cdn5.bjhav.cn/blob/2025/0228/1b8b89f631d65bb58f767f92550a9c98
200 OK 33 kB URL GET cdn5.bjhav.cn/blob/2025/0228/1b8b89f631d65bb58f767f92550a9c98
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 1f75b8ec189ad999ebb5f7489dde3f87
414e18463119a7ddaea7101d50ae1e9b85a7f091
7718695dac526027a7f0be56c6358b40a594b56aaae198ced425f23f27d43c5c
GET /blob/2025/0228/1b8b89f631d65bb58f767f92550a9c98 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 32902
date: Sun, 30 Mar 2025 04:26:49 GMT
last-modified: Fri, 28 Feb 2025 04:26:08 GMT
etag: "67c13ae0-8086"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 50003
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25898
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/file/tz_am.js?330129
200 OK 8.9 kB URL GET otc.bjhav.cn/file/tz_am.js?330129
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (9190), with no line terminators
Hash 3203abae53e869425a156a843ea73b08
32f05f74c62dc6d6f101df1f1cd92cfeb190b92d
7434addda3bac9eb0e06f56e43f8e08da344112a14b16ac45c25d82e4172c6e4
GET /file/tz_am.js?330129 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 8920
Connection: keep-alive
x-amz-id-2: qn1RanurcAhQZcRHDMK0Xl2OEC6qExbStGhjz6eBRoHXhPZPOsxtilUmaeLAKPuEt3zrr7yrmO2A/pxrssNNBdnBrI51CTAi
x-amz-request-id: R1TPMF616H0T7534
Last-Modified: Sun, 30 Mar 2025 14:03:41 GMT
x-amz-version-id: OoFkkNJyoDMPHNZH9f5NwreSjDPMgRiG
ETag: "fa921a678eedf467e1057f0c650efc98"
Server: PWS/8.3.1.0.8
Via: 1.1 dianxun143:6 (W), 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 1501
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24338
cdn5.bjhav.cn/blob/b5/71375a896560049b58bb86d62d7715
200 OK 19 kB URL GET cdn5.bjhav.cn/blob/b5/71375a896560049b58bb86d62d7715
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 15360d0c9a5de7df67d3b9ec7172b8c3
a1ad5eb292c31ff3848fc4c68ab60c9630023ecb
e7da1bfbbe81cf12292f4990b72dc0fe509cd9f86b26789d285f0918a6201c7b
GET /blob/b5/71375a896560049b58bb86d62d7715 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 18776
date: Sat, 22 Mar 2025 08:02:30 GMT
last-modified: Wed, 26 Jun 2024 06:49:17 GMT
etag: "667bb9ed-4958"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 728262
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25909
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37781-33333
via: 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/amgg4.js
200 OK 23 kB URL GET otc.bjhav.cn/assets/amgg4.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/amgg4.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 23079
Connection: keep-alive
x-amz-id-2: QF/OPVKBnBSI4qe0KFqLUGufFg+ledKtluEqTkFYeyasA6OuphBMvtekii+PnwObqBjjagYl5SeWP+Kni+dHbg==
x-amz-request-id: 4X8BQXSB76HFQFJA
Last-Modified: Tue, 18 Mar 2025 12:34:02 GMT
ETag: "4e1292fa1fd10b75c5caf9146cb39365"
Server: PWS/8.3.1.0.8
Age: 1130
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_37344-7219
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/header.js?v=11
200 OK 18 kB URL GET otc.bjhav.cn/assets/header.js?v=11
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/header.js?v=11 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 18336
Connection: keep-alive
x-amz-id-2: i8nF2V5/ENWJ3KQDaDOP7Wkzc8fq+sYn6G5TivpoDoL7Z+AAQBNakA/92zBLZPrGn+6+JyO8rLh4BVfyCt5gkA==
x-amz-request-id: NMC7Y6XME0ZDF28W
Last-Modified: Fri, 28 Mar 2025 05:21:00 GMT
x-amz-version-id: l_8Bga1FusdMSzVg1Qlj898bus3PgtyH
ETag: "ef48783dd6a1078f9601533f7cb7c155"
Server: PWS/8.3.1.0.8
Age: 11832
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36173-28513
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/lazysizes-umd.min.js
200 OK 7.9 kB URL GET otc.bjhav.cn/assets/lazysizes-umd.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (8088), with no line terminators
Hash feb3284767aea660f980a3cae0884d09
1628879bab6371c83c94a98118e22d1fabe708bb
66b5c0e7210efbbbc918cc71a2d09e4deac9392fee8b4fe3971f1b97c67fbe9b
GET /assets/lazysizes-umd.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 7904
Connection: keep-alive
x-amz-id-2: xWRbePm2m/sEwQ4qRZR2LTTfw51DpgHqBSZH7GupRFikmF0CyNfPN8selK2pBroPVPSJ7B11Ie4=
x-amz-request-id: R31Y21Z5PSHTCW1H
Last-Modified: Fri, 28 Feb 2025 12:52:16 GMT
ETag: "d243cfebf83b454cc4c89c2ead8507a1"
Server: PWS/8.3.1.0.8
Age: 15682
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36872-53944
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/hk/popMore.js?_v=330129
200 OK 6.1 kB URL GET otc.bjhav.cn/hk/popMore.js?_v=330129
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (5989), with no line terminators
Hash a426883410c7b7b6dba92f960b5813cd
9e2a0fcec12f0f42ed89b0af00877df1919ce6d3
392238ea54fa280335b6e70184dbc741f26fa1e80f269b30d5b77a44c118e00d
GET /hk/popMore.js?_v=330129 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:10 GMT
Content-Type: application/javascript
Content-Length: 6053
Connection: keep-alive
x-amz-id-2: xGPnmhCxKJ5AXYeBGVb4D9xtHD2INRF+qDo3akl1+f0ukPSr1OH7ZyDTKdem1NpHL/16PijxyDw=
x-amz-request-id: 62PC1FCNBB772J7P
Last-Modified: Sun, 30 Mar 2025 14:00:36 GMT
x-amz-version-id: LvSoZCRQQcO_34BPsmSNpoa8xQBuUEkB
ETag: "7053b477addd3e1a5781d95aaa1cc742"
Server: PWS/8.3.1.0.8
Age: 6639
x-ws-request-id: 67e98b5a_PSrdsdgemSTO1sw92_36173-28557
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
dh213018.vqjccv7vwe.cyou/4.html?1
200 OK 17 kB URL GET dh213018.vqjccv7vwe.cyou/4.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /4.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 15:25:37 GMT
etag: W/"67e96271-432b"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: J0UjPaaY0e3HVk22FxOsBjiFVX3aEvUP3AF9W60lbV7bPKlMnbSGVw==
X-Firefox-Spdy: h2
cdn4.bjhav.cn/blob/0e/49bfddd4d8eb60f222a6678aeb3e70
200 OK 25 kB URL GET cdn4.bjhav.cn/blob/0e/49bfddd4d8eb60f222a6678aeb3e70
IP
ASN #131516 Jinhua Weian InfoTech Co., Ltd
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 9259fc47b6cffffcf6d7cdab9025e23d
f36d7097f3717909a357a14e0f589266b06c60fc
6b56abff646e52ec3901aa4aca6a6d4f7eb06ac56dbc3bf6937426bad92f5cd3
GET /blob/0e/49bfddd4d8eb60f222a6678aeb3e70 HTTP/1.1
Host: cdn4.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 25339
date: Mon, 24 Mar 2025 15:01:24 GMT
last-modified: Mon, 24 Jun 2024 06:16:35 GMT
etag: "66790f43-62fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-TNA-01wYM62 [HIT]
age: 530328
x-ws-request-id: 67e98b5c_PS-TNA-01wYM62_21864-25940
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/img/bag.png
200 OK 5.7 kB URL GET otc.bjhav.cn/assets/img/bag.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Hash 5c8e4349eb9cbf47adadb6bc40a4b3ef
073e482d7632a062791d75bddb79e6cfa79a12c4
d361cc19ba56003bf13087c2981908ea3a90c0017244ac92d7a748b8ebc91c1b
GET /assets/img/bag.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/common.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 5655
Connection: keep-alive
x-amz-id-2: LipQ+NbwHaTmhNL5NTQxjC6qXY3YkWEcW0TbGe7kMijpFcqa3TF+u2x107j3RoTtdP23gDxKLto=
x-amz-request-id: CJGZ7HS8FW0BEAAY
Last-Modified: Mon, 17 Mar 2025 11:34:11 GMT
ETag: "5c8e4349eb9cbf47adadb6bc40a4b3ef"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-04oR750:14 (W), 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 13910
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36872-54036
otc.bjhav.cn/assets/qqface.js
200 OK 3.7 kB URL GET otc.bjhav.cn/assets/qqface.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (3793), with no line terminators
Hash 5fb0cfc91909d8b1409ac2b850fc4e4e
a486fa84e8ac4f35037f975d23d724b4b65492dc
3e84df58f914103bb2e7957172375e5100e6bae8658cb07d43bef34b8dbb6d98
GET /assets/qqface.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 3699
Connection: keep-alive
x-amz-id-2: b9SYfdnU+5wRz0q7+4oDnIMa4D6nrO+eDg8jZyLrMBD4crI6bHc2QKrGSctXPAh2cioIH2CUu30=
x-amz-request-id: S1AW0ZRWE35FJJ2Y
Last-Modified: Fri, 28 Feb 2025 12:52:11 GMT
ETag: "97b42fb48ef305944a73d79375534006"
Server: PWS/8.3.1.0.8
Age: 13775
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_37781-33251
via: 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358815378
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358815378
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash e5bde059c4dccd3d9bd68013cca18a00
4f621d7c76f0ef4b763ba601fc306abfedec93f1
f24a0dba94d7c98c9504915b3fc437c7bf00bd051c78a2275bc9e0aaaa20c260
GET /json/time.json?1743358815378 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:15 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:15 GMT
etag: W/"67e98b5f-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5j5JInVEUul70V0KBqVusPJmAxcyFRcT3Uo8BcFI7Lljjc2JjlYMesYR6SmLEo0H0mXPN%2BclkuTI1T0xJ64xP7KTTVh7zC3tv%2B3LHfme7QWAm6kvP9QdjPl3fhvaIWTb%2B9xHvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899eb43da0fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24732&min_rtt=20522&rtt_var=9457&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4997&recv_bytes=1470&delivery_rate=920&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=2093&x=1", cfExtPri, cfHdrFlush;dur=0
tkapi3.352722.com/json/time.json?1743358814375
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358814375
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash b882a3b04d986f954acf5cd434b52afb
9c1e0848d58a6068414751031a0e8d41aa79bb1e
815290d7f1fbfc72eddb947c521983f9d5994d4abca6d505bb0070c2def12ed5
GET /json/time.json?1743358814375 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:14 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:14 GMT
etag: W/"67e98b5e-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4PrH4S%2Fufi5Q0f3ZCfIE%2Fd0dDKQZEjjWOKOp%2FGyLRrP68W8KLgIzCNXcMwYr8%2BLY64jJZ4heCDL%2FGhHhW%2B8UVpUzlvMC0333DYHfWE0xO5pTO9%2FtfRRrWD%2F0E%2BUiw47eLUH1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899eadfdf5fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25296&min_rtt=20522&rtt_var=11105&sent=10&recv=6&lost=0&retrans=0&sent_bytes=3989&recv_bytes=1122&delivery_rate=28943&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=1092&x=1", cfExtPri, cfHdrFlush;dur=0
cdn1.bjhav.cn/blob/2025/0228/c8f6c00ff2781cee8226d0e4b0a0a79f
200 OK 58 kB URL GET cdn1.bjhav.cn/blob/2025/0228/c8f6c00ff2781cee8226d0e4b0a0a79f
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 0221b5fa5a1bac2ea43662fab4a87f50
2a2a61cd5d0e09c345be41eb048e4ed8cfdd3a98
5ae80e7617bee765790c421b691ce66837acf260c45b83ba31cd0638f040b792
GET /blob/2025/0228/c8f6c00ff2781cee8226d0e4b0a0a79f HTTP/1.1
Host: cdn1.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 57769
date: Sun, 30 Mar 2025 05:04:27 GMT
last-modified: Fri, 28 Feb 2025 05:03:19 GMT
etag: "67c14397-e1a9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 47745
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_1207-26443
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
tkapi3.352722.com/json/time.json?1743358826382
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358826382
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash e6059de0af8f9527c7db676e64ffe6ce
01bb4d6bc8acaa7904448acc24f82694190626c6
8624f0d2f4c99b51c6b0d263ded6ee46ab8d6b578c1076dfb89cecee16f4b970
GET /json/time.json?1743358826382 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:26 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:26 GMT
etag: W/"67e98b6a-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSFFEJD60pUoaO2ONZIMUALdaG%2BYNVPpiUwUE%2BM2m%2BGpfVscO4RNxIyiECfxinKNn2u6W%2B98SI%2BvTEKJNRZeFQQ2VYO%2BdVERSlso7QoDmUHPZ1YxhbZPOD7pz2%2BpyJ0DeqxNIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ef8fe8efe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27398&min_rtt=20522&rtt_var=9217&sent=34&recv=30&lost=0&retrans=0&sent_bytes=15128&recv_bytes=5298&delivery_rate=3606&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=13095&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/link4_am.js
200 OK 21 kB URL GET otc.bjhav.cn/assets/link4_am.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/link4_am.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 20659
Connection: keep-alive
x-amz-id-2: hHsCfxLdNxGUPZF1LkEso7E4NJ6pFvE2i1TO71z+dSMF34tc++D3u9k8b9BXu3c/ex1h/3vSpd9Yu3AEQlD2O9hDcygunEbU
x-amz-request-id: TDKN1YQVD9WMFXTE
Last-Modified: Thu, 20 Mar 2025 11:58:47 GMT
x-amz-version-id: TGHu4cl99acNJ24QOYbrETkLpFI2IWN0
ETag: "97d6ecc7311cf23dab079c9dbad8f55e"
Server: PWS/8.3.1.0.8
Age: 1130
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37781-33330
via: 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/6.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24364
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220955
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_37344-7217
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358813374
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358813374
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash a194e5d85d22b70254f112c791594806
fc1545b5f7e4dcb8553f3a5cf61730daf97fd31b
b045e2f26d17c54163c0b38a51dc67134ccbecb79b8c8170451890daa0b04090
GET /json/time.json?1743358813374 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 18:20:13 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:13 GMT
etag: W/"67e98b5d-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NsB7ms9ceKMGyxfe3RvMNR9zlJyfFiopNDR7NC6Y7qwTwJrgnjtUz3LwlXxM3BJ0cpjX7aPWfFwS9uKIWEi2nfM4rVGNJ%2FLbsh3OtIh7M46hziaWBbcqv%2F%2FzNgprRLMkz7fFHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ea7bb56fea4-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20010&min_rtt=19782&rtt_var=2709&sent=11&recv=12&lost=0&retrans=0&sent_bytes=4266&recv_bytes=1337&delivery_rate=218544&cwnd=248&unsent_bytes=0&cid=a165c568d4fe7090&ts=1123&x=0"
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
200 OK 6.4 kB URL GET otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (6628), with no line terminators
Hash 75c0b72be13f43b631344a46fbe47638
abbdc760a0c53a37ce101f221c1833cc10422043
1aff8ef204eff2eacfc61ddebf1e3bd039ba598ec69c37bbcf1916fd465564e8
GET /assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 6361
Connection: keep-alive
x-amz-id-2: 3dAa4pqZCCpA+t5kiXFbG8wjWSw/VeygxDWhS4eeDqOYJNpCSlUYhvJfuBJ8Zq1nseDFZbCwyCEyhhn0RkRqwqxodIyYvXfW
x-amz-request-id: 2FG5M5JWZ6TS4R3G
Last-Modified: Fri, 21 Mar 2025 14:16:38 GMT
x-amz-version-id: rRgy3YlukJRw4Gk3UAJFsGc4wvaRFU47
ETag: "440229a8a7ce0a5413d2aae5d7c68339"
Server: PWS/8.3.1.0.8
Age: 13822
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_34393-20556
via: 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358821381
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358821381
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 034ce9f0064b9939d7685ea42d3c45b6
7a2faa6b9761ac1c7d60ce978c2b876faee7ff04
8b8bc33d312b3d719b70f405909469e3cfaa98f49f9d5690eed33e45575f542c
GET /json/time.json?1743358821381 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:21 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:21 GMT
etag: W/"67e98b65-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nO%2Bxkn3FlwNDzBy2tZTyzdZGnO34baGuTGMIwUXlDVX8U9pW4%2By%2B%2FPA80RxZiBC8SW%2Bm50snezQto3Zd1EfnsvU0nCJjpKzqrXHgeHd2N%2B9slEyd70pRi20Byjk9wlWQSXc%2BLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ed9b98bfe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27104&min_rtt=20522&rtt_var=9569&sent=24&recv=20&lost=0&retrans=0&sent_bytes=10771&recv_bytes=3558&delivery_rate=6694&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=8100&x=1", cfExtPri, cfHdrFlush;dur=0
tkapi3.352722.com/json/time.json?1743358827382
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358827382
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 4ab01d102524daadbe97ce6a385f3ab7
a91ea300acb9750bfb59e3f835c5b8bed6e8060d
2555dfaa36094e93247a43ed75087e922fbf492f0ac35f4360de406af585bea3
GET /json/time.json?1743358827382 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:27 GMT
content-type: application/json
server: cloudflare
last-modified: Sun, 30 Mar 2025 18:20:27 GMT
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
etag: W/"67e98b6b-40"
content-encoding: br
cf-ray: 92899eff4e8cfe96-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15518
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36173-28527
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
dh213018.vqjccv7vwe.cyou/amlinks.js
200 OK 3.7 kB URL GET dh213018.vqjccv7vwe.cyou/amlinks.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (3290), with no line terminators
Hash a4bd80fb0bd0f387657cd83eb4747de4
fbba3f69c83ef9add7b61a36308f5d4df85693df
49b9381a2b8bf9cafec7eb5d4ccdcaca3a5fbe1c82901b1623f585109d578f7e
GET /amlinks.js HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Tue, 25 Feb 2025 05:53:55 GMT
etag: W/"67bd5af3-e81"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: noOwtMeHcK0Rdo1B1VCtzX2OPOTnwPbOlvHmx6cBXX-XqLNxrRpjUQ==
X-Firefox-Spdy: h2
cdn5.bjhav.cn/blob/2025/0228/f1ad454375a2f065e6ccb1e821bbaff7
200 OK 60 kB URL GET cdn5.bjhav.cn/blob/2025/0228/f1ad454375a2f065e6ccb1e821bbaff7
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash a56948f4675656c4a19b511634bb7295
4cce4d21531bb8e48f3dbd4380b17d25bbb4bfb2
f3e7dd0fb7fe1a8815405675a641e9c3f6649d11a653e3def51c33175bca8b15
GET /blob/2025/0228/f1ad454375a2f065e6ccb1e821bbaff7 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 60302
date: Sun, 30 Mar 2025 04:27:18 GMT
last-modified: Fri, 28 Feb 2025 04:26:59 GMT
etag: "67c13b13-eb8e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 49973
x-ws-request-id: 67e98b5b_PS-WDS-014rO219_743-25892
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
tkapi3.352722.com/json/time.json?1743358819380
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358819380
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 0c2a5861100086e1be3cdd2dd0aa0ae9
7ebabd79698f560e0309e3a0cbdcae0093fc4647
dfabd1340c0d19d08b6e89204fec101e96f781f9f67f74a22459b4317a1c8935
GET /json/time.json?1743358819380 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:19 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:19 GMT
etag: W/"67e98b63-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDE0%2BWfSieLGYQj0c62S82VKwNwba5%2F%2FCo4xfQdwgYByX1LoTqzFxqh%2FyvI7Zf9RCX0teURlXGngMN7LbE3pkaNdrkTTanPjPgRqz8aIXuRwqjBu6ioZHMYF5G9o2uw2A1npow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ecd39a8fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29070&min_rtt=20522&rtt_var=10952&sent=20&recv=16&lost=0&retrans=0&sent_bytes=8843&recv_bytes=2862&delivery_rate=7117&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=6101&x=1", cfExtPri, cfHdrFlush;dur=0
img.bjhav.cn/6629666/imgas/caitu.css?1
200 OK 2.4 kB URL GET img.bjhav.cn/6629666/imgas/caitu.css?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subjectbjhav.cn
Fingerprint1F:85:93:B3:CE:77:FC:D4:C8:5A:CA:88:F5:13:73:EF:FD:EC:26:F1
ValiditySat, 15 Feb 2025 02:08:16 GMT - Fri, 16 May 2025 03:05:51 GMT
File type Unicode text, UTF-8 text, with very long lines (2646), with no line terminators
Hash 134cb2d2dcf9cc254057a95ffdce8faa
3fa5449e38da27db994eeab7d5ad2aee8a30f21d
a2dd345fed7d938ffbd70202661a35099a3758ffb0af1c590ebc619b5ed2572f
GET /6629666/imgas/caitu.css?1 HTTP/1.1
Host: img.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 18:20:09 GMT
content-type: text/css
last-modified: Wed, 07 Aug 2024 07:28:52 GMT
vary: Accept-Encoding
etag: W/"66b32234-947"
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 4322
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CTAghMJkesJP8aVAk7GrZwUCWUVVPzSG3aGR8jNYjOSnvF2kaD4eTwG1AmXnshqaJpCqQ2saCbhfsuZeALiHJdmMZs%2FjxmOAzdKiAJc4uF24KgP9jPnYt1zU8gFatqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e909cb5feb4-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19745&min_rtt=19687&rtt_var=3209&sent=11&recv=11&lost=0&retrans=0&sent_bytes=4653&recv_bytes=1304&delivery_rate=220485&cwnd=236&unsent_bytes=0&cid=a57fbac62b5a42c5&ts=64&x=0"
X-Firefox-Spdy: h2
res.ptallenvery.com/am/qnzl.js?330129
200 OK 29 kB URL GET res.ptallenvery.com/am/qnzl.js?330129
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subjectptallenvery.com
Fingerprint99:C7:BA:F4:99:A4:49:2E:A1:45:A6:79:6F:22:39:C9:71:39:F7:7A
ValidityThu, 06 Mar 2025 01:52:30 GMT - Wed, 04 Jun 2025 02:51:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /am/qnzl.js?330129 HTTP/1.1
Host: res.ptallenvery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:11 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gDbuYJXQHXIzlF8ak%2BStrqkioYM5tuV4bhyBrfH2kyARX7sLWvO5dEcIDoKcGO1oiipqUUjOwpHIWNqYIV8RJDOgs9xq%2FIK1AW9TYzRPFb%2BzJJxBELaTjAI56xGQIkG1teN0UpHD"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 07 Feb 2025 11:31:07 GMT
vary: Accept-Encoding
etag: W/"67a5eefb-7126"
expires: Sun, 30 Mar 2025 18:30:11 GMT
cache-control: max-age=300
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-encoding: gzip
cf-cache-status: REVALIDATED
cf-ray: 92899e9b8d49ffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
img.bjhav.cn/6629666/imgas/caitu.css?2
200 OK 2.4 kB URL GET img.bjhav.cn/6629666/imgas/caitu.css?2
IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerGoogle Trust Services
Subjectbjhav.cn
Fingerprint1F:85:93:B3:CE:77:FC:D4:C8:5A:CA:88:F5:13:73:EF:FD:EC:26:F1
ValiditySat, 15 Feb 2025 02:08:16 GMT - Fri, 16 May 2025 03:05:51 GMT
File type Unicode text, UTF-8 text, with very long lines (2646), with no line terminators
Hash 134cb2d2dcf9cc254057a95ffdce8faa
3fa5449e38da27db994eeab7d5ad2aee8a30f21d
a2dd345fed7d938ffbd70202661a35099a3758ffb0af1c590ebc619b5ed2572f
GET /6629666/imgas/caitu.css?2 HTTP/1.1
Host: img.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:11 GMT
content-type: text/css
last-modified: Wed, 07 Aug 2024 07:28:52 GMT
vary: Accept-Encoding
etag: W/"66b32234-947"
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 2324
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FFM2ob2uY%2FWaTqTSUi6inr5nH2WPfgPosPYZmbOf2anjIfDEANZryPywnH5KTUxaXYVHPmiimwHo0Zv6WJ4dEHyKyXB4jXmMdoGP%2FxKlCZ6RhrS5LBc4grR31ZyurxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e9e3d432908-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22798&min_rtt=20385&rtt_var=2320&sent=538&recv=43&lost=0&retrans=0&sent_bytes=601847&recv_bytes=8963&delivery_rate=1887681&cwnd=384000&unsent_bytes=0&cid=b9eb502396873af1&ts=2156&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/4.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: NbS+kwxJtE64doaefQHlwxdGqsHWXBAhcNAr2J3+VGcqA1PxkvW3klRUB/SSeLcx81TzX+qydyKD9JdmFxF4329dOv/5jt8j
x-amz-request-id: DTGFY36PY45QM3HA
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_36872-54041
res.ptallenvery.com/am/wzzl.js?330129
200 OK 40 kB URL GET res.ptallenvery.com/am/wzzl.js?330129
IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerGoogle Trust Services
Subjectptallenvery.com
Fingerprint99:C7:BA:F4:99:A4:49:2E:A1:45:A6:79:6F:22:39:C9:71:39:F7:7A
ValidityThu, 06 Mar 2025 01:52:30 GMT - Wed, 04 Jun 2025 02:51:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /am/wzzl.js?330129 HTTP/1.1
Host: res.ptallenvery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:13 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LhPVQ9iuX3ZF1h7sU13RAAsw%2Fy%2B8d4fBmjkc3TNxk9dHQ%2BWg3lTgKwvgl62LqVRngMMdOsaiPL%2F5JVLiKU0Rs5i8oCfIiHS%2B1Q0QtYTdlrTzHghTb2nIs84WJBAtInWpO4bJblNj"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 26 Feb 2025 05:51:32 GMT
vary: Accept-Encoding
etag: W/"67beabe4-9e48"
expires: Sun, 30 Mar 2025 18:30:13 GMT
cache-control: max-age=300
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-encoding: gzip
cf-cache-status: REVALIDATED
cf-ray: 92899ea76f8bffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
otc.bjhav.cn/need/layer.css?2.0
200 OK 5.6 kB URL GET otc.bjhav.cn/need/layer.css?2.0
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type ASCII text, with very long lines (5588), with no line terminators
Hash a93156dad9bf82c5e873a6145c7c1ca3
6415859f551e151df98801922627d5447ae730d4
149a7dd383a03776f99fe242eb18f4699826d752892cdd6a3d3981d971855a21
GET /need/layer.css?2.0 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: text/css
Content-Length: 5588
Connection: keep-alive
x-amz-id-2: U9hY4h2iJ3c/SYZNviQkXUCHeZs0jZFsjMWR2lgvyfr3Bx/WvAyoswKu2y8KC1VDvR4yuWOoxkw=
x-amz-request-id: JFYPDE52WHT358J1
Last-Modified: Fri, 28 Feb 2025 12:52:17 GMT
ETag: "a93156dad9bf82c5e873a6145c7c1ca3"
Server: PWS/8.3.1.0.8
Age: 217561
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36173-28574
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/2.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15520
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24353
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
img.bjhav.cn/6629666/imgas/style.css?20
200 OK 1.6 kB URL GET img.bjhav.cn/6629666/imgas/style.css?20
IP
Requested by https://dh213018.vqjccv7vwe.cyou/4.html?1
Certificate IssuerGoogle Trust Services
Subjectbjhav.cn
Fingerprint1F:85:93:B3:CE:77:FC:D4:C8:5A:CA:88:F5:13:73:EF:FD:EC:26:F1
ValiditySat, 15 Feb 2025 02:08:16 GMT - Fri, 16 May 2025 03:05:51 GMT
File type ASCII text, with very long lines (1741), with no line terminators
Hash e4625f47766fae2038b61c6ebf896c1d
dd3d987026558cba7ce7cb2f74fb24f82dcca611
befc9ff96a46a857d3db9604f0189a3cc416bfaa784bf1bf200cfa7b6fe12e9e
GET /6629666/imgas/style.css?20 HTTP/1.1
Host: img.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:11 GMT
content-type: text/css
last-modified: Mon, 20 Jan 2025 07:08:58 GMT
vary: Accept-Encoding
etag: W/"678df68a-65b"
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 976
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jz1xFZzDPhf9pRaJ4Y4waqI6b5IhhBpJgh6n8D9TFDd01DGXIym3CilCG5eEK4SB34H7qDyKIYNskz6Y76gO9reEl%2FQzJgqvll3vX5uJk7CDYe%2Brliop8S968p%2BelTc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e9e3d402908-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22798&min_rtt=20385&rtt_var=2320&sent=536&recv=43&lost=0&retrans=0&sent_bytes=600433&recv_bytes=8963&delivery_rate=1887681&cwnd=384000&unsent_bytes=0&cid=b9eb502396873af1&ts=2153&x=1", cfExtPri, cfHdrFlush;dur=0
cdn1.bjhav.cn/blob/2024/1216/822255b9093f7649e383d5b6b877363d
200 OK 289 kB URL GET cdn1.bjhav.cn/blob/2024/1216/822255b9093f7649e383d5b6b877363d
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Size 289 kB (288719 bytes)
Hash ccca83f02e674ea660cbf97ac0a070f7
1b248f0cf3e93dd2b59c9702db9916100d96c13a
cb0a6e47cff07b65d737e80aaed9acc05b5c96bb415e2eab1f5aed8b02dd7344
GET /blob/2024/1216/822255b9093f7649e383d5b6b877363d HTTP/1.1
Host: cdn1.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 288719
date: Wed, 26 Mar 2025 03:53:06 GMT
last-modified: Mon, 16 Dec 2024 04:55:06 GMT
etag: "675fb2aa-467cf"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 397626
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_1207-26437
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: PkuYJVs5gPkQdE/x5DxYptjUxuSHHpMUMtiDWJTVyFo1oEMBkCYgeuuhGM7rg+50EyB8JVpFaYpPgoq2oFWh/2cd+TQ/arQb
x-amz-request-id: DTG80JSN7CRJ16QB
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37344-7310
dh213018.vqjccv7vwe.cyou/favicon.ico
404 Not Found 153 B URL GET dh213018.vqjccv7vwe.cyou/favicon.ico
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
File type HTML document, ASCII text, with no line terminators
Hash 9eb52315059575e5783d1256689e9576
5822d5e6f7eeb1bd56dbf87ca5a4c8990bf2d657
711ba2a7bf05cb9be40ae3522fc0c61d4c37a0b9ac27aee2c289c280e827c72b
GET /favicon.ico HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10; Hm_lvt_937a03648ff9089ee3810b2eebe0c96c=1743358811; Hm_lpvt_937a03648ff9089ee3810b2eebe0c96c=1743358811
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: text/html
content-length: 153
date: Sun, 30 Mar 2025 18:20:13 GMT
server: nginx/1.24.0
x-cache: Error from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _ojSUNBgqDK4IMv1AEkgwEQY9HLp9wWJ_vVn4riO5s3rEEdnVF-KIQ==
X-Firefox-Spdy: h2
img.bjhav.cn/6629666/imgas/style.css?20
200 OK 1.6 kB URL GET img.bjhav.cn/6629666/imgas/style.css?20
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subjectbjhav.cn
Fingerprint1F:85:93:B3:CE:77:FC:D4:C8:5A:CA:88:F5:13:73:EF:FD:EC:26:F1
ValiditySat, 15 Feb 2025 02:08:16 GMT - Fri, 16 May 2025 03:05:51 GMT
File type ASCII text, with very long lines (1741), with no line terminators
Hash e4625f47766fae2038b61c6ebf896c1d
dd3d987026558cba7ce7cb2f74fb24f82dcca611
befc9ff96a46a857d3db9604f0189a3cc416bfaa784bf1bf200cfa7b6fe12e9e
GET /6629666/imgas/style.css?20 HTTP/1.1
Host: img.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 18:20:09 GMT
content-type: text/css
last-modified: Mon, 20 Jan 2025 07:08:58 GMT
vary: Accept-Encoding
etag: W/"678df68a-65b"
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 974
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ccb4okQZ40NPvOxVjsLD9Fz68a0R7E%2ByazS49Xp7LQ4ORtR3TfmBA86Bxr4py0m92Z%2FN1BbwS46SLvzT3PT81zGPUpzAXxBjwkbeMROAiQjCi7mHveKiVO4999pxfnY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e907c56feb4-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19701&min_rtt=19687&rtt_var=4161&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3263&recv_bytes=1188&delivery_rate=220485&cwnd=235&unsent_bytes=0&cid=a57fbac62b5a42c5&ts=49&x=0"
X-Firefox-Spdy: h2
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37344-7297
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15521
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_35525-24378
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/kjimg/f29/ball-green.png
200 OK 14 kB URL GET otc.bjhav.cn/assets/kjimg/f29/ball-green.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced
Hash 7bc5fe3a316aa52a38c7dd0c71847ff5
e508716c75bb2d53f989f3b72b963f2f29ab0ab9
426c826e141f3b3805ce8adf2cd8a4f670f2aae68fd7f46d27353a082dbfbc63
GET /assets/kjimg/f29/ball-green.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: image/png
Content-Length: 14159
Connection: keep-alive
x-amz-id-2: brxSRbEJJRMmqIfkJfLiBs/S2RiCrD5s+EsNJCoLhjzlytog/F8HkvLA+/iF7op+A/eJU9OLtHc=
x-amz-request-id: QH7CGKC9H1Q5ZW9C
Last-Modified: Fri, 28 Feb 2025 12:52:29 GMT
x-amz-version-id: null
ETag: "7bc5fe3a316aa52a38c7dd0c71847ff5"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-04JlJ51:1 (W), 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_35525-24412
otc.bjhav.cn/assets/label-com4.js
200 OK 7.3 kB URL GET otc.bjhav.cn/assets/label-com4.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (7366), with no line terminators
Hash fe43d23fb7db885757b9f8c7e8445d54
1e7467a2c4ea55decb4c417da1c4838220495b87
fbc67f7b75127c30cad2b0bbb8028037d92cab547967412ee6c025f71c40bd76
GET /assets/label-com4.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:10 GMT
Content-Type: application/javascript
Content-Length: 7254
Connection: keep-alive
x-amz-id-2: d1aw0uH2EAgP4ZsDKw/RVWV2aRLTuLa6mg/QffXNYJ4kOxZc0xeT3aUy55JBTGFXoKCQzxilyOc=
x-amz-request-id: R31M62665CPGCYGC
Last-Modified: Fri, 28 Feb 2025 12:52:13 GMT
ETag: "f0ff4fafd09f6489ef07f0876fbf608c"
Server: PWS/8.3.1.0.8
Age: 15680
x-ws-request-id: 67e98b5a_PSrdsdgemSTO1sw92_34393-20445
via: 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/ls.unveilhooks.min.js
200 OK 1.9 kB URL GET otc.bjhav.cn/assets/ls.unveilhooks.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1937), with no line terminators
Hash cbd3d0323c57fcbb35b58612af36e318
bc0099348dd9ce5c231eb1498e09af703b571a2c
a4aa6f6fd17ac4e263583794e23ec166887c40e53e9abd93711e4f916dcbabbd
GET /assets/ls.unveilhooks.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 1872
Connection: keep-alive
x-amz-id-2: gAzoh3pqXu2qxiBLb3MhiSvslGjMfPv+PdPe/M/nkvBY1LKIqJPnFg6b2DPLB+J82MGFGMkK82Yko6zopCc+mI2Kwg3qUqSk
x-amz-request-id: R31P7T30PRGMQWSW
Last-Modified: Fri, 28 Feb 2025 12:52:13 GMT
ETag: "f6a3dd4ecbf227acbafcff33d68dc71d"
Server: PWS/8.3.1.0.8
Age: 16328
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_37344-7231
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/image/top_banner.png
200 OK 6.6 kB URL GET otc.bjhav.cn/image/top_banner.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 362 x 80, 8-bit/color RGBA, non-interlaced
Hash 0085cd1216f048c4789c1ccc7b3b7298
ec3378294eeb587ab00082bb633a992ff5f7807d
c37e12eec8bbdcfc4ca8debc2103765b7c51eb550f569c90faa305cc88cd97fb
GET /image/top_banner.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 6567
Connection: keep-alive
x-amz-id-2: 9U6Ar/k/0f6T1KBoiJURfTgoNj3OcEeEYYI4NJTtS+ME/WEG1S7AHd7VXYzoyw/n5BD3FXq/hg6/vOOfqZHPcw==
x-amz-request-id: SYXDA1MRZAW34XTF
Last-Modified: Mon, 17 Mar 2025 11:39:09 GMT
ETag: "0085cd1216f048c4789c1ccc7b3b7298"
Server: PWS/8.3.1.0.8
Age: 219324
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36173-28577
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
dh213018.vqjccv7vwe.cyou/6.html?1
200 OK 16 kB URL GET dh213018.vqjccv7vwe.cyou/6.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 14:24:08 GMT
etag: W/"67e95408-3daf"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6y53FI1p1ZGqIkOIyaX5c4gE65jVfvemUy4Zo7-keIVcYYcnDsGbsQ==
X-Firefox-Spdy: h2
cdn4.bjhav.cn/blob/2025/0325/063c6cdf12629245e127a89fb27c6590
200 OK 617 kB URL GET cdn4.bjhav.cn/blob/2025/0325/063c6cdf12629245e127a89fb27c6590
IP
ASN #131516 Jinhua Weian InfoTech Co., Ltd
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Size 617 kB (616840 bytes)
Hash 0b51a6130be8004952822fd1490e87d2
d7d49c6b2d72830de7dad3fcfa403f9babe54ed7
f88df2f2a474bcab7b7c107ba211bc30e62c369e015ceeac0bec24106aabe1c8
GET /blob/2025/0325/063c6cdf12629245e127a89fb27c6590 HTTP/1.1
Host: cdn4.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 616840
date: Tue, 25 Mar 2025 03:57:54 GMT
last-modified: Tue, 25 Mar 2025 03:55:50 GMT
etag: "67e22946-96988"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-TNA-01wYM62 [HIT]
age: 483738
x-ws-request-id: 67e98b5c_PS-TNA-01wYM62_21864-25946
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/2.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24350
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/hk/tuku.js?3
200 OK 30 kB URL GET otc.bjhav.cn/hk/tuku.js?3
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hk/tuku.js?3 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 29755
Connection: keep-alive
x-amz-id-2: bzo0awx57F6iVvn8Z6X9fb4weJMKHLSYSxMLuXJtv0XGZkqWGKuV9w6iWTRZnQt7+ig85qcCngjx1SInldCUsQ==
x-amz-request-id: T3P6E4RWBK0P54PT
Last-Modified: Tue, 25 Mar 2025 13:20:41 GMT
x-amz-version-id: V2ja3bnN83Bjpy2kGItmmnucThk_frFk
ETag: "3b93985860304daf40022b497093ee6a"
Server: PWS/8.3.1.0.8
Age: 11770
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36872-53909
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/kj.css
200 OK 57 kB URL GET otc.bjhav.cn/assets/kj.css
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/kj.css HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: text/css
Content-Length: 56961
Connection: keep-alive
x-amz-id-2: 6MT7+QToRaMQHt8O3VroRJnKhW8dDsd6Awi+kGooCB5o3t2cf0ku7JMCe8Sh0+WYGWVfKIfHnbpKvvcb4k3uqg==
x-amz-request-id: PJXY6QQ1GAKWT54F
Last-Modified: Wed, 26 Mar 2025 14:21:16 GMT
x-amz-version-id: qXu8AH9DvDy9ZjFiXsqSKkwpMt..XhlQ
ETag: "62d107b4ab2a6bca95d46e5385a030bf"
Server: PWS/8.3.1.0.8
Age: 13985
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24322
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
cdn4.bjhav.cn/blob/2024/08/21/1f4f392430003177ede9697b79265e10
200 OK 367 kB URL GET cdn4.bjhav.cn/blob/2024/08/21/1f4f392430003177ede9697b79265e10
IP
ASN #131516 Jinhua Weian InfoTech Co., Ltd
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Size 367 kB (367369 bytes)
Hash 41e83d1aa8e614f5a8425405e0b97b20
820835c4f86356c08e2f6086221c25abffefa4e8
28b82ab71a4c267e8e10d292b8e84b0f82afd664f5b72583cd71f306a2a184a7
GET /blob/2024/08/21/1f4f392430003177ede9697b79265e10 HTTP/1.1
Host: cdn4.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 367369
date: Sun, 16 Mar 2025 13:36:22 GMT
last-modified: Wed, 21 Aug 2024 12:30:49 GMT
etag: "66c5ddf9-59b09"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-TNA-01wYM62 [HIT]
age: 1226630
x-ws-request-id: 67e98b5c_PS-TNA-01wYM62_21864-25944
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
cdn9.bjhav.cn/blob/1e/1f75e6599cee66d775f03cacebfbdb
200 OK 22 kB URL GET cdn9.bjhav.cn/blob/1e/1f75e6599cee66d775f03cacebfbdb
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash ff868ec9f5ddd081e563daa7e0f1c6f1
9bb7968d8995621ffe87830530c6e4897175bef7
cc36dab82b18c29ee6cfc6691fe26f7403b9e18caa0e52498a82cc2737773ab3
GET /blob/1e/1f75e6599cee66d775f03cacebfbdb HTTP/1.1
Host: cdn9.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 21809
date: Mon, 24 Mar 2025 15:01:31 GMT
last-modified: Wed, 26 Jun 2024 06:50:02 GMT
etag: "667bba1a-5531"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 530321
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25910
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/1.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: vSSZawIUMApEYuwWJAAD0XzagsGkUtHUjsMe6sYS/5MGxo69yTwer1h+o8Yb0L3Ewou58I1cA2W1h1as7o4A0Q==
x-amz-request-id: DTG7XB1BD1E0VS7Q
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36173-28604
otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
200 OK 6.4 kB URL GET otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
IP
Requested by https://dh213018.vqjccv7vwe.cyou/4.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (6628), with no line terminators
Hash 75c0b72be13f43b631344a46fbe47638
abbdc760a0c53a37ce101f221c1833cc10422043
1aff8ef204eff2eacfc61ddebf1e3bd039ba598ec69c37bbcf1916fd465564e8
GET /assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 6361
Connection: keep-alive
x-amz-id-2: 3dAa4pqZCCpA+t5kiXFbG8wjWSw/VeygxDWhS4eeDqOYJNpCSlUYhvJfuBJ8Zq1nseDFZbCwyCEyhhn0RkRqwqxodIyYvXfW
x-amz-request-id: 2FG5M5JWZ6TS4R3G
Last-Modified: Fri, 21 Mar 2025 14:16:38 GMT
x-amz-version-id: rRgy3YlukJRw4Gk3UAJFsGc4wvaRFU47
ETag: "440229a8a7ce0a5413d2aae5d7c68339"
Server: PWS/8.3.1.0.8
Age: 13822
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_34393-20551
via: 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/comment_v2.js
200 OK 39 kB URL GET otc.bjhav.cn/assets/comment_v2.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/comment_v2.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 39057
Connection: keep-alive
x-amz-id-2: hIL5YW3DMsjd6WSX+9IXS9XJE7WOQEmSeKvUGngCbDIW1NGidpZkU0vFJj1wmMdemAbRxRrP2EqewnU2wBNVcw==
x-amz-request-id: W42CXDKGYRQC7ZRY
Last-Modified: Wed, 19 Mar 2025 08:12:34 GMT
x-amz-version-id: xVrqFBBk3DvWcBxNuZukMknbLRPHxMyb
ETag: "eec1c039b15e1d5dfdebc53da66bf68b"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-046K749:3 (W), 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 13773
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_35525-24240
otc2.bjhav.cn/assets/img/gx.gif
200 OK 5.0 kB URL GET otc2.bjhav.cn/assets/img/gx.gif
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type GIF image data, version 89a, 114 x 46
Hash 64c8fbe482c62dd678b79938724ef368
ff416334dc2695d6ecdba84cf0f025b42de5b40a
16dd10887bee49d07331c0ff4750f64de713aaab56106990a34379167039cec1
GET /assets/img/gx.gif HTTP/1.1
Host: otc2.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: image/gif
Content-Length: 4970
Connection: keep-alive
x-amz-id-2: M7DRGv4Cr2pYPwtOToCgtKWMjMWgEi0towePj6f2uqCupRtgcwqQuhUlgq7bIJpUPbYV5ir0otKZYjxG3ViiUA==
x-amz-request-id: BGFHMFAQKTJPCR62
Last-Modified: Mon, 17 Mar 2025 11:34:00 GMT
x-amz-version-id: null
ETag: "64c8fbe482c62dd678b79938724ef368"
Server: PWS/8.3.1.0.8
Age: 535493
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_37685-3503
via: 1.1 PSrdsdgemSTO1sw92:11 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/2.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: SiI03sY/Ha6JmFfG+gcSi2AY0O7E5Hm1o6ti+xwFI9y+m2XeeKRuPq5Mby6XwXhZeu8mu3ioMvRLVzGBx6yG1sFpc3LCp8Du
x-amz-request-id: DTG5ABCXEB27X9N5
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_34393-20505
otc.bjhav.cn/sock/4.7.5/socket.io.min.js
200 OK 50 kB URL GET otc.bjhav.cn/sock/4.7.5/socket.io.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (49854)
Hash 5f46dd97f716f56f0e649433fe456519
5096d2e8540dbe8ab29b98dda70b6c3c52f49697
d32640d8e45c0b3fd1643a47276e0b3c769432f1b7ef7178c7b47346651730e7
GET /sock/4.7.5/socket.io.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 49952
Connection: keep-alive
x-amz-id-2: 3FuIblJ6N3T7U+bi2z2zSbaExXes6vhbarSWfj0ANZn4QcBYCYShsV6if8JevMhqciJZcBMwYWY=
x-amz-request-id: R31M4WG7HKKVXNZ2
Last-Modified: Fri, 28 Feb 2025 12:52:29 GMT
ETag: "5f46dd97f716f56f0e649433fe456519"
Server: PWS/8.3.1.0.8
Age: 220961
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_35525-24246
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15520
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24361
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/common.css
200 OK 9.4 kB URL GET otc.bjhav.cn/assets/common.css
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type ASCII text, with very long lines (9795), with no line terminators
Hash e24d1e57b1a4a7a719a4ae6b90eafebe
bbded7c97174072447562a46ec08ca5a876571ce
5680a2078e32a3a40940a229312fc95f95ffb39d01b6ca720327e5132d882392
GET /assets/common.css HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: text/css
Content-Length: 9374
Connection: keep-alive
x-amz-id-2: LKMmGvVsl1OJ39pR9lzzol3bvbZPKV+9K5NONcIlld6A2m17laZvSWDna2mRL9idcHv1vpB1DIGyiqRUGE3bDQ==
x-amz-request-id: 2C216V60EG38V1KN
Last-Modified: Thu, 20 Mar 2025 07:52:37 GMT
x-amz-version-id: 63kVs.Qc2iwA5v5X7CK100qwXbAxZL6x
ETag: "532f3a0a5d26de4ad41d688ad5d09e44"
Server: PWS/8.3.1.0.8
Age: 13986
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36872-53908
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
cdn5.bjhav.cn/blob/2025/0326/66fcc87981427190e9ee84882c7623a5
200 OK 57 kB URL GET cdn5.bjhav.cn/blob/2025/0326/66fcc87981427190e9ee84882c7623a5
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 9f997f338150903ed81d3a137e09bf2b
6a467ef590a42f6fcd06fc89f977214a1416703e
f7c9f8437dfa6b2f0d70e8f5738932ae5e07f72d3f025f91ddce7dffc0bd09f7
GET /blob/2025/0326/66fcc87981427190e9ee84882c7623a5 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 56791
date: Wed, 26 Mar 2025 06:29:27 GMT
last-modified: Wed, 26 Mar 2025 06:28:08 GMT
etag: "67e39e78-ddd7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 388245
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25897
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/image/handright.gif
200 OK 1.7 kB URL GET otc.bjhav.cn/image/handright.gif
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type GIF image data, version 89a, 49 x 23
Hash 3fb3c2157266223cf9fcd3c6b5990dc9
4176a8b0af372a0d3a176862e3cbd8581e770bb9
69dc0ebabf27e7de29e5a9fba60301fa0e4c088f1224e24a8074159297f48b76
GET /image/handright.gif HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: image/gif
Content-Length: 1652
Connection: keep-alive
x-amz-id-2: vlxchiBgL1G0rZ5n1fH+gia5BAzWwgbnGxauRUxV3yAJ8NRZmxWCHtrBWVDCTsk4FovSP+ibHEduhaEZlkB7ZUAMGHvfGbY7
x-amz-request-id: W6BJGXWH3EF6MDN6
Last-Modified: Mon, 17 Mar 2025 11:39:13 GMT
x-amz-version-id: null
ETag: "3fb3c2157266223cf9fcd3c6b5990dc9"
Server: PWS/8.3.1.0.8
Age: 117364
x-ws-request-id: 67e98b5d_PSrdsdgemSTO1sw92_36173-28666
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
hm.baidu.com/hm.js?937a03648ff9089ee3810b2eebe0c96c
200 OK 30 kB URL GET hm.baidu.com/hm.js?937a03648ff9089ee3810b2eebe0c96c
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT
File type JavaScript source, ASCII text, with very long lines (624)
Hash cd77176cffa7612c61a9cd6ad8ca7b0f
95f7276b43370044101cd4efc55aaa82e369f215
67a2e727783f1d3b66d3181be9b0f55c6a01140bb27b70eb0ba5b6f51e16af7d
GET /hm.js?937a03648ff9089ee3810b2eebe0c96c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11294
Content-Type: application/javascript
Date: Sun, 30 Mar 2025 18:20:11 GMT
Etag: 34762e3937725696513c0a0cc961ddfc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=9ACD1CA09126048C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/4.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36872-54033
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
200 OK 6.4 kB URL GET otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (6628), with no line terminators
Hash 75c0b72be13f43b631344a46fbe47638
abbdc760a0c53a37ce101f221c1833cc10422043
1aff8ef204eff2eacfc61ddebf1e3bd039ba598ec69c37bbcf1916fd465564e8
GET /assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: application/javascript
Content-Length: 6361
Connection: keep-alive
x-amz-id-2: 3dAa4pqZCCpA+t5kiXFbG8wjWSw/VeygxDWhS4eeDqOYJNpCSlUYhvJfuBJ8Zq1nseDFZbCwyCEyhhn0RkRqwqxodIyYvXfW
x-amz-request-id: 2FG5M5JWZ6TS4R3G
Last-Modified: Fri, 21 Mar 2025 14:16:38 GMT
x-amz-version-id: rRgy3YlukJRw4Gk3UAJFsGc4wvaRFU47
ETag: "440229a8a7ce0a5413d2aae5d7c68339"
Server: PWS/8.3.1.0.8
Age: 13823
x-ws-request-id: 67e98b5d_PSrdsdgemSTO1sw92_36173-28669
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/AnimalsHelper.js
200 OK 11 kB URL GET otc.bjhav.cn/assets/AnimalsHelper.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/AnimalsHelper.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 11260
Connection: keep-alive
x-amz-id-2: 6BOc+Ty2cyCTvLXPLhU69jnDbUpo/D7gVPo4nhmkRDN4XwmdMOhbfMZPlZkeo7h6hl21MHViKN8=
x-amz-request-id: Z7KYWD8Y5QASNMMH
Last-Modified: Fri, 28 Feb 2025 12:52:12 GMT
ETag: "4f30ad941553eeb0a56007817393397f"
Server: PWS/8.3.1.0.8
Age: 16383
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36173-28575
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358825381
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358825381
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 6ab83ad7c475542a6011e2b3620ee0c2
a94aee703c943b8be4cbc0d6c72b52ac2a526efc
0c922d5b20a69fa7468a59d890dd8f0024a7959a4b832b71b3a5912e98c984f6
GET /json/time.json?1743358825381 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:25 GMT
content-type: application/json
server: cloudflare
last-modified: Sun, 30 Mar 2025 18:20:25 GMT
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
etag: W/"67e98b69-40"
content-encoding: br
cf-ray: 92899ef2c881fe96-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
tkapi3.352722.com/json/time.json?1743358820380
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358820380
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash c2f387274bd8e87670a9faf85c1b2dd6
fa5feb587286423877817e05b34df2cd90aa2ecd
63cbfc9aa247d32c47d1a605250e22000b566f150921216f9bc032a47f7cf1ac
GET /json/time.json?1743358820380 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:20 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:20 GMT
etag: W/"67e98b64-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPIb29ZLwiENUR4rNSKi6jffrhszyAHsASRcFTxMqzLfa1KrXFr6XjVKgGheobwgbfHTMGqGYS7HaoyiVIo2MCIBupeJG3%2FrF%2BFKqpNfRxDNCEbddcZkx%2FN2EW2LAkRMGO2%2BVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ed378e4fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28022&min_rtt=20522&rtt_var=10309&sent=22&recv=18&lost=0&retrans=0&sent_bytes=9807&recv_bytes=3210&delivery_rate=6760&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=7101&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/kjimg/f29/nav-icon01.png
200 OK 9.4 kB URL GET otc.bjhav.cn/assets/kjimg/f29/nav-icon01.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 196 x 51, 8-bit/color RGBA, non-interlaced
Hash 621527ee5a8e450f39fe6f9aad873591
cb952473004b93486b7a766723e6063058783625
d03264c1297c02cebec4bb44c97ee8a9293ea8a9f632e389fcafa335b2e3e0a4
GET /assets/kjimg/f29/nav-icon01.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 9422
Connection: keep-alive
x-amz-id-2: aVwRvoo1wh56ybrLTX3sdYbc+3D7jP2uTxq6MoF/5a2BDEaQYD5JfYO2tMr8wSbpYh5Da5X58f2qFV5HsWOAfg==
x-amz-request-id: WNS960RF2YM70QD7
Last-Modified: Fri, 28 Feb 2025 12:52:29 GMT
x-amz-version-id: null
ETag: "621527ee5a8e450f39fe6f9aad873591"
Server: PWS/8.3.1.0.8
Age: 13984
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24336
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
hm.baidu.com/hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2071246738&si=937a03648ff9089ee3810b2eebe0c96c&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome&tt=%E6%BE%B3%E9%97%A8%E5%B0%8F%E8%AF%B8%E8%91%9B%7C600%E5%9B%BE%E5%BA%93%7C%E5%85%AB%E7%99%BE%E5%9B%BE%E5%BA%93%7C%E5%BC%80%E5%A5%96%E6%9C%80%E5%BF%AB%7C%E6%BE%B3%E9%97%A8%E4%BB%8A%E6%99%9A%E5%BF%85%E4%B8%AD%E4%B8%80%E8%82%96%E4%B8%80%E7%A0%81%7C2025%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%E6%9F%A5%E8%AF%A2%7C%E5%85%A8%E5%B9%B4%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%7C%E7%AE%A1%E5%AE%B6%E5%A9%86%E4%B8%89%E8%82%96%E4%B8%89%E6%9C%9F%E5%BF%85%E5%87%BA%E4%B8%80%E6%9C%9F%E5%BF%AB%E5%BC%80%E5%A5%96%E7%9B%B4%E6%92%AD
200 OK 43 B URL GET hm.baidu.com/hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2071246738&si=937a03648ff9089ee3810b2eebe0c96c&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome&tt=%E6%BE%B3%E9%97%A8%E5%B0%8F%E8%AF%B8%E8%91%9B%7C600%E5%9B%BE%E5%BA%93%7C%E5%85%AB%E7%99%BE%E5%9B%BE%E5%BA%93%7C%E5%BC%80%E5%A5%96%E6%9C%80%E5%BF%AB%7C%E6%BE%B3%E9%97%A8%E4%BB%8A%E6%99%9A%E5%BF%85%E4%B8%AD%E4%B8%80%E8%82%96%E4%B8%80%E7%A0%81%7C2025%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%E6%9F%A5%E8%AF%A2%7C%E5%85%A8%E5%B9%B4%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%7C%E7%AE%A1%E5%AE%B6%E5%A9%86%E4%B8%89%E8%82%96%E4%B8%89%E6%9C%9F%E5%BF%85%E5%87%BA%E4%B8%80%E6%9C%9F%E5%BF%AB%E5%BC%80%E5%A5%96%E7%9B%B4%E6%92%AD
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2071246738&si=937a03648ff9089ee3810b2eebe0c96c&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome&tt=%E6%BE%B3%E9%97%A8%E5%B0%8F%E8%AF%B8%E8%91%9B%7C600%E5%9B%BE%E5%BA%93%7C%E5%85%AB%E7%99%BE%E5%9B%BE%E5%BA%93%7C%E5%BC%80%E5%A5%96%E6%9C%80%E5%BF%AB%7C%E6%BE%B3%E9%97%A8%E4%BB%8A%E6%99%9A%E5%BF%85%E4%B8%AD%E4%B8%80%E8%82%96%E4%B8%80%E7%A0%81%7C2025%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%E6%9F%A5%E8%AF%A2%7C%E5%85%A8%E5%B9%B4%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95%7C%E7%AE%A1%E5%AE%B6%E5%A9%86%E4%B8%89%E8%82%96%E4%B8%89%E6%9C%9F%E5%BF%85%E5%87%BA%E4%B8%80%E6%9C%9F%E5%BF%AB%E5%BC%80%E5%A5%96%E7%9B%B4%E6%92%AD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 30 Mar 2025 18:20:11 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4D4F079E5A3AC557; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img.bjhav.cn/6629666/imgas/style.css?20
200 OK 1.6 kB URL GET img.bjhav.cn/6629666/imgas/style.css?20
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerGoogle Trust Services
Subjectbjhav.cn
Fingerprint1F:85:93:B3:CE:77:FC:D4:C8:5A:CA:88:F5:13:73:EF:FD:EC:26:F1
ValiditySat, 15 Feb 2025 02:08:16 GMT - Fri, 16 May 2025 03:05:51 GMT
File type ASCII text, with very long lines (1741), with no line terminators
Hash e4625f47766fae2038b61c6ebf896c1d
dd3d987026558cba7ce7cb2f74fb24f82dcca611
befc9ff96a46a857d3db9604f0189a3cc416bfaa784bf1bf200cfa7b6fe12e9e
GET /6629666/imgas/style.css?20 HTTP/1.1
Host: img.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:11 GMT
content-type: text/css
last-modified: Mon, 20 Jan 2025 07:08:58 GMT
vary: Accept-Encoding
etag: W/"678df68a-65b"
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 976
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q1am7c7KwbGHMeJDFy5fix%2Fp%2BTkFkvVfdXd5z0Kz1i4bUxnr7ng%2FcMjyWy6s96cOdH9OVzf1RDYkSgNYxhEOkKiJ6HMmDXkxbodhZ3BYaRHsD%2BhWhyW1jrCivsyEzSI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e9cc93d2908-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22409&min_rtt=20385&rtt_var=1565&sent=466&recv=22&lost=0&retrans=0&sent_bytes=539902&recv_bytes=2566&delivery_rate=255565&cwnd=384000&unsent_bytes=0&cid=b9eb502396873af1&ts=1921&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/img/ios.png
200 OK 5.3 kB URL GET otc.bjhav.cn/assets/img/ios.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Hash d4e5d263437df88530246e3691844812
49f1d29ce537dc0c3a1485fdcc483153d33c1cc5
3fe7c24791c3dcb0e27fb33b8970960b39e4fb40127f1d21ce642219b1c9dcc1
GET /assets/img/ios.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/common.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 5342
Connection: keep-alive
x-amz-id-2: IU1fGEL1AmHA9C3clXTaE+I9PveHuNVQA9KudXRK4P/G0BgVaFjp+ZPw+CMOEfnYil3Aw6BhEdY=
x-amz-request-id: YAHGCFT0J1XZQ9MY
Last-Modified: Mon, 17 Mar 2025 11:34:08 GMT
ETag: "d4e5d263437df88530246e3691844812"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-04oR750:14 (W), 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 13910
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24366
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/6.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15521
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_35525-24377
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
dh213018.vqjccv7vwe.cyou/#welcome
200 OK 10 kB URL User Request GET dh213018.vqjccv7vwe.cyou/#welcome
IP
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (10481), with no line terminators
Hash cdc2dad91340894453ba85f60d2287de
8cb69477a1b1b3acfb511f8b8d5639a197908c5a
e594e5061e7f3f0938630bfdbf0530a5c4c84271a96f3ba5cee09158acb45338
GET / HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://am059.6629666.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:09 GMT
server: nginx/1.24.0
last-modified: Tue, 25 Mar 2025 06:19:04 GMT
etag: W/"67e24ad8-28b9"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: URD05-XIZ8fjJZju6ZdYjVJS9S6QHiS1RkomZKlgHP3KbFvTUUDWQQ==
X-Firefox-Spdy: h2
dh213018.vqjccv7vwe.cyou/5.html?1
200 OK 39 kB URL GET dh213018.vqjccv7vwe.cyou/5.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /5.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 14:24:08 GMT
etag: W/"67e95408-98a7"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TsvZ-QmLJoDr-IoYDMw0ja1bols1Fndjxsf7bMn27FTj_49twaYNAg==
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/kjimg/f29/ball-blue.png
200 OK 14 kB URL GET otc.bjhav.cn/assets/kjimg/f29/ball-blue.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced
Hash 6e141744c33be6c2460f32d71adfc2cb
2b5535163b3e18eff10153da4ef3be32fefe7cf5
89cd3fb4526f24366c9610f9709c2a1b79e527ef00d7a274dfc16d8b8cb26a56
GET /assets/kjimg/f29/ball-blue.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: image/png
Content-Length: 13675
Connection: keep-alive
x-amz-id-2: piS/VsEYcqyby0j9nm2GGTu5t3VbPFbHHHty7dMauGOiQxJz+Lz9vXf5EULM/BciT2LesPBGyKw=
x-amz-request-id: W66D358W3AN9GKQX
Last-Modified: Fri, 28 Feb 2025 12:52:30 GMT
x-amz-version-id: null
ETag: "6e141744c33be6c2460f32d71adfc2cb"
Server: PWS/8.3.1.0.8
Via: 1.1 x140:4 (W), 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_36872-54062
tkapi3.352722.com/json/time.json?1743358816379
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358816379
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 109e7bae3b08b3e17587669316953263
8dfe50b609dfe8810d7469063d4c0d46d3c7fb84
ff969a969f8da2b08d33d054c8395752ad6663445fcdd9cec7ed3cd0d22d6783
GET /json/time.json?1743358816379 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:16 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:16 GMT
etag: W/"67e98b60-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZ384cuMcV0Z2nJPcVSXtog3WX2iIhWHwXu32JrWVdRSIrwOJ7SaSchrGWCc%2BYSeDI7klvmMg52aVniT10snkgURwtowhlW33symBY3gxdfszeXB5vK6sglYqbLVJnXwPt1YlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899eba7cf6fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26636&min_rtt=20522&rtt_var=10901&sent=14&recv=10&lost=0&retrans=0&sent_bytes=5957&recv_bytes=1818&delivery_rate=7049&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=3092&x=1", cfExtPri, cfHdrFlush;dur=0
tkapi3.352722.com/json/time.json?1743358823382
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358823382
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 665855ff751516bd1d09644a50f26bd9
930fbce25c3620d7fc695674611d981e5ab54a04
47fe8ff9bd37cc62184ca3479e482e4d706d6100a4c5245435d7fc5ea1f50f58
GET /json/time.json?1743358823382 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:23 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:23 GMT
etag: W/"67e98b67-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Odiw3albhhxQj0cyvxukJmUNJT87gRMfPA53JbwEXdcFUOelGGcbe0ZCUenW2PTChRYdMcAfcB6HPtbUlu4P8UA2bwmyFgz1%2B0w9hVjvmf04kbOrOtzadrTn0QueBZ14vh0%2Bbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ee63fcffe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27726&min_rtt=20522&rtt_var=9753&sent=28&recv=24&lost=0&retrans=0&sent_bytes=12707&recv_bytes=4254&delivery_rate=7164&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=10094&x=1", cfExtPri, cfHdrFlush;dur=0
cdn5.bjhav.cn/blob/2025/0228/038bdfeaa487873ce0da74e3aab71d94
200 OK 13 kB URL GET cdn5.bjhav.cn/blob/2025/0228/038bdfeaa487873ce0da74e3aab71d94
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 355472c1b4f7584a3e768b7e465a5fcd
80f34f7f0eb43cb4b709a6bd49bf61ae257aac21
ca0ad1aaaa89e3919fec4abf82dfa4fa8e2706bd4b17347e7e7d33da7e335890
GET /blob/2025/0228/038bdfeaa487873ce0da74e3aab71d94 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 13366
date: Sun, 30 Mar 2025 04:53:00 GMT
last-modified: Fri, 28 Feb 2025 04:52:31 GMT
etag: "67c1410f-3436"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 48432
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25902
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
dh213018.vqjccv7vwe.cyou/3.html?1
200 OK 19 kB URL GET dh213018.vqjccv7vwe.cyou/3.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /3.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 14:24:07 GMT
etag: W/"67e95407-4a11"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lP_DfXuLyogRtAuZladpYYpF6sv18qrzRCmGq_Dp0WtZ8wre5lOdlQ==
X-Firefox-Spdy: h2
wss://ws.edgoapp.com/socket.io/?EIO=4&transport=websocket
101 Switching Protocols 0 B URL GET wss://ws.edgoapp.com/socket.io/?EIO=4&transport=websocket
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subjectedgoapp.com
FingerprintBC:01:88:B2:F1:CA:6E:21:5E:27:00:98:50:BE:08:54:60:45:46:6D
ValiditySat, 14 Dec 2024 00:00:00 GMT - Tue, 13 Jan 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=4&transport=websocket HTTP/1.1
Host: ws.edgoapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://dh213018.vqjccv7vwe.cyou
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ssHWTnR5rhkJZD2QbjUMtg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: 9gvxXGG2Ir3VeTxCFZIKqx4Sl7Y=
hm.baidu.com/hm.js?120560b7f2a5f4d6fc31f76a9fc62e41
0 B URL GET hm.baidu.com/hm.js?120560b7f2a5f4d6fc31f76a9fc62e41
IP
Requested by https://am059.6629666.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hm.js?120560b7f2a5f4d6fc31f76a9fc62e41 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://am059.6629666.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/1.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15520
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36872-54034
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/jquery.min.js
200 OK 96 kB URL GET otc.bjhav.cn/assets/jquery.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/4.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (32341)
Hash 52d16e147b5346147d0f3269cd4d0f80
4566b5815f47f976c7c3d3083c600ad5561b6fc0
2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17
GET /assets/jquery.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 96380
Connection: keep-alive
x-amz-id-2: pggDGd053UlttheD02UycsgSDGD3LUoU0ycJSr10RAo/DH0lrY12MFx+VkdcNVKKsVoYuduxVkgjEkhqzRmen/elaPw+yJRE
x-amz-request-id: SVGWQ85VZBKZAVM9
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "52d16e147b5346147d0f3269cd4d0f80"
Server: PWS/8.3.1.0.8
Age: 15521
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_35525-24374
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/5.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: qRXyGTcG+vH7j4Dkn3cr3rClame85D3VG6/e654tgVKuGDu2lJ9sWBN1ZMMqd5ST2terFlGe0XuYeiNHgSmncsA9ghymO4zh
x-amz-request-id: DTGERWB7A096A6Y0
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_35525-24382
otc.bjhav.cn/com.js
200 OK 1.5 kB IP
Requested by https://dh213018.vqjccv7vwe.cyou/1.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (1557), with no line terminators
Hash b94bdc3a236f77d1e3f85f0d7d997b91
558a28a1b9ba3ea8ce60f21f4c66307c851684e3
4f048bb85aecfe6af61266934f4d7877728f9f42a57c0ea3a52582c28c897840
GET /com.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 1500
Connection: keep-alive
x-amz-id-2: 1Z3j7M0UMvCeRvB+AOG3DY7s1LiRmNcyuIb7Yx3Ug/8RkTYCVYmEnCT479S0SeFo5vErHTyloL/CBt9B/vFKwg==
x-amz-request-id: 0V5BY9JF3VXX0FJP
Last-Modified: Sun, 23 Mar 2025 09:40:50 GMT
x-amz-version-id: i9xgm6p9KQI61rfijoRajDyR8aVAytOn
ETag: "3c8316b3213bbe06388e703d72780e0c"
Server: PWS/8.3.1.0.8
Age: 220957
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_35525-24356
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
cdn5.bjhav.cn/blob/2024/0930/825cd175f37ca2565a5902bb35e17f62
200 OK 234 kB URL GET cdn5.bjhav.cn/blob/2024/0930/825cd175f37ca2565a5902bb35e17f62
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Size 234 kB (233635 bytes)
Hash e0a619b7343e7722b5233a5ce8b26a54
63705d1566ae9b0e2a65b62ed4b0c8350862e098
db8a75c8bc7544de3999e5ece3282676ae0fc64e9ea4d25ccd6d3b4888bed131
GET /blob/2024/0930/825cd175f37ca2565a5902bb35e17f62 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 233635
date: Wed, 19 Mar 2025 08:32:47 GMT
last-modified: Mon, 30 Sep 2024 12:58:22 GMT
etag: "66faa06e-390a3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 985644
x-ws-request-id: 67e98b5b_PS-WDS-014rO219_743-25894
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/kjimg/f29/ball-red.png
200 OK 14 kB URL GET otc.bjhav.cn/assets/kjimg/f29/ball-red.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced
Hash 395ad9c5fef31bfee32f37e55540eaaf
1691debb001467698a0e5097cb41923d1bf336c1
fb2e5cb5a3d56be9af6e97ca06b27d9434bff31b3095a3bd5053f045aefb71d8
GET /assets/kjimg/f29/ball-red.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: image/png
Content-Length: 13722
Connection: keep-alive
x-amz-id-2: CZpR8SY+z7IzFX1Fvur7JgmUNICkCz9pIlGFCvJguoRHJFhBotkfe/A6SECXy7GPJbw6zdMm0K7t3WbN6bYMeFJfsfUcT/SR
x-amz-request-id: SEQVV686Q2CJ81GJ
Last-Modified: Fri, 28 Feb 2025 12:52:29 GMT
x-amz-version-id: null
ETag: "395ad9c5fef31bfee32f37e55540eaaf"
Server: PWS/8.3.1.0.8
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_36173-28652
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358822382
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358822382
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 5ae0a1691613fa86389aaadd36d64c8a
63ed6361f3b4e7de01e5fa49b94f009c25fbcc77
b97239b8826c05dc87210a2fad856befb88bede185f472eaea273227c67d0b37
GET /json/time.json?1743358822382 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:22 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:22 GMT
etag: W/"67e98b66-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrEhhQltNoUkKSJWVW1kOBC8O2B%2F3U8dSdMbsk%2F2dEipMKSynI5SEUoWHUbQ%2BKy8hoy4DP48Qh9qpkaEWgtcdqLb9yj6lr%2BBRkMTbkfAQRFx6KHZ5HVaI2sVepSbO0C8Y%2F97Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899edff89efe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28708&min_rtt=20522&rtt_var=10385&sent=26&recv=22&lost=0&retrans=0&sent_bytes=11740&recv_bytes=3906&delivery_rate=6859&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=9092&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/img/web.png
200 OK 2.9 kB URL GET otc.bjhav.cn/assets/img/web.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Hash f24530cfde75d268978d442b83695623
f515cb809a7af42b0ac2632d24433f159920b17f
59563fd050c2c64916c411e9ffd48319f02ae4ca5e4024a649cc7e51d1062bc5
GET /assets/img/web.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/common.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 2931
Connection: keep-alive
x-amz-id-2: E6AMI6g00Ilew3PD8AlR7c1ac78DLatqGPTeKmTDNlReqsAf/XH7Dp+brjFdgedLy/nadJcdESJheHxq39MM3ZXbYzkivtVr
x-amz-request-id: YAHGQB570EVPR0R6
Last-Modified: Mon, 17 Mar 2025 11:34:08 GMT
ETag: "f24530cfde75d268978d442b83695623"
Server: PWS/8.3.1.0.8
Via: 1.1 dianxun143:10 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 11827
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37781-33334
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/6.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: 2F5dTjm8JblScnouwrtnp+ftLDYL8BH0LIjtBJdYszuKT47fjlzXe3BNl7L6PunN4vfDiVcmJf8=
x-amz-request-id: DTG1WT1N7FMY7VAG
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 x140:5 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN, ms x140HKG(origin)
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_37781-33341
tkapi3.352722.com/json/time.json?1743358824382
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358824382
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 150727830bc4c00c9995a8386fc99264
d6d336bf760252bb8a3d144100b10aa78c58ce37
158fd07d5eb517d96e8839609ea53398896c057b72ad9a9572a58133b512b258
GET /json/time.json?1743358824382 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:24 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:24 GMT
etag: W/"67e98b68-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JG3AJMDgokRST8XwoJEm0%2BxuONDQeFYfdO%2F1m6PXhZrW%2FIXHLZ4VibnV%2FMHJZ3UbymTSrSahgJcjYPzAn0GSq9rdLDYvRsm9O%2FLJJl%2BMe1046vAKlAB57EBaD6zR2zsTsozaSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899eec793efe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29317&min_rtt=20522&rtt_var=10497&sent=30&recv=26&lost=0&retrans=0&sent_bytes=13667&recv_bytes=4602&delivery_rate=7131&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=11100&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/assets/kjimg/f29/Refresh.png
200 OK 2.1 kB URL GET otc.bjhav.cn/assets/kjimg/f29/Refresh.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 54 x 28, 8-bit/color RGBA, non-interlaced
Hash 4af418b1362e12e526176fa6270d60cb
0d99d0952a9a61a93ece42aede0c72c0813055d4
0313661b868a5a0213bb759171b3fd5f6e29e44dcb69d38039b100380bab9935
GET /assets/kjimg/f29/Refresh.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/png
Content-Length: 2120
Connection: keep-alive
x-amz-id-2: IO4/A+vo/uOH2Vt3NLXIE6hRON/CRToNORXQ+/mjPox0ST6O5kJMklKyeEhWef5xtwCdDjFsQL55yPeEZfUjAA==
x-amz-request-id: WNS4BB8DJZDPCCFZ
Last-Modified: Fri, 28 Feb 2025 12:52:30 GMT
x-amz-version-id: null
ETag: "4af418b1362e12e526176fa6270d60cb"
Server: PWS/8.3.1.0.8
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36872-54001
via: 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
cdn4.bjhav.cn/blob/2024/0901/c34ecb8ed998eed882d5f35b0b5d1c71
200 OK 202 kB URL GET cdn4.bjhav.cn/blob/2024/0901/c34ecb8ed998eed882d5f35b0b5d1c71
IP
ASN #131516 Jinhua Weian InfoTech Co., Ltd
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Size 202 kB (202017 bytes)
Hash e6796eccfb909adfea3f5a43bc83383e
0a15c9904431089c51f851f53c43aa807fa66934
15893d594a2112fe4eb52e9396cb64905cf7ba9262707b3874711ec34b723aa9
GET /blob/2024/0901/c34ecb8ed998eed882d5f35b0b5d1c71 HTTP/1.1
Host: cdn4.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 202017
date: Mon, 24 Mar 2025 15:29:36 GMT
last-modified: Sun, 01 Sep 2024 12:50:06 GMT
etag: "66d462fe-31521"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-TNA-01wYM62 [HIT]
age: 528636
x-ws-request-id: 67e98b5c_PS-TNA-01wYM62_21864-25932
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/image/jp.png
200 OK 1.9 kB URL GET otc.bjhav.cn/image/jp.png
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
Hash 630ff9d7cb30bac0b2f295540f9bde9f
ad880319ce59a2bcac4222843f220ef966c63a4c
8e5e7e6510869fed31d9412a4575664b7d77ca04795cb649a788fad01d090600
GET /image/jp.png HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: image/png
Content-Length: 1891
Connection: keep-alive
x-amz-id-2: arZHNSO5kePzQbujSfCO6qg/MpvyJFlMBq/86OmOeFx4udL/EZt6zMAg8VQInSx9lKhF4ijTdyE=
x-amz-request-id: W6BT8DP2M9PZ39AY
Last-Modified: Mon, 17 Mar 2025 11:39:13 GMT
x-amz-version-id: null
ETag: "630ff9d7cb30bac0b2f295540f9bde9f"
Server: PWS/8.3.1.0.8
Age: 117364
x-ws-request-id: 67e98b5d_PSrdsdgemSTO1sw92_35525-24423
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358817380
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358817380
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 5d2ce3404f4231ba68d69a1ecced845c
8c617cdd57fee5220fd8de3a53efd5366b68fa97
10bb8fef1381b1e32b73c493029f3c51e2ec04fc12938e337db0b324cc6998b5
GET /json/time.json?1743358817380 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:17 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:17 GMT
etag: W/"67e98b61-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtisk5op6sWe2NohW3ApQIrWRzkTizAyEJRsRXwL8lXuyj%2F3F3GZFPka6qO0Vo%2FqUoexOo4ZQgK02cwWPg%2Bhhh3DGxHihVi8eXGUZBnS1GsBiXpEnVl1c%2FanMk%2BnWGhUrRLCiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ec0dce1fe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28346&min_rtt=20522&rtt_var=11595&sent=16&recv=12&lost=0&retrans=0&sent_bytes=6915&recv_bytes=2166&delivery_rate=7118&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=4113&x=1", cfExtPri, cfHdrFlush;dur=0
tkapi3.352722.com/json/time.json?1743358818380
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358818380
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 68b1ced39f7f9ea4493a312b0d35d262
6bec9f302fa6db7fdbea52a80a8f95193022ae4f
2d289c264a932a8b4b90b2012a4ec9c4ed61016dc6202fb161efeecaee146e4b
GET /json/time.json?1743358818380 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 18:20:18 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:18 GMT
etag: W/"67e98b62-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99W%2FelqeEQzhhepP40U8OSM%2BD2HIctS%2Fx1ReqZTcJIRWTehq7PEg9IlS8mwbGQBDnUgh3SQt%2FVNppphsSIxSLG6YF2wzFoJNI6rWAxMXvosr37PQp1h6oEqANkRat3jWGEZWvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ec6fb0bfe96-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27494&min_rtt=20522&rtt_var=10400&sent=18&recv=14&lost=0&retrans=0&sent_bytes=7879&recv_bytes=2514&delivery_rate=6721&cwnd=12000&unsent_bytes=0&cid=c2a2520608d74b9d&ts=5096&x=1", cfExtPri, cfHdrFlush;dur=0
otc.bjhav.cn/image/geili.gif
200 OK 5.9 kB URL GET otc.bjhav.cn/image/geili.gif
IP
Requested by https://dh213018.vqjccv7vwe.cyou/3.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type GIF image data, version 89a, 22 x 22
Hash 907b3e81d16afb9df5ef023ede0eddf1
28e9ec7a3882fec8c63dd731b06a9bbcc179aff7
ed5a400527834e3e0ea2330c86c2de622e7588bd3a1b4066d97711233fa1353c
GET /image/geili.gif HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:13 GMT
Content-Type: image/gif
Content-Length: 5871
Connection: keep-alive
x-amz-id-2: n5Qi5GQ0avXQgIC0UP+LE1ImqeJsLuOg2OBJNy9K6Vk4bt5Izx/9v9jFAz90ex7nH34XWUh6Ypo27AFH5L+CM2xCsDzkJMJ9
x-amz-request-id: W6BPZPYXTWN0VAEG
Last-Modified: Mon, 17 Mar 2025 11:39:17 GMT
x-amz-version-id: null
ETag: "907b3e81d16afb9df5ef023ede0eddf1"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-04oR750:11 (W), 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 117364
x-ws-request-id: 67e98b5d_PSrdsdgemSTO1sw92_34393-20568
dh213018.vqjccv7vwe.cyou/2.html?1
200 OK 19 kB URL GET dh213018.vqjccv7vwe.cyou/2.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 14:24:07 GMT
etag: W/"67e95407-4974"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8mAhdK-xsvMstQNMq69c9ZIDP-hpuyeDxm95o2JDh-Ecx-E3EJhZzw==
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?120560b7f2a5f4d6fc31f76a9fc62e41
200 OK 30 kB URL GET hm.baidu.com/hm.js?120560b7f2a5f4d6fc31f76a9fc62e41
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT
File type JavaScript source, ASCII text, with very long lines (624)
Hash 91bb1d3690992b3235fbc73f24fdc6ad
31990564dfdd5473742b7b964cdc4c9695d11380
55908c9ab70b1d229cc8d82b2cdd19b779cf42560c75a8fba17f657589377882
GET /hm.js?120560b7f2a5f4d6fc31f76a9fc62e41 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11294
Content-Type: application/javascript
Date: Sun, 30 Mar 2025 18:20:10 GMT
Etag: 38e2868c029e8ebe736570af43d3b1a5
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B37A6EEB3A242E10; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
cdn5.bjhav.cn/blob/2025/0101/17f37fdaa6c4371ae4af0929c5d25431?pt7
200 OK 32 kB URL GET cdn5.bjhav.cn/blob/2025/0101/17f37fdaa6c4371ae4af0929c5d25431?pt7
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash 84f48e139ec4b3b96592269652b686af
9be75dbed679c5690ac6128971ea6749bba9a37f
371aa7e89b000aefe82def470eacd1eb56e30d944b902b93e93b10555e53c627
GET /blob/2025/0101/17f37fdaa6c4371ae4af0929c5d25431?pt7 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 32057
date: Sun, 30 Mar 2025 17:54:17 GMT
last-modified: Wed, 01 Jan 2025 08:02:48 GMT
etag: "6774f6a8-7d39"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 1555
x-ws-request-id: 67e98b5c_PS-WDS-014rO219_743-25903
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
200 OK 6.4 kB URL GET otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
IP
Requested by https://dh213018.vqjccv7vwe.cyou/1.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (6628), with no line terminators
Hash 75c0b72be13f43b631344a46fbe47638
abbdc760a0c53a37ce101f221c1833cc10422043
1aff8ef204eff2eacfc61ddebf1e3bd039ba598ec69c37bbcf1916fd465564e8
GET /assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 6361
Connection: keep-alive
x-amz-id-2: 3dAa4pqZCCpA+t5kiXFbG8wjWSw/VeygxDWhS4eeDqOYJNpCSlUYhvJfuBJ8Zq1nseDFZbCwyCEyhhn0RkRqwqxodIyYvXfW
x-amz-request-id: 2FG5M5JWZ6TS4R3G
Last-Modified: Fri, 21 Mar 2025 14:16:38 GMT
x-amz-version-id: rRgy3YlukJRw4Gk3UAJFsGc4wvaRFU47
ETag: "440229a8a7ce0a5413d2aae5d7c68339"
Server: PWS/8.3.1.0.8
Age: 13821
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_37344-7301
via: 1.1 PSrdsdgemSTO1sw92:8 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
tkapi3.352722.com/json/time.json?1743358812305
200 OK 64 B URL GET tkapi3.352722.com/json/time.json?1743358812305
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGoogle Trust Services
Subject352722.com
FingerprintDE:F5:80:3A:85:7E:34:B0:4D:F1:E9:AC:87:6A:38:ED:A8:58:18:19
ValidityTue, 11 Feb 2025 03:36:44 GMT - Mon, 12 May 2025 04:34:31 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 2147f47e0b18730864942045803a92ac
4f7318ed1a2601afedaa2827af39315b2dd7ac1e
eeb485f10cb58d8f65eba5d6d3666b7dffef6dacb54bcf74b50238c27c250d35
GET /json/time.json?1743358812305 HTTP/1.1
Host: tkapi3.352722.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh213018.vqjccv7vwe.cyou/
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 18:20:12 GMT
content-type: application/json
last-modified: Sun, 30 Mar 2025 18:20:12 GMT
etag: W/"67e98b5c-40"
cache-control: public, max-age=60
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, DELETE
access-control-allow-headers: Accept, Accept-Encoding, Accept-Language, Cache-Control, Connection, Authorization, Content-Type, lang, token, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1jWRleWcb5umPWV23uRI6enX4nZJXfyLSSAik3XTkFQybFFMKhQqHl2ViwygXKwXbmkOpowN%2BcggHV1TiJeZiwXsSqukllDg%2Bk9EqmqDi2K4yKOExxLAPQcxmJQzn1ARxp0ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899ea19be8fea4-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19931&min_rtt=19782&rtt_var=3403&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3273&recv_bytes=1248&delivery_rate=218544&cwnd=245&unsent_bytes=0&cid=a165c568d4fe7090&ts=141&x=0"
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
200 OK 6.4 kB URL GET otc.bjhav.cn/assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong
IP
Requested by https://dh213018.vqjccv7vwe.cyou/2.html?1
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (6628), with no line terminators
Hash 75c0b72be13f43b631344a46fbe47638
abbdc760a0c53a37ce101f221c1833cc10422043
1aff8ef204eff2eacfc61ddebf1e3bd039ba598ec69c37bbcf1916fd465564e8
GET /assets/js/redbag-cdown.js?zone=ASIA/Hong_Kong HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:12 GMT
Content-Type: application/javascript
Content-Length: 6361
Connection: keep-alive
x-amz-id-2: 3dAa4pqZCCpA+t5kiXFbG8wjWSw/VeygxDWhS4eeDqOYJNpCSlUYhvJfuBJ8Zq1nseDFZbCwyCEyhhn0RkRqwqxodIyYvXfW
x-amz-request-id: 2FG5M5JWZ6TS4R3G
Last-Modified: Fri, 21 Mar 2025 14:16:38 GMT
x-amz-version-id: rRgy3YlukJRw4Gk3UAJFsGc4wvaRFU47
ETag: "440229a8a7ce0a5413d2aae5d7c68339"
Server: PWS/8.3.1.0.8
Age: 13822
x-ws-request-id: 67e98b5c_PSrdsdgemSTO1sw92_36173-28620
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/jquery.cookie.js
200 OK 1.9 kB URL GET otc.bjhav.cn/assets/jquery.cookie.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (2000), with no line terminators
Hash d836692714742a0ac61321dd76ffba6d
8494e95add8308ac285abb841489e1d8c663a09e
f0a76bfce13e959e2650df99e5480d1f0753b65da8f2e6287f0bb3d7bb7acc6c
GET /assets/jquery.cookie.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 1939
Connection: keep-alive
x-amz-id-2: 8X8cAx5pGE3Vabu/pDCgiqojUozSxul3Ixg+EeWHheOwwt7VG8Y5LWy/BQ/sfaawXfKhWRd67KY=
x-amz-request-id: S1AKCQF56DXJF626
Last-Modified: Fri, 28 Feb 2025 12:52:15 GMT
ETag: "fd59d9457bc479bdb7a6349532688d28"
Server: PWS/8.3.1.0.8
Age: 13774
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_36173-28506
via: 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
hm.baidu.com/hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2008186985&si=120560b7f2a5f4d6fc31f76a9fc62e41&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome
200 OK 43 B URL GET hm.baidu.com/hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2008186985&si=120560b7f2a5f4d6fc31f76a9fc62e41&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?hca=B37A6EEB3A242E10&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2008186985&si=120560b7f2a5f4d6fc31f76a9fc62e41&su=https%3A%2F%2Fam059.6629666.com%2F&v=1.3.2&lv=1&sn=62276&r=0&ww=1280&u=https%3A%2F%2Fdh213018.vqjccv7vwe.cyou%2F%23welcome HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 30 Mar 2025 18:20:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=47EA1D105661C905; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
otc.bjhav.cn/assets/kjimg/f29/kj-bg.jpg
200 OK 259 kB URL GET otc.bjhav.cn/assets/kjimg/f29/kj-bg.jpg
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type PNG image data, 800 x 280, 8-bit/color RGBA, non-interlaced
Size 259 kB (258790 bytes)
Hash 9caed03dcc0f03ca2000cda5dbe1c664
94db6886bd7888ad77f21071cb6cd972b81be36e
64e062531aba616022a150baca8382db2a73c104c5bbef3e7de802e7fabcacdc
GET /assets/kjimg/f29/kj-bg.jpg HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://otc.bjhav.cn/assets/kj.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: image/jpeg
Content-Length: 258790
Connection: keep-alive
x-amz-id-2: BExmBNqFpEVQzqVzPRcjxHrHdcRIi9A5fo+ksmj8NKJg60wEuDZJlC1PMIstjnWDEbSwq3tOAso+L2A5HhY/iA==
x-amz-request-id: C6X9FXPXX949FX5Q
Last-Modified: Fri, 28 Feb 2025 12:52:29 GMT
x-amz-version-id: null
ETag: "9caed03dcc0f03ca2000cda5dbe1c664"
Server: PWS/8.3.1.0.8
Via: 1.1 PSxgHKG8ef124:6 (W), 1.1 PSrdsdgemSTO1sw92:5 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36173-28583
dh213018.vqjccv7vwe.cyou/1.html?1
200 OK 17 kB URL GET dh213018.vqjccv7vwe.cyou/1.html?1
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerAmazon
Subject*.2k00kiro2b.cyou
Fingerprint6F:8F:A3:3A:23:4B:82:45:A7:AC:DF:2C:04:FC:EC:35:BD:19:BB:42
ValidityTue, 18 Mar 2025 00:00:00 GMT - Thu, 16 Apr 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1.html?1 HTTP/1.1
Host: dh213018.vqjccv7vwe.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Cookie: Hm_lvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; Hm_lpvt_120560b7f2a5f4d6fc31f76a9fc62e41=1743358811; HMACCOUNT=B37A6EEB3A242E10
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Sun, 30 Mar 2025 18:20:11 GMT
server: nginx/1.24.0
last-modified: Sun, 30 Mar 2025 14:24:07 GMT
etag: W/"67e95407-4137"
cache-control: max-age=900
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iGfHHVqx0AcJc_lutTaQlNwT52NRH5OWYlfwFUw2cE7mciu07JCQAg==
X-Firefox-Spdy: h2
cdn5.bjhav.cn/blob/71/4a32e1d5dc590a5d55af45b840a4e6
200 OK 6.7 kB URL GET cdn5.bjhav.cn/blob/71/4a32e1d5dc590a5d55af45b840a4e6
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash ff282da853f1da879786a143d2d40253
dc70f4a50bc3b13f61faee55374f61b9e6ee1ba4
51bede5ac2a4d857afb1dda73ba0fadcd65c9b25589652ce96eb609261b0ddb7
GET /blob/71/4a32e1d5dc590a5d55af45b840a4e6 HTTP/1.1
Host: cdn5.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh213018.vqjccv7vwe.cyou
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 6736
date: Sun, 16 Mar 2025 02:37:24 GMT
last-modified: Mon, 24 Jun 2024 06:17:21 GMT
etag: "66790f71-1a50"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
accept-ranges: bytes
x-via: 2.0 PS-WDS-014rO219 [HIT]
age: 1266167
x-ws-request-id: 67e98b5b_PS-WDS-014rO219_743-25893
x-cache-status: HIT
server: nginx
X-Firefox-Spdy: h2
otc.bjhav.cn/assets/common_am4.js
200 OK 23 kB URL GET otc.bjhav.cn/assets/common_am4.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/common_am4.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 23170
Connection: keep-alive
x-amz-id-2: UzeA2xnjFjM9yB5ripgrfL0OZou1gT/HA03xz6Y6FA89r/HCrtlp327gt1doTUNW4xNGNUMzcZhwZikMCKZ2Tg==
x-amz-request-id: ZBDXHGPKMWT5BRVZ
Last-Modified: Sat, 22 Mar 2025 06:48:07 GMT
x-amz-version-id: rdo6OJilxjvAVjzd_7_8zSLnXreaUD.o
ETag: "66b2192cb0a4ad1ff2f3f5aca3639549"
Server: PWS/8.3.1.0.8
Age: 1130
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_34393-20437
via: 1.1 PSrdsdgemSTO1sw92:0 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/layer.min.js
200 OK 3.1 kB URL GET otc.bjhav.cn/assets/layer.min.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
File type JavaScript source, ASCII text, with very long lines (3221), with no line terminators
Hash 9ea28ae47ddc0213629125017d2108f6
c6d4ce45dc0e002f4f91ac4c17ced300dd2aff36
fee44ae5f39f13bf18cec79503c71707220d7c36d1b4dfca058d03e427b807f8
GET /assets/layer.min.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:09 GMT
Content-Type: application/javascript
Content-Length: 3075
Connection: keep-alive
x-amz-id-2: c/X6l8PuAprtRzYiHaXUQX1EEjM/vnPbh2Xbs3PgurBxoetC7m4XXDigvFABQ0klXIzKtGNZ8mI=
x-amz-request-id: VB1SRC5J7PKXV237
Last-Modified: Fri, 28 Feb 2025 12:52:14 GMT
ETag: "fe83768f3493375b8fd3fc9c1dfb5037"
Server: PWS/8.3.1.0.8
Age: 13915
x-ws-request-id: 67e98b59_PSrdsdgemSTO1sw92_35525-24239
via: 1.1 PSrdsdgemSTO1sw92:3 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
otc.bjhav.cn/assets/base_code.js?v=330183
200 OK 13 kB URL GET otc.bjhav.cn/assets/base_code.js?v=330183
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/base_code.js?v=330183 HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:10 GMT
Content-Type: application/javascript
Content-Length: 13442
Connection: keep-alive
x-amz-id-2: vJxZU68nx7zwnmd6EJzD7TP2Wlx0uoWyb+tI0YaU+XtejmSpCScknwp82Aal5StWS+QFsHHkS/BtVErnyKFfD3GfuO7THZWy
x-amz-request-id: ZNQF8Q0E467FNTZV
Last-Modified: Sun, 30 Mar 2025 05:14:06 GMT
x-amz-version-id: UDRwXV5TNouesmirZeaOWmySAye2jHYj
ETag: "7293bf7367b5b1fc68f620132048f6f8"
Server: PWS/8.3.1.0.8
via: 1.1 PSrdsdgemSTO1sw92:12 (W)
X-Px: ms PSrdsdgemSTO1sw92ARN(origin)
x-ws-request-id: 67e98b5a_PSrdsdgemSTO1sw92_37781-33257
otc.bjhav.cn/assets/mkj.js
200 OK 35 kB URL GET otc.bjhav.cn/assets/mkj.js
IP
Requested by https://dh213018.vqjccv7vwe.cyou/#welcome
Certificate IssuerLet's Encrypt
Subjectbjhav.cn
FingerprintF0:A8:9B:4A:60:C5:99:C2:2D:AF:CD:C8:0B:23:AA:82:95:E2:71:B8
ValiditySun, 19 Jan 2025 10:38:44 GMT - Sat, 19 Apr 2025 10:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/mkj.js HTTP/1.1
Host: otc.bjhav.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh213018.vqjccv7vwe.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2025 18:20:11 GMT
Content-Type: application/javascript
Content-Length: 35430
Connection: keep-alive
x-amz-id-2: zhWBnWzWGraFyQYb8MmwlFtqmutixD9L+mE0bHKbEBxqi/Gn09RjQG4P+uEs/68/iVC5cxj8l/s=
x-amz-request-id: RES3WRKY11BKR9XN
Last-Modified: Mon, 24 Mar 2025 10:10:35 GMT
x-amz-version-id: eqLOMGuNGuSZaTdT948etT2Tfo2n_F7j
ETag: "59d86502f0a7b90c186750dee4c6009a"
Server: PWS/8.3.1.0.8
Via: 1.1 PS-HKG-04JlJ51:12 (W), 1.1 PSrdsdgemSTO1sw92:6 (W)
X-Px: ht PSrdsdgemSTO1sw92ARN
Age: 13773
x-ws-request-id: 67e98b5b_PSrdsdgemSTO1sw92_36872-53990
200 OK 3.6 kB IP
Certificate IssuerGoogle Trust Services
Subject6629666.com
Fingerprint39:91:FE:EF:07:9B:AE:A0:56:5C:41:39:6A:4C:A0:D3:48:CF:14:2D
ValiditySun, 16 Mar 2025 10:04:59 GMT - Sat, 14 Jun 2025 11:03:30 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (3722), with no line terminators
Hash 93a1f2a8a91116b730cf53d923fdd6a2
8aefa277ffdf5a31b5a18ea149936ab3484fadc8
31eff5c6e239bc7718b24a8bc93a50178bb95359c029b25d2ff45c16c0550629
GET / HTTP/1.1
Host: am059.6629666.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 18:20:07 GMT
content-type: text/html
last-modified: Tue, 25 Mar 2025 06:19:05 GMT
cache-control: max-age=900
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3f9m6CrTZ7n3bJtWbJC9%2Bb5TKxOwNiWdKfupeLrAKh36y3VvTxiufk3jCUsGDbPeTLD7QNK1svDEEQlwyzSjHoowix5bABtxVCrsSnxz%2FXwI11GXCr9YqGp38BdHXsH0AuOCvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92899e835dd0e247-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25072&min_rtt=19653&rtt_var=12944&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1127&delivery_rate=219660&cwnd=247&unsent_bytes=0&cid=0160bc1d82292a4c&ts=449&x=0"
X-Firefox-Spdy: h2
104.21.32.1
111.180.138.102
43.198.230.61
163.171.134.109
54.240.174.84
0.0.0.0