handyidiotic.cn/usps/tb.php?gh=jr1664616297569
104.21.56.44200 OK 558 B URL HTTP/1.1 handyidiotic.cn/usps/tb.php?gh=jr1664616297569
IP 104.21.56.44:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF line terminators
Hash 1d64a2f8771d604a8561a6907b0a9374
5dc805e01cccecbd67322a9538b26f36d3607357
8806561a1de4b06f0085c55feec0e2bd043f6826ce14db37de20f56656c921be
Analyzer Verdict Alert fortinet Phishing
GET /usps/tb.php?gh=jr1664616297569 HTTP/1.1
Host: handyidiotic.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWo8MDhesf7Vj07sZfTtLX5SXiGDblyuWSXXKk%2FLDjthhkITlH38c4h0Ln7CiKClKYzcPjEG70yeIrR%2B0dryjbnE6cOzrVLUmPWQ9IKjdgr9Xb7Xw7hwzHcNxRtfRR5bYn0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7536a7f8cf5eb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6433
Expires: Sat, 01 Oct 2022 18:30:27 GMT
Date: Sat, 01 Oct 2022 16:43:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.165.201.103200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.103:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 16:02:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 8NasqkNpVG4J7J92CN5jN8xeAIRfxgL_NyuAIPpqnPrmqLOkHUTTuw==
Age: 2440
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.102200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.102:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:39:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 905eac6c91c9858bd0f20b56e9c842d4.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: YvbW8MmO1W2CLM7TDlqQZhGmpANLpf4tzrFhmBZVGI_cKWBg8kCNzg==
age: 47398
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
handyidiotic.cn/favicon.ico
104.21.56.44200 OK 455 B URL HTTP/1.1 handyidiotic.cn/favicon.ico
IP 104.21.56.44:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: handyidiotic.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://handyidiotic.cn/usps/tb.php?gh=jr1664616297569
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:15 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsTzqSxS6uBfl0Pnlxdlvn4Kcek9wlYbYvysC9odXO2U1dcKjf6RBYAQYm9CxJO0HaLMzMfFpNqU5b6MZbvLIvyrIrpYL9Mj1w%2F59gw2ztyYfH8c3hrkZyBhCUU%2FmZl7Wcw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7536a7fb7ac7b4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
handyidiotic.cn/j/og2.js?_t=1664642591600
104.21.56.44200 OK 942 B URL HTTP/1.1 handyidiotic.cn/j/og2.js?_t=1664642591600
IP 104.21.56.44:0
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
Analyzer Verdict Alert fortinet Phishing
GET /j/og2.js?_t=1664642591600 HTTP/1.1
Host: handyidiotic.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://handyidiotic.cn/usps/tb.php?gh=jr1664616297569
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Jun 2022 06:57:07 GMT
Vary: Accept-Encoding
ETag: W/"62a43cc3-850"
Expires: Sun, 02 Oct 2022 04:43:15 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSLlx09C%2FbwI0x98Yl54K5vHFc7TDSwqRchUFBSfku%2F3iQLag2rcQLqerRQ6lC6PDSRXsEOIHROylElpDfTvKkWO5G70WerCej3MI%2B0q%2F8A5Z0BPaS1Uli9a3cEjwrTvGTo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7536a7fc2b89b4eb-OSL
alt-svc: h2=":443"; ma=60
handyidiotic.cn/j/og2.php?_t=1664642591732
104.21.56.44200 OK 92 B URL HTTP/1.1 handyidiotic.cn/j/og2.php?_t=1664642591732
IP 104.21.56.44:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bff71e8a221796c0c12fad926c66a648
345e1f617232fdf7f4624ecadd55bf75b61b9a81
488ddd40e8a7a89a1da4eecb2ec99f44afe58efd88f8ece608229ed22d89250f
Analyzer Verdict Alert fortinet Phishing
POST /j/og2.php?_t=1664642591732 HTTP/1.1
Host: handyidiotic.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 44
Origin: http://handyidiotic.cn
Connection: keep-alive
Referer: http://handyidiotic.cn/usps/tb.php?gh=jr1664616297569
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:15 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ItsGlFMT9be05iR0RnmsPtd1fL8S5mIxoNo%2Fh5laX%2F20J7LVWfkAAL9q11zGWRYf7YczNcNObSZq8jDqRqGu79iDBJ32dgLMoVv0cLp0CruZ48sZsDSTZDtcA8Jx1vnm3qQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7536a7fccc96b4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.103200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.103:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 16:32:54 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 01 Oct 2022 16:33:49 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: qO2yZaB7ythF3pVihis90cAl6cZGDVcFvlkz6n5WXeC4I_FTKPdMNQ==
Age: 622
ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
IP 142.250.74.3:0
Hash d82d5b8c443b97f272ba7d18c8f92ff8
1fab3d447d740ef70306c801aecd6ded1b5a962e
5fbd943b6bb879a421d72b64b6d3200f50f50702fa54389869ccb52941d815df
POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
IP 142.250.74.3:0
Hash d82d5b8c443b97f272ba7d18c8f92ff8
1fab3d447d740ef70306c801aecd6ded1b5a962e
5fbd943b6bb879a421d72b64b6d3200f50f50702fa54389869ccb52941d815df
POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 829e839c217bf861b8cf90c8d636f510
459714fcf0d374bdc078ef59d122d59bf9312c5f
36282e09bb25caf3d7350c4bee485cb87947aabc7d7409169caf15c2e75d8b7d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2104
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Last-Modified: Sat, 01 Oct 2022 16:08:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
v00jtf.cn/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.188.168200 OK 1.0 kB URL HTTP/2 v00jtf.cn/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.188.168:0
Hash b58ebc1d29763b0cc979e559bcd8ac21
f6da7c3c72266f27530e73dc4de130e69326cda4
642ed8669ef6c675be9c403e0604277a50201c45f379df8a593b6823d9d9f0fa
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: v00jtf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/jAfEDXDF/usps/?_t=1664642591788
Cookie: pType=mo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 11:11:52 GMT
etag: W/"633188f8-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fco1emN%2FG2wNPGkOlJkuPZQ765Wi3hycacFC6RX%2BMvQ%2BbonSJFUYJUmV57LIG7EN4aH4wVnh%2F8YHIuw6LYYpp8R%2BgsDfWygY%2BGMoxxFbHR9M4kkWh1t6qohuHnM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a7ffa88bb523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 03 Oct 2022 16:43:15 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
151.101.85.229200 OK 21 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65317)
Hash b5ae87c0e4dd241b533e67053b0b719d
6b7b568694a95d81a94dea9ef7a85d1317d448dc
5bae5997fbca925ac6e52be8163ca897e751fcc9331552e0f77a22dd35b64521
GET /npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 6.1.1
x-jsd-version-type: version
etag: W/"189ae-CRAs/GDvtDCiXul87ppqNd9t/Fk"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 01 Oct 2022 16:43:15 GMT
age: 1634125
x-served-by: cache-fra19168-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20556
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
151.101.85.229200 OK 2.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /npm/select2@4.1.0-rc.0/dist/css/select2.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.1.0-rc.0
x-jsd-version-type: version
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 01 Oct 2022 16:43:15 GMT
age: 16063101
x-served-by: cache-fra19146-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2162
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/usps.zo.jpg
104.21.235.73200 OK 14 kB URL HTTP/2 263cdn.com/upload/usps.zo.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 199x120, components 3\012- data
Hash 0214ae1a08054577121723cd62f7fe55
87333fbea11943fde61dfd19b1d751b11ac871ae
9d242691e3dedeb124f366db00d37ecd1cfeff9ec5264ca02aafc36526869663
GET /upload/usps.zo.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 13687
x-guploader-uploadid: ADPycdsWimYORv6cTRh9DZ9wYBt_5G_MJXHa2qucQostKLXaXMGI6XhwsbCiXWy-pB3HFYkIkjJ9wBgmvH3w2qot5VP3Eg
expires: Sat, 01 Oct 2022 16:01:32 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 14:55:45 GMT
etag: "0214ae1a08054577121723cd62f7fe55"
x-goog-generation: 1661439345346362
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13687
x-goog-hash: crc32c=2AyQ6Q==, md5=AhSuGggFRXcSFyPNYvf+VQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2132
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5EuDdJebLrYmctdh2LW%2F3GNWbus9lHoepnmxUBaLzMJFSHvPF0P905yuo5niTjDQ8kKGVuOv57%2FlLSovCix4JiJfA57aa7oQPP9Ur5ubXIB8R8lox%2FgsGIKDFWA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff674f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/usps.zhu.jpg
104.21.235.73200 OK 62 kB URL HTTP/2 263cdn.com/upload/usps.zhu.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 512x288, components 3\012- data
Hash f547c83d389743d2766ae65a16f36000
f0534dbd5c2d80705ae4758d7e09abe503b16b16
c4c8f63b93cf201899cbcb0e7a160d5a2ea23db7bf28add154946a6eee954191
GET /upload/usps.zhu.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 62439
x-guploader-uploadid: ADPycdvmFPbud5jigdFGNhm-aVwpx-8v_Ku8VW2BzPTci98wFIMT4Cd2LZbaXmBRIdrkoJbh7PfclrhzJZ1fKqAUViXP0A
expires: Sat, 01 Oct 2022 16:47:39 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 14:55:45 GMT
etag: "f547c83d389743d2766ae65a16f36000"
x-goog-generation: 1661439345270782
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62439
x-goog-hash: crc32c=HGVDsg==, md5=9UfIPTiXQ9J2auZaFvNgAA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3336
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQNRZ36ZThkOcrklrNREmgR%2FprGKlHAjp8BJlgn19HN9H6ELmgxdTIJ%2FKZM9kjpe%2BJ%2B1%2FnhPimUgbSDb4tHaT288KS4WGedW%2F7ZK%2F1%2FEPK3EtXfISVbExDymjs4G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff374f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP 142.250.74.72:0
File type ASCII text, with very long lines (18966)
Hash 4b6f64cd9d00cca7f6dcde72a684117a
920595f0b897e3199095884d045d8125c8b8a0e0
75819538fc77331471f41cd3d053297c5ec90c2c7286ecc243dc1c96e12369a4
GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 16:43:15 GMT
expires: Sat, 01 Oct 2022 16:43:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74935
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 43ee518ebda3a50eba6e14fec508ab2b
5c57a929cbb785ac1c3514a762b50c01f56ce063
22d039d731902c30c090edf76c618e539dc333ed1001c6ce1dd2c5d48297e069
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:15 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "5CFD9BC42EE852C5356EF21484F71E4F4DF046A5"
Expires: Sun, 02 Oct 2022 03:00:00 GMT
Last-Modified: Sat, 01 Oct 2022 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3184
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7536a800789fb4f3-OSL
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP 142.250.74.72:0
File type ASCII text, with very long lines (18966)
Hash 47ff17c18812cbb86d2c1ff788fa24fc
f1d1a82300ba3e5f598816d87548ed1ec5bd7a14
f56442e1650a35875d176c4f2a9794289d863d1b112c8256526f708de1647cf3
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 16:43:15 GMT
expires: Sat, 01 Oct 2022 16:43:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74979
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
263cdn.com/upload/Rustam%20Oruj.jpg
104.21.235.73200 OK 29 kB URL HTTP/2 263cdn.com/upload/Rustam%20Oruj.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 7a81bfffa80a49fa130eaf03378d3b6d
98d2920144684413b97938217af15fdb5d0e2ca4
3f956b8874dc18d21d563308e8c9033daf5196ba5aef69b527e8ed5290199429
GET /upload/Rustam%20Oruj.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 28866
x-guploader-uploadid: ADPycdu4bhwnmDPV2xfXjkfe9B6xZU96Z0BbrLzxHN4QW5STSCHAJPQy6BMIaaP-6PqgBb9M_baS2jGoCd3HJgncascLvh6yYzsb
x-goog-generation: 1655329648409928
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 28866
x-goog-hash: crc32c=/SFR5g==, md5=eoG//6gKSfoTDq8DN407bQ==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 17:04:50 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:28 GMT
etag: "7a81bfffa80a49fa130eaf03378d3b6d"
age: 1982
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6H%2FKKAQs04jgI2E8yn3P6kKDL8U2b8uHysyUrJX%2B69JvR4GloaXtHrZoof%2Fyx2KmaOw7V6bRoff5Pe1X4UKjXEPC4R7QiMVxw7AAamkMuOi7%2FpgEbnxSEfv2RF68"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff774f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/usps.zz.jpg
104.21.235.73200 OK 5.0 kB URL HTTP/2 263cdn.com/upload/usps.zz.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 206x120, components 3\012- data
Hash 21127efc42b96cdac29a1e279d404823
1610318f0b89e2096a33c45fcd4c1d207e12aff0
48129ec4b0ffd287b68079f5cb837b12b7e66f66a88ef476084c6d0538c9c3a4
GET /upload/usps.zz.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 5030
x-guploader-uploadid: ADPycdst8dAqpiCz3t-1SRyhhRRc8LOcXHQhAy4V3ruwZw6pdhZ_aH3JT-4NQNEO_Bkmdg0lIJI31B8ZZR5KgtoCkEjAtzJ1vXhp
expires: Sat, 01 Oct 2022 17:02:39 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 14:55:46 GMT
etag: "21127efc42b96cdac29a1e279d404823"
x-goog-generation: 1661439346199882
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5030
x-goog-hash: crc32c=x9U1/g==, md5=IRJ+/EK5bNrCmh4nnUBIIw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuvWwz53VdH5a2RW4jQD2hb9bSqIA9T1DHl6EVycs%2FpomwDH9Bp%2Bx5SGTcdWaJEAUVcl3wumQ2HZzPY4KycJwSi2AJBVte9PdSdcgdq%2FibXRZ0ZthcGOfUss1iP1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff874f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Treesisilia.jpg
104.21.235.73200 OK 25 kB URL HTTP/2 263cdn.com/upload/Treesisilia.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 22fb858c0563c2482d086cca3cd26cb6
d627302ed6b80ddc306247e736019d550a8ddf73
693b14ac3a2b4221d95ea3071c203dde4882b79aa1cb7bb8ab647802762b6f52
GET /upload/Treesisilia.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 24569
x-guploader-uploadid: ADPycdvS0ROLT0EBQiNPWUI-jTcF0moCT0SuvTSF2Fnswk7WYC3wMoNKJWXSyVH00xm88rTdhoSv3NvTx98DgmyK3WmvkEt8Pl-L
expires: Sat, 01 Oct 2022 16:02:42 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:57 GMT
etag: "22fb858c0563c2482d086cca3cd26cb6"
x-goog-generation: 1655329677032585
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 24569
x-goog-hash: crc32c=hwzIAA==, md5=IvuFjAVjwkgtCGzKPNJstg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3383
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2F8p8%2BYB8Z8RCBioZjn8Hy%2BGkkX%2B5gYVUt6t%2BfuSz0Aa%2F3Dy6vO8nH0A4LiKbnyyas9KoaV%2BZOZqVXJ5EQoPYUFFmeMZc9plQq2wK2R%2FnXim0tU6zie3R9LGrMJa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff574f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Jubosh-Kolencik.jpg
104.21.235.73200 OK 28 kB URL HTTP/2 263cdn.com/upload/Jubosh-Kolencik.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash f610dc6591af9b85d5fbfb1933ea833f
4b08fcc89454d352d422b9f375ccb44712b3e24a
55aaad0519b7bb45de57f1e1c9151a3ac381c3887f05f43d4ed3517e8bc8994e
GET /upload/Jubosh-Kolencik.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 27878
x-guploader-uploadid: ADPycduSljEhQA1q4pMscwXUgRAGC6MlZzaVI0Ptqdhf5aSGPfRruEOla7QeiSA3_5gwenFXnJF8D5_9ZADber2SErkvAE4dK93G
expires: Sat, 01 Oct 2022 16:27:50 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:39 GMT
etag: "f610dc6591af9b85d5fbfb1933ea833f"
x-goog-generation: 1655329599305485
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 27878
x-goog-hash: crc32c=b9UNLg==, md5=9hDcZZGvm4XV+/sZM+qDPw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3201
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=asedVH%2Fv1SVoqTC7%2FiRAdJ35ASWpWx6vv69dXYSCi7jxDbteKJ3Ve9lNuewNfaNUZ7f83hHsmwQxYKbe5JWlzEAYwf%2BKPFfzw4rwdwNpDfbnl5mT6U9YPBc%2FQpte"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff174f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/uspsm.box2.png
104.21.235.73200 OK 7.2 kB URL HTTP/2 263cdn.com/upload/uspsm.box2.png
IP 104.21.235.73:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash cd6a41f9665594a48149a56b76e5a6ae
85ad07d91e04b3fcd2a435f99650614a8352930c
a4e8c4850780a57c521407be9df8797bbb66db4120e8b28859aebd8abd5cda7b
GET /upload/uspsm.box2.png HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/png
content-length: 7199
x-guploader-uploadid: ADPycdvZAV3yxiOCoQn4oAFK7MIiYWS7YsYSTM89AoA2ncRuwIwPeNTOVXjYhdMMXLb3fGE8Nw992sabtCozQ7rFrTxlJA
expires: Sat, 01 Oct 2022 16:39:00 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 15:04:36 GMT
etag: "cd6a41f9665594a48149a56b76e5a6ae"
x-goog-generation: 1661439876717427
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7199
x-goog-hash: crc32c=dyFNGg==, md5=zWpB+WZVlKSBSaVrduWmrg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2104
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiEW1yblRPR0vJFOhw71GXAZtt2K8azjuhSsJOTBVTvarHhfON7ITxQxPpdk0BEU3MpbdpgnBb31DnjQmdukspwCmzrRUJFrWbXs0XVODYkI9GNBoi31SQLdTi9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681874f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/usps.yy.jpg
104.21.235.73200 OK 8.2 kB URL HTTP/2 263cdn.com/upload/usps.yy.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 165x120, components 3\012- data
Hash 226a4e085c4d8f9674ee2b0a11dd317c
df8d0b05e85183e6f09472c555c33eecd199d823
ac0d3e7ab425b9783a1e83132cb5d09dc413bef250d25ecd6eb6895c860bced4
GET /upload/usps.yy.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 8177
x-guploader-uploadid: ADPycdupa52HQtj2akEdPv6KJVVgk-IdQulF4m51ev3Tk4fbMHnsRKAdOnWdKX2g6V341kvkck-VpIufqF36FtjL_MzpNw
expires: Sat, 01 Oct 2022 16:54:53 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 14:55:45 GMT
etag: "226a4e085c4d8f9674ee2b0a11dd317c"
x-goog-generation: 1661439344982122
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8177
x-goog-hash: crc32c=dcK+nw==, md5=ImpOCFxNj5Z07isKEd0xfA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2901
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dgqao%2FVekyYWeLE4YAIxENl9bcDjMrYpxcJ%2BFjqCpgJ%2BGNp1MOQ6MeO9%2B2H6I0CB3NCeBYgx1cHGfHX6RfEdzxGLgP2AZwNaGrsOhTvEWOR5%2BOp3Lpxk8a7DGwF%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681574f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/uspsm.box1.png
104.21.235.73200 OK 28 kB URL HTTP/2 263cdn.com/upload/uspsm.box1.png
IP 104.21.235.73:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2a424d24ab2c74f09c1cdef968d0c6e6
08f4527d6ef70aeb2e9338f61c0292d201ce2aa3
5edbcaaf73e0b2bc018151cb44a4b53fdf39e5fc00a217cb4a050d1dcb88f7ce
GET /upload/uspsm.box1.png HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/png
content-length: 27996
x-guploader-uploadid: ADPycdvelgjqfH6T3ebZFEHmSVuaHnAZSLnVYHeMzspenujMes-Qoi4UhCi23jm1DETYoagb1cPv2I-RfrVRZ4FweNYszg
expires: Sat, 01 Oct 2022 16:55:49 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 15:04:36 GMT
etag: "2a424d24ab2c74f09c1cdef968d0c6e6"
x-goog-generation: 1661439876670381
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 27996
x-goog-hash: crc32c=xH44hQ==, md5=KkJNJKssdPCcHN75aNDG5g==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1724
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0ewevKAy8N5sVvjv20Q73Pa1ZGeK%2FGjoAIIetbYWhwyY4fdPvsCLGKHjudGJ5GjHflTf0D%2B3d7QBnSMObBwCfiOhNeJjwmVS6prC51C4K7Jyhnvudmi3u9k2l6h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681d74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/JD%20Doubek.jpg
104.21.235.73200 OK 11 kB URL HTTP/2 263cdn.com/upload/JD%20Doubek.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 145x144, components 3\012- data
Hash 886e35d2eb247195f47cd4f7b39c80d3
be77d65cb783b6c26c51bd563ccd65b8fb552625
d80598543812ad1c72793ec6f19e26525345d69cd5dc882b7e7e0b60f4a80a86
GET /upload/JD%20Doubek.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 10979
x-guploader-uploadid: ADPycdvW_llfOB8wFGjA3hSwIfw_n3ozrWNDfsNpEPazXTXmfDoEJnKwIpKQU15nLmo-mnhvbhAualQ-KnmvbDcA7S0QYqe9vu0-
expires: Sat, 01 Oct 2022 15:22:47 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:36 GMT
etag: "886e35d2eb247195f47cd4f7b39c80d3"
x-goog-generation: 1655329596079489
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10979
x-goog-hash: crc32c=Od3P8w==, md5=iG410uskcZX0fNT3s5yA0w==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2901
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tJB%2BFMhSZ6Dnf1eVwFKlkjOAokXpuU90MwkzFlBDuur%2BwtjaDSyyM1c%2Bzs9%2FrK9QzPUBby8H06HzcqIPOcSM06hOjUa9so7USgDn2t%2FPngqq4Q5VOKA7VljSKKGc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681a74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea79071e8195e36ab87e7d65f9e8a383
d9ea0080a19d01f2aa78595a51a0a38d9427f898
a3bdece4977eef2f175183d0190f765f712fa27861066e9323fbe6995c839c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/Pierre%20Renaudin.jpg
104.21.235.73200 OK 22 kB URL HTTP/2 263cdn.com/upload/Pierre%20Renaudin.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 8f63e05228dc94b4f5091a84c9b4168d
4b2d1fe92d6461bb7e39415cf3c8af4fa104791e
9fbff31d3ad789f22276cc030afe35e67e10928db0ff2f384fcedc30ab48ae21
GET /upload/Pierre%20Renaudin.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 21791
x-guploader-uploadid: ADPycdtY74Db5IizNzfWB7t1EtJCOn834FBsfEYjBn-lFCPE07g4n1JFrw30FM6TqG5Ia-5jMcUVbltpsPu7AuMyUi5SG0P9XPaB
expires: Sat, 01 Oct 2022 16:05:43 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:17 GMT
etag: "8f63e05228dc94b4f5091a84c9b4168d"
x-goog-generation: 1655329637728133
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21791
x-goog-hash: crc32c=bXAAZg==, md5=j2PgUijclLT1CRqEybQWjQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1982
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fEe0fvYihXX6ZXvQ4kfObC8dPSqQ0VAaGE%2B%2BQbKo86BI9XgJzeOOfwDbXzygeRKuJw%2B3glYeNVkT6HXJBfGtoBXuSdMOudR1p60miEwLVaXLkxzK%2FwHX4MsB8lm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681f74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Joseph%20Kanchi.jpg
104.21.235.73200 OK 18 kB URL HTTP/2 263cdn.com/upload/Joseph%20Kanchi.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 74bde6939f074bbe9cb047c59d756ffe
030b4e6729dcbb973b72f1a67c09099fe0dd2f2b
a298f992db50a2c50f29b0f4fe8fe58f5ddb09de13fbf57fcf36d3ec631de62a
GET /upload/Joseph%20Kanchi.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 17788
x-guploader-uploadid: ADPycdvtN4Qge9JH5IBdDfxwhejYWlKlMkPv8rHfbLp2QKWX-BLbZjsavC4eIt5JF_VNAlEIropz9yOeujJwbC_hqXLK
expires: Sat, 01 Oct 2022 17:18:59 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:39 GMT
etag: "74bde6939f074bbe9cb047c59d756ffe"
x-goog-generation: 1655329599108979
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17788
x-goog-hash: crc32c=W0Dksg==, md5=dL3mk58HS76csEfFnXVv/g==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 206
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeaYkPKY1ibFMADV9rlJD4RRCoM7mfYsR9Ldr1w%2Bg9gfNrZYFfxjXaxMqNph39DdwoOogQxcceiZxype1IntUvBoRHRTi6AcCAZ2yK3TxX7pKJ7COvTqJp%2BHvCFQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800682074f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Zuri.jpg
104.21.235.73200 OK 30 kB URL HTTP/2 263cdn.com/upload/Zuri.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 81cac847e1b4add31315a7b64943e9b3
ee6e0ea64ca57d70f2e81432b79692a35f8110bd
fa36a530fb40523ca5656d8bad2637e239d04547b7472a4442a7adb4c9730ed9
GET /upload/Zuri.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 29705
x-guploader-uploadid: ADPycduzDvlpvvEmhraFDU9EPLlAI0pllgLH4TxgpAMVOq8U1LFQeQreuqhbgdcGvj316he3R_wz-7_QFLbtZVSbRdtz
expires: Sat, 01 Oct 2022 16:19:25 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:48:05 GMT
etag: "81cac847e1b4add31315a7b64943e9b3"
x-goog-generation: 1655329685586817
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 29705
x-goog-hash: crc32c=TLKIDQ==, md5=gcrIR+G0rdMTFae2SUPpsw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2444
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOIBtCepiJqc%2Bg9DQVDmpyKuwfbFnksvmJKDB1tC%2FUfjb0gKsExGXUIJtha%2BfUtLNnhoT1%2BCVflMZKJL9Gfh2ZZP52Fan2cDR%2FiybYpv73H6UP%2BxTFH4fRop8qqv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681e74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Ashley%20Benson.jpg
104.21.235.73200 OK 32 kB URL HTTP/2 263cdn.com/upload/Ashley%20Benson.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 9f1e9f0170ba7483cc7ce810bbe78e1f
1dc7ab4b8e5734180e22190f0cc6e7123586f244
da41a6d0acadbb94a5d939a2b245838d613ea21ce39bb1dd6b70595322f73043
GET /upload/Ashley%20Benson.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 31801
x-guploader-uploadid: ADPycdtgJk2arCYnoloGhRATqvdsCPk4AnBIydskECzS4pJZuktZLYSRoUQnqLqi-hjcqqu64a4dtRxjNrtHGuvzlPey9oN4siEp
x-goog-generation: 1655329533993202
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 31801
x-goog-hash: crc32c=ikFAgQ==, md5=nx6fAXC6dIPMfOgQu+eOHw==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 17:00:37 GMT
cache-control: public, max-age=14400
age: 1070
last-modified: Wed, 15 Jun 2022 21:45:34 GMT
etag: "9f1e9f0170ba7483cc7ce810bbe78e1f"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3lwvUMRQ1b6Lplfj1%2F3gUmQhPWxaqAzNvJO7Epe0VU5gZeMzi15of0ZHae%2B1aGTejamloTowJ%2FPpjL457oel15RLDM3nQjdSunhZ6x%2FRMjqezOrL03wsYk1ZS85z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005fef74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/L%C3%A9a%20Fenet.jpg
104.21.235.73200 OK 38 kB URL HTTP/2 263cdn.com/upload/L%C3%A9a%20Fenet.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 6a0ee2d82e9e2e4a63af4bd8ec9df5a5
414f34e24d67e585298128249813d2cb54e6ed5d
4da5f51a7c92309a3b29ebf422e5460dc307e5d75e2cf83b486d8703abb2b97a
GET /upload/L%C3%A9a%20Fenet.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 38178
x-guploader-uploadid: ADPycdtCUTIN8uNFVFoIGM32opik0nddByYGiCsWwaXsLllxJhGPcvnc2a-IjWquaqC0bH2q7OGJyTfSsinJc0foHnh7dTf9qDgd
x-goog-generation: 1655329605318750
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 38178
x-goog-hash: crc32c=qUuqiw==, md5=ag7i2C6eLkpjr0vY7J31pQ==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 15:21:41 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:45 GMT
etag: "6a0ee2d82e9e2e4a63af4bd8ec9df5a5"
age: 2447
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zdL40jiy304KkwPVthqzFb44UN4LSVkLR2%2Fe2QvNysE2bqmyBVkGmnTy%2FCCEaQlwFkse%2FhY3othYEENZJJB5OB46CFpHUaZh9Z5E%2FjrXiyqmtpyQEN7NFVBcG2rD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681b74f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/uspsm.box3.png
104.21.235.73200 OK 33 kB URL HTTP/2 263cdn.com/upload/uspsm.box3.png
IP 104.21.235.73:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a89dd62775cdc10e9b1e5a2c4ba7b13
ae9a0572bb90467e967c4844a054df352d2bd043
f6b816e6556d9c5fd8de013bf03231102b5145ec406ed53e9e088c9a076d5f31
GET /upload/uspsm.box3.png HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/png
content-length: 32882
x-guploader-uploadid: ADPycdv0ti_q6Ei4drUeY1YS3fxJ8gLZu3bhwU1pz-mCYyKgnX6-g87vkd5oh1XKtl5aYRSAUiye_64RzXySFn12VPaJgg
expires: Sat, 01 Oct 2022 16:43:43 GMT
cache-control: public, max-age=14400
last-modified: Thu, 25 Aug 2022 15:04:36 GMT
etag: "3a89dd62775cdc10e9b1e5a2c4ba7b13"
x-goog-generation: 1661439876673679
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 32882
x-goog-hash: crc32c=hhXzuA==, md5=OondYndc3BDpseWixLp7Ew==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1807
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADLAI%2FS3OAIc5Qi22CzU6c7wDuSxxmTOfaJjWFVbfoerhAd0KpaNApzZ7O%2FRJKW8I0OB3XZiDg436fyUcML5XTLJNkoGAn5CfqsyUHuB8X7NcJgL%2B0EPk1%2FJQBxn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800681774f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea79071e8195e36ab87e7d65f9e8a383
d9ea0080a19d01f2aa78595a51a0a38d9427f898
a3bdece4977eef2f175183d0190f765f712fa27861066e9323fbe6995c839c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/Volyntyru%20Marian.jpg
104.21.235.73200 OK 269 kB URL HTTP/2 263cdn.com/upload/Volyntyru%20Marian.jpg
IP 104.21.235.73:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1431x1440, components 3\012- data
Size 269 kB (268772 bytes)
Hash d6c5d2f7ae74fd4d609a6964f0169ffa
e6f6aaa64aaa5acbeeae12a787a3ac1593d8e396
f0a0fc2609cdf7e43a7cd90e88368af8b9473a9b20a3ec35dfcb06d804a1c4f5
GET /upload/Volyntyru%20Marian.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: image/jpeg
content-length: 268772
x-guploader-uploadid: ADPycdt5r5_nmErdJzQU5LxuKc9ySGH2jqBCtC-CBIxTnfxbj4Q-w7iGQiuSf3ViSZZL-IiWgqZCvCW7Boe0mF_s7dTxrM2GMfrV
x-goog-generation: 1655329682727159
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 268772
x-goog-hash: crc32c=M9wRag==, md5=1sXS9650/U1gmmlk8Baf+g==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 17:07:03 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:48:02 GMT
etag: "d6c5d2f7ae74fd4d609a6964f0169ffa"
age: 486
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KDFyX4dWV4gbqu%2FJNxHP6JiRa4B0c2dALEbn0BBmkTmeMlKNag20JrEnaSIgn7liBkfYEbiEzIYyWkwViWOU04LH%2FThQMn5Fygrfdn9iCjHCpYyg7e6u0TABurHF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8005ff074f9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 61eb9101704ef25bb059f9a975d1f11e
406896347b968a0208aec56d5ad9709eab5f6f05
1aa40315430ac4f664caf90752700280c16e43e683be1e447b0527b7a759288e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AA40315430AC4F664CAF90752700280C16E43E683BE1E447B0527B7A759288E"
Last-Modified: Sat, 01 Oct 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16023
Expires: Sat, 01 Oct 2022 21:10:19 GMT
Date: Sat, 01 Oct 2022 16:43:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16d3657391e3777cbd5ae9351d93cdcd
365fae278608b67a56ecffa609f48b8d751612d7
1d923f44f9347867c282b6a139724a140c54b865f61d0bc001d73187c1467705
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1979
Expires: Sat, 01 Oct 2022 17:16:15 GMT
Date: Sat, 01 Oct 2022 16:43:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5122e4e90dbec75b210b4ecb32441966
0ee24da64bfdf35ed16af732ac75128d617b4bd0
d1b1c22a750abac917f9036a9db2ddf59b7cc1fc63a819853b5ddc348805c4df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1B1C22A750ABAC917F9036A9DB2DDF59B7CC1FC63A819853B5DDC348805C4DF"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1410
Expires: Sat, 01 Oct 2022 17:06:46 GMT
Date: Sat, 01 Oct 2022 16:43:16 GMT
Connection: keep-alive
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
142.250.74.161200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP 142.250.74.161:0
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Sat, 01 Oct 2022 16:24:44 GMT
expires: Wed, 17 Nov 2021 05:57:49 GMT
cache-control: public, max-age=86400, no-transform
age: 1112
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
142.250.74.161200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP 142.250.74.161:0
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Sat, 01 Oct 2022 16:24:44 GMT
expires: Mon, 22 Nov 2021 12:23:38 GMT
cache-control: public, max-age=86400, no-transform
age: 1112
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 24501d03aea1956ea72b57f8995de1bf
52664635fe59a95e14e3d0650dfc9adc325e12b9
331295e539c0b1182de294b4c42911a8d95507c8f0006731fc6e99200c76881d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 16:43:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SDjnCXas3MKVo0BKP1ig2Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 45DtoFaCJGXDJlz8uUkLjlX+8Qc=
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166464259640206&xtt=2819515
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166464259640206&xtt=2819515
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166464259640206&xtt=2819515 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 16:43:16 GMT
content-type: text/html; charset=UTF-8
expires: Sat, 01 Oct 2022 16:43:16 GMT
last-modified: Sat, 01 Oct 2022 16:43:16 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oe9s0&_p=854080247&cid=404820450.1664642593&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664642592&sct=1&seg=0&dl=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788&dr=http%3A%2F%2Fhandyidiotic.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
216.239.32.36204 No Content 437 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oe9s0&_p=854080247&cid=404820450.1664642593&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664642592&sct=1&seg=0&dl=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788&dr=http%3A%2F%2Fhandyidiotic.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash ccf6c537e0d5bbd86ab6f8bea85dd080
20d44a5e75552d5bcb0659b2f8c3a38f956f2109
7e154a6ae001ab94bb00aec5b004ebdb9431b6d29b0b2be253c16702589a4dde
POST /g/collect?v=2&tid=G-0C230YDF7G>m=2oe9s0&_p=854080247&cid=404820450.1664642593&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664642592&sct=1&seg=0&dl=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788&dr=http%3A%2F%2Fhandyidiotic.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v00jtf.cn
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://v00jtf.cn
date: Sat, 01 Oct 2022 16:43:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11118
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 16:43:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11118
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 16:43:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11118
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 16:43:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c475b8cc11fdaabbda170c6605d1391
7eea9aa04c5a72c417a580ca45341a0b5adc72cf
888de88ddad429a0bdb565b1f069dab4bea55a3b8a662c4efd9b75fd261dee3b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8734
x-amzn-requestid: 7a2713f7-e16b-4952-8e2f-76022bbbd7a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSzHfH3toAMFijw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376562-27b598460ce2f319598fdd72;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:53:38 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -aqIjL70ocOyhaZ8nQJUmCfDLBN0kkmTm2vY_xtwEsWZKi3DxHR8HQ==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:19:07 GMT
age: 66250
etag: "7eea9aa04c5a72c417a580ca45341a0b5adc72cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 21e55a6ca7350ed834993a486e138de1
c09ee0f2be578f0067b2ed0237d565a04438147e
124ca8ae6e3f7c7bb28f0d47fa693753884261ed61896eccf7bc13f249fc8960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6959
x-amzn-requestid: eaf91f33-2fe3-4ed5-b89c-6199c2f17651
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCF6toAMFSDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-3b8c7f290ffda97b2d179433;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qAOX_0r1sA_Bzn-UjQXmLObAYDyjiTU45aNSOPFt8ucUOyKfrw5ieg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:59 GMT
age: 67818
etag: "c09ee0f2be578f0067b2ed0237d565a04438147e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d31a422078d02bda318c693c05a58dc
2df7db53629c7adda2c0a4dfe9c17791b73a75e1
a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pt23XcORl063B99HGVhjQwBrS36T7GBIAQO7StLrEH8PKIc4edxQwQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:55 GMT
age: 67822
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 574cd0b975349cc445e798136863c8a0
74c20bb0c312988822deb9d46b20e4642357fbd7
62d6448a8da1ed783761e1e966c3f03f2d9b4351e04e13e71e330e4cce465fc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8269
x-amzn-requestid: f2ac41dd-fd33-4803-ad29-63a9b7877af2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJTcGFA_IAMFfRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333991a-36d628d17d8576972fcf6822;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 00:45:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8FdaRbtsOeuH-qLdBpgPJjdPzx_vcUeaRoAhVT3IkV0jrE1XAwRFAw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:14 GMT
age: 66423
etag: "74c20bb0c312988822deb9d46b20e4642357fbd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
172.67.151.125200 OK 14 kB URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 172.67.151.125:0
File type ASCII text, with very long lines (21060), with CRLF line terminators
Hash b55fd1e1cf44dccbdb9853ef295b8271
2047eab32107648a0d86c9449dee97bc7f987677
2dba54654a0496d812f829ae2c03c758386a675b20c9941f6e079c53dced9ef2
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Sat, 01 Oct 2022 17:12:03 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3q3035DcDFifaIFnen3cKBon0rcHlwna6WSGehmmF%2FH7eo8zISoQ8R78%2Fw75jJMguS7DEuUkYbwOR8v3NDu03kiRTm6bOVn48FKyTBGHh5FA98XDB9rutB0AmGMVvIjEKk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a8000830b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
172.67.151.125200 OK 30 kB URL HTTP/2 cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP 172.67.151.125:0
File type ASCII text, with very long lines (48058), with CRLF line terminators
Hash d379eb45d063be029391eb38611ea267
bb8d186ed3ea2550af8525269f03dc44f06c750a
8504f0d27c37753df9edcb70c37be0d61e4182dba8b1bc4f80f8a843a81fcefc
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycds_5oPtcr3KFpC_u7Lnvdlqz8VeCGxAgHcXFP3zMljDMh6Q0ifyAwrLV7e0dbEbUBwQbF9kY0g0GrHWdqicRh8
expires: Sat, 01 Oct 2022 16:44:51 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzV1JG1oQWnvGrEH8N2qUbtQtEDb%2FUIUtTptBb%2BUDjmVrpFlcbyrwZt6V7QRm6pqbOGeyGJWK6OwDYqAyFepm2xxidM6CGsq%2ByV95Fbze6n45K%2BsAZ3M5SSD7r4IDaaqoPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a7ffe80eb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash d07622ed250edcbe09ea4d7f76354e10
04dc5e79166c80f3e07f5ab32d65af148048183f
fb92c43b80776d1a35f0032c5e9df172d20df364a387f2371dc7a00d772b7b81
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 05 Oct 2022 13:14:57 GMT
ETag: "04dc5e79166c80f3e07f5ab32d65af148048183f"
Last-Modified: Sat, 01 Oct 2022 13:14:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1813
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7536a80bb811b4f3-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash d07622ed250edcbe09ea4d7f76354e10
04dc5e79166c80f3e07f5ab32d65af148048183f
fb92c43b80776d1a35f0032c5e9df172d20df364a387f2371dc7a00d772b7b81
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 16:43:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 05 Oct 2022 13:14:57 GMT
ETag: "04dc5e79166c80f3e07f5ab32d65af148048183f"
Last-Modified: Sat, 01 Oct 2022 13:14:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1813
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7536a80bb88d0afe-OSL
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
185.66.200.220200 OK 12 kB URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
Hash 00830b1e847451273da891af833b3291
bab7551a20c7dea773155151cfe803b3334f2218
7b0571c22399d04b046121a590fef5a35d5e46a0b4b3bb3106d4d76799d84d79
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 16:43:16 GMT
content-type: application/javascript
expires: Sat, 01 Oct 2022 16:43:16 GMT
last-modified: Sat, 01 Oct 2022 16:43:16 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
bonepa.com/js/responsive.js
185.66.201.42200 OK 12 kB URL HTTP/2 bonepa.com/js/responsive.js
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
Hash 5fe02681c83d43398c2b320c47487cb2
365ee813ce2042eaa12c38cee352031081173002
65c4632675db5302282a2a1b556dae2a195f9ea9a987daf451cccf2f9accecec
Analyzer Verdict Alert fortinet Phishing
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 16:43:16 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 17:57:57 GMT
etag: W/"6329ff25-cd3"
content-encoding: br
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 5b53970fdf69df74f293cdfda1a290e5
53d43e6c8d248ece4a0b476170d6e73a184cebf4
ac6b2d76644322e8fb450eabaaeadc108757338dc25ca784eee85f0535cd78fc
GET /hm.js?957de4d70bf7b7be33bc859d43ad70c6 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11346
Content-Type: application/javascript
Date: Sat, 01 Oct 2022 16:43:18 GMT
Etag: fe2b26785bfde3bd0be7047b9f94cc54
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C76FB8A3BD38651A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (628)
Hash 61b4a6e7e9e75be14e646a3fc07a16cc
6b5103a5a289ea5683cb9df65822afd23f1b4c37
449a4060e109b94a1977ab019f2eaea290090d248c0bf32db0c670d6104afec5
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11341
Content-Type: application/javascript
Date: Sat, 01 Oct 2022 16:43:18 GMT
Etag: eca5d4573cb46cc108cd92e66f374616
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=BEA321B820791C0F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=278841438&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=278841438&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=278841438&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 16:43:19 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=22D22B397E21BFA9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=878481626&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=878481626&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=878481626&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 16:43:19 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=148F90DF8FF1A9E5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2021612601&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2021612601&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2021612601&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53595&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 16:43:19 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=40BC0FAE30D275FE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1406845789&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53596&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1406845789&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53596&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1406845789&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fhandyidiotic.cn%2F&v=1.2.97&lv=1&sn=53596&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FjAfEDXDF%2Fusps%2F%3F_t%3D1664642591788%231664642593049 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 16:43:19 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=3348C103A421C987; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d8201d9-93ae-492b-8ea9-d245fa2e4073.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d8201d9-93ae-492b-8ea9-d245fa2e4073.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9e7ba045a723120501994dea21709db
303c6bb672425443a15bbe22394bd1149f887904
b1bea7212e55ec8eaf62434214a86fed7d6a990d105984d79a7fa0e793395d59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d8201d9-93ae-492b-8ea9-d245fa2e4073.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3640
x-amzn-requestid: b5f5c567-8aa9-414b-8310-cf3006711ee9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJo1vFIwoAMF2mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333bb57-0f1cbcbb29287f5367a14b67;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 03:11:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GDkc-K5EE8VRClm1ymTQLg6vGaPliNgCox3kOk9E4d2YkCqRzEjdfg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 07:19:24 GMT
age: 33840
etag: "303c6bb672425443a15bbe22394bd1149f887904"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
172.67.151.125200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP 172.67.151.125:0
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Sat, 01 Oct 2022 17:18:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VCA6pupq7sF0ZcdEKHvuTZKpIW14Jj4BFKfxmKHwvSR150eT%2FvdV7JHoKhqACnpfCU2TnibWbkZJ%2BoLAba6RlvdccR%2FBmBuah4jXfXqIoJM6xVRBNfJ%2FJ84KoOGCtA4dAzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a7ffd803b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
172.67.151.125200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP 172.67.151.125:0
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Sat, 01 Oct 2022 16:06:02 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAI%2BxKWL8Ob2z9pWS9ceadlJuORTnmW72kh9y04rrWMadlIAzaTwy4kQtieyNB8kb2gAHE0YEqB4d3Ha9TYOqnc1YiPIDw%2FSm1o1%2FpH8jYpGG5x%2FSSPgMM7jTWeejmWD48A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a7ffdffcb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
172.67.151.125200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP 172.67.151.125:0
GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdsQwI6S5jC2ZwwNbaEnMvjelWJ3GXYdnwkp6yGGRsWcMv2CGKN45430-s2v57JOsXldQJq3rMwQOTmm_DkHtW4
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 17:12:16 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yC9e4hfMVp06X4nwWOaMmi8R1c%2F3uR4IK1ui3NnjZSRvKhfx0ArshU%2F4IMo1OxzKSXpjbuhJOkhtr9kgYTPvhuLemAnhTzszZunSe%2BflkZx6SymMRx8XCux0P50wp9ewlng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7536a800082fb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v00jtf.cn/jAfEDXDF/usps/?_t=1664642591788
172.67.188.168200 OK 0 B URL HTTP/2 v00jtf.cn/jAfEDXDF/usps/?_t=1664642591788
IP 172.67.188.168:0
Analyzer Verdict Alert fortinet Phishing
GET /jAfEDXDF/usps/?_t=1664642591788 HTTP/1.1
Host: v00jtf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://handyidiotic.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 16:43:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pType=mo; expires=Sat, 01-Oct-2022 16:55:15 GMT; Max-Age=720; path=/; domain=v00jtf.cn
usps-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn
usps-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XyUIIhPMJiEK9c0X3xVdxblV%2FsKwzhn3ZpPU4dpQmAZo0lTw4EDkmldm2RUxomb2wxNPDQB%2BE82hqeds7xDtjFVW87GntkhabbxrrtID6bXBDJg2XgeTBTo3KY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7536a7fe7e9eb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bonepa.com/4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_6928&maxw=0
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_6928&maxw=0
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
GET /4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_6928&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 16:43:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Sun, 02-Oct-2022 16:43:19 GMT; Max-Age=86400; secure; SameSite=None
used_ad2633647=1; expires=Sun, 02-Oct-2022 03:59:59 GMT; Max-Age=40600; path=/; secure; SameSite=None
total_impressions=1; expires=Sun, 02-Oct-2022 03:59:59 GMT; Max-Age=40600; secure; SameSite=None
used_c_51865=1; expires=Sun, 02-Oct-2022 16:43:19 GMT; Max-Age=86400; path=/; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2