d a0 86 c7 48 81 07 49 ed 94 79 10 fe 2b 58 34 1c d0 29 00 22 e0 43 27 a0 ca ba c2 2c d0 94 2b c8 82 3d bb c7 4a e1 bd fb 51 60 23 c8 42 53 a9 58 53 65 e0 02 24 c7 88 fc f4 11 a8 60 ac 72 95 0d 92 08 4b 0b 40 e9 83 15 98 1f c1 90 d8 f4 ea 3f 07 12 30 89 8d dc 95 4f 4f 81 ee eb 7e 49 ef f4 ee 47 81 72 b8 c1 75 e8 e9 65 11 3f 2a 5c 56 2f 64 2e 31 cc 42 5f cd 82 3a 1c f8 dd 0a 03 97 5c 38 31 04 43 30 90 49 3a b4 43 75 74 96 15 76 7f 67 41 42 1b b6 6e a1 6c 62 a4 8c bf 34 1e Data Ascii: XQR(W@eB+,d&-B0'0t7dn9!yS;))\V=tht>=HIy+X4)"C',+=JQ`#BSXSe$`rK@?0OO~IGrue?*\V/d.1B_:\81C0I:CutvgABnlb4