www.xingfu.icu/
172.67.164.74301 Moved Permanently 0 B IP 172.67.164.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.xingfu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Feb 2023 22:07:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 08 Feb 2023 23:07:33 GMT
Location: https://www.xingfu.icu/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJ4KJzgxAgKeI2MrBwuRWhLCLu6yTRHjqLro%2FWDl2621pqz%2Ba78e%2Bm8j%2FTrXn3JbdpemHkIJZqyijFeHoPyETHnohLa0lB8kqAKyRjciAo68S62YSX7PBHzbwNU1FHQUUg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967adcbe86f1bfa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15545
Expires: Thu, 09 Feb 2023 02:26:39 GMT
Date: Wed, 08 Feb 2023 22:07:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11764
Expires: Thu, 09 Feb 2023 01:23:38 GMT
Date: Wed, 08 Feb 2023 22:07:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 21:34:13 GMT
content-type: application/json
age: 2001
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13714
Expires: Thu, 09 Feb 2023 01:56:08 GMT
Date: Wed, 08 Feb 2023 22:07:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JTziMdfiFRj4vZXshBFLOmJ0IMKHrB3hCN5wyB/RgEhgiFhvmrm8cvmkyZD0KobRBabYyCP5I+A=
x-amz-request-id: H22KQ75WNZNR4GBS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 21:36:06 GMT
age: 1888
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:34 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/8KGl76nEt0M
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8KGl76nEt0M
IP 216.58.211.3:0
Hash e2ed16a562b73e69103264850038e90e
df010aaf52206cd58bd49efe2d99102b798bc9e4
9a3cc3453d847d39b5805f9dcbf5c214a5796eaaa3134f2b81ea48076776ced8
POST /s/gts1p5/8KGl76nEt0M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/8KGl76nEt0M
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8KGl76nEt0M
IP 216.58.211.3:0
Hash e2ed16a562b73e69103264850038e90e
df010aaf52206cd58bd49efe2d99102b798bc9e4
9a3cc3453d847d39b5805f9dcbf5c214a5796eaaa3134f2b81ea48076776ced8
POST /s/gts1p5/8KGl76nEt0M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-7WYLDG8TEW
142.250.74.168200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-7WYLDG8TEW
IP 142.250.74.168:0
File type ASCII text, with very long lines (21849)
Hash 7ac55dc64a48520aa65e1232941dab16
65b9c7e2e2e13cf422576795fe29ce800fd34507
4a13fee05d46ca3487485a791dde22640bed1afc4252f205e2e3e5ec808cef22
GET /gtag/js?id=G-7WYLDG8TEW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xingfu.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 22:07:34 GMT
expires: Wed, 08 Feb 2023 22:07:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77719
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4531
Expires: Wed, 08 Feb 2023 23:23:05 GMT
Date: Wed, 08 Feb 2023 22:07:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 21:51:20 GMT
age: 974
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 61d478faa89367a80894816ec3477057
a1adece785b4023969912ff69f3f44ca23474838
e4cdcf23a08cd9db8874059179d4f83e5763ddbc45ee07a8ea53641d4bb75f5c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:07:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:34:04 GMT
Expires: Tue, 14 Feb 2023 06:34:03 GMT
Etag: "a1adece785b4023969912ff69f3f44ca23474838"
Cache-Control: max-age=461788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967add1ffe8b51b-OSL
push.services.mozilla.com/
44.233.250.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.233.250.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: A1SrRqeYVLoc9GqpvfPtwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B0bT0PpznVo8I4FkonCO9eSMWyE=
region1.google-analytics.com/g/collect?v=2&tid=G-7WYLDG8TEW>m=45je3260&_p=751804237&cid=1546550962.1675894111&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675894111&sct=1&seg=0&dl=https%3A%2F%2Fwww.xingfu.icu%2F&dt=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-7WYLDG8TEW>m=45je3260&_p=751804237&cid=1546550962.1675894111&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675894111&sct=1&seg=0&dl=https%3A%2F%2Fwww.xingfu.icu%2F&dt=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7WYLDG8TEW>m=45je3260&_p=751804237&cid=1546550962.1675894111&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675894111&sct=1&seg=0&dl=https%3A%2F%2Fwww.xingfu.icu%2F&dt=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xingfu.icu
Connection: keep-alive
Referer: https://www.xingfu.icu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.xingfu.icu
date: Wed, 08 Feb 2023 22:07:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3126
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 22:07:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3126
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 22:07:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3126
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 22:07:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3126
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 22:07:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 14:35:48 GMT
age: 27108
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KUNhk8O0jpb6OyjCo5RGruuV5633xiM-PBeb6c0BaJI8uFQ7Aflj2g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:53:58 GMT
age: 818
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lXTMw2s8GxQtwjucvNYZeHL-i8ECHbdGThUV5_vn2mKEhArswcO3VA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:43:09 GMT
age: 1467
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 06:25:01 GMT
age: 56555
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: 9f067f0c-2991-41ae-8dd0-5719a5438abc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PHwEn4IAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c564-730d01807c13643373d64897;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eSU1CSydRTodwnN5DNTXbYD3d3kYFCHiCvPRq5DZTTDSTH2L-GV_1g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:19:17 GMT
age: 85699
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iIQAy6CQSvnvQ79UJ6ifJbs-0kEqUYe8OyCqPb2HSKxoDoLykOyaLg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:43:28 GMT
age: 1448
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/91SdBRtEmxg
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/91SdBRtEmxg
IP 216.58.211.3:0
Hash 974607b9365790f41169b31778b42696
aa671238f47892eb7b46c6c71cd87514767aa0a6
4c9088c18dad6c6005fa670ccca01c775928320b3d08d5033a6fbdf24bb93be2
POST /s/gts1p5/91SdBRtEmxg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/91SdBRtEmxg
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/91SdBRtEmxg
IP 216.58.211.3:0
Hash 974607b9365790f41169b31778b42696
aa671238f47892eb7b46c6c71cd87514767aa0a6
4c9088c18dad6c6005fa670ccca01c775928320b3d08d5033a6fbdf24bb93be2
POST /s/gts1p5/91SdBRtEmxg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.buypass.com/
95.101.11.123200 OK 1.7 kB IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash a5ac7d07f582cb7d469821949f8722d6
6a9a4e3497f409e75d09b5637edcdb6f1468c17c
00fd538e25d86aebbc55ce82d1dbf335cd8c3d455bf7fc269e7929c8908a57ff
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 006b9a2a-df9c-4bf3-a1fd-6a4b63dca109
Content-Length: 1701
Date: Wed, 08 Feb 2023 22:07:37 GMT
Connection: keep-alive
ocsp.buypass.com/
95.101.11.123200 OK 1.7 kB IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash c2b587ff583493bb18bfad2a5090456f
b401106bbf336cb733425259bd6809ed9f35ada5
df6ada4e1a4c768f1382899697aa68523429691855fed3f017a8d82627a54052
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 8fe48f98-d1f0-475f-9335-38ac61961992
Content-Length: 1701
Date: Wed, 08 Feb 2023 22:07:37 GMT
Connection: keep-alive
ocsp.buypass.com/
95.101.11.123200 OK 1.7 kB IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash a5ac7d07f582cb7d469821949f8722d6
6a9a4e3497f409e75d09b5637edcdb6f1468c17c
00fd538e25d86aebbc55ce82d1dbf335cd8c3d455bf7fc269e7929c8908a57ff
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 9ba9c5fb-deb3-440f-9547-cddf09abebbc
Content-Length: 1701
Date: Wed, 08 Feb 2023 22:07:37 GMT
Connection: keep-alive
ocsp.buypass.com/
95.101.11.123200 OK 1.7 kB IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d71b874397a676814a29be845f2f5328
c00d1c97252b6044d812e829c33a577ff47c07ec
9d592b27d3709b1886475bf4b8ddab75bb33f1110d8d03c3c2d7b96bcdc05fc6
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 333e8479-8c9b-4133-8e81-882581ac8c3d
Content-Length: 1701
Date: Wed, 08 Feb 2023 22:07:37 GMT
Connection: keep-alive
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 2.9 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- exported SGML document, ASCII text, with very long lines (4658), with no line terminators
Hash b43f23e9de461afbfeffd04205ccd208
f235d32db7840bf0bba6f0deec515125b33d9231
b48f026e73b735e3d2bf9cddf85b0562dfc5c09fdab34660cc2b636bab7474e9
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 387
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xingfu.buzz
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e41d2910c9e8.372786183569812000%22%3B%7D; expires=Fri, 07-Feb-2025 22:07:37 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.pncloudfl.com/pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg
104.22.58.221200 OK 49 kB URL HTTP/2 cdn.pncloudfl.com/pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg
IP 104.22.58.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash eedf689c4a33b79c440062e703d60ff6
a8300edf1b950a50086eb44165a6f6ae278e5057
b8b368d98eb9d04ce213fa62fa781f3bad8d48e5a57f98359cb880ab9600579f
GET /pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/webp
content-length: 48676
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=83221
content-disposition: inline; filename="71add27d5bb61aab24af91ebe2af7f4205a35feb.webp"
etag: 1df69ad2c9b78c9186aaa33fa40c237f
expires: Thu, 09 Feb 2023 22:41:14 GMT
last-modified: Thu, 06 Oct 2022 02:00:51 GMT
vary: Accept
x-openstack-request-id: txe73bad396e604f28ab17d-00633e3eef
x-proxy-cache: HIT
x-timestamp: 1665021650.87526
x-trans-id: txe73bad396e604f28ab17d-00633e3eef
cf-cache-status: HIT
age: 84383
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7967ade1e8510b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xingfu.buzz/
104.21.71.175200 OK 88 kB IP 104.21.71.175:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3640), with CRLF, LF line terminators
Hash 1a8fc524f0beb90ecf07ccf6bf0fac40
d40c33204f2a3ca3e30e3585f7c9a36596a1a20b
2ff6ee357ebe6ded11098a2ded4d46ef61f16f4f73c54fb77047741f8e11cb99
GET / HTTP/1.1
Host: xingfu.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xingfu.icu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:36 GMT
content-type: text/html
last-modified: Tue, 07 Feb 2023 06:20:58 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1h39wPVbvJNClasieJeV3Md%2FqICx%2BCGg5euqjC6hEo0v7RWINgFB2HnRIVNncnVnZCWhSX9HGDZa2%2Bj%2F16cW2dDdD3uZ9MSZYtPJQJ96y8WXnWMzKeXBaVNMH%2BF6hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967addedfc4b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 61d478faa89367a80894816ec3477057
a1adece785b4023969912ff69f3f44ca23474838
e4cdcf23a08cd9db8874059179d4f83e5763ddbc45ee07a8ea53641d4bb75f5c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:34:04 GMT
Expires: Tue, 14 Feb 2023 06:34:03 GMT
Etag: "a1adece785b4023969912ff69f3f44ca23474838"
Cache-Control: max-age=461785,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967ade1b8a4b51b-OSL
ccjzuavqrh.com/chicken.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/chicken.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACQ6xAAAAAAAAAAB; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
OACIBLOCK=ACQ6xAAAAABj4yxQ; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Thu, 09 Feb 2023 22:07:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ccjzuavqrh.com/chicken.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/chicken.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACQ6xAAAAAAAAAAB; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
OACIBLOCK=ACQ6xAAAAABj4yxQ; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Thu, 09 Feb 2023 22:07:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ccjzuavqrh.com/lv/esnk/1944128/code.js
62.122.171.6200 OK 44 kB URL HTTP/2 ccjzuavqrh.com/lv/esnk/1944128/code.js
IP 62.122.171.6:0
Hash 5bfb6249327df97c8bbbd5272abc5dd3
62194e81512f4d56dc03f26bc3261f3f8a6bd6d6
9718fae6e9470e7d9c734fe6d3ae2735b2da2a1f67ddef8b80bd2b7dbb05cdf8
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1944128/code.js HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 11:38:30 GMT
vary: Accept-Encoding
etag: W/"63e0e6b6-1a880"
x-js-ab1: var28
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ccjzuavqrh.com/chicken.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/chicken.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACSxrAAAAAAAAAAB; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
OACIBLOCK=ACSxrAAAAABj4yxQ; Path=/; Expires=Fri, 10 Mar 2023 22:07:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Thu, 09 Feb 2023 22:07:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PS2pDMQy8Si/wjL6WnXW7bSElB7Dfp3TzCCmB16DD1zYEqlnMIEbDiIB4ApogvaCdwE5snjFkCEIBVfz94+yCvtfrNdRyc6EImj1RgkieLUcglxRJMrlCcrFkatEtM4BoW4CzQwMpi3QVAJgJDCkDqEhyA798vvrb5ewYIFF+EnlLOUjBcVTpadI0HD0RK61GshButSxrScxctDLhjFS5dKMf3/vXdg/1/niMGqOAYk+h56JhwkFtwIcqP7/77P7P0qHjKLaXeyVfSym8lKX9gRGVYN02ybbQMiOuCf8AK5nIrmABAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PS2pDMQy8Si/wjL6WnXW7bSElB7Dfp3TzCCmB16DD1zYEqlnMIEbDiIB4ApogvaCdwE5snjFkCEIBVfz94+yCvtfrNdRyc6EImj1RgkieLUcglxRJMrlCcrFkatEtM4BoW4CzQwMpi3QVAJgJDCkDqEhyA798vvrb5ewYIFF+EnlLOUjBcVTpadI0HD0RK61GshButSxrScxctDLhjFS5dKMf3/vXdg/1/niMGqOAYk+h56JhwkFtwIcqP7/77P7P0qHjKLaXeyVfSym8lKX9gRGVYN02ybbQMiOuCf8AK5nIrmABAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01PS2pDMQy8Si/wjL6WnXW7bSElB7Dfp3TzCCmB16DD1zYEqlnMIEbDiIB4ApogvaCdwE5snjFkCEIBVfz94+yCvtfrNdRyc6EImj1RgkieLUcglxRJMrlCcrFkatEtM4BoW4CzQwMpi3QVAJgJDCkDqEhyA798vvrb5ewYIFF+EnlLOUjBcVTpadI0HD0RK61GshButSxrScxctDLhjFS5dKMf3/vXdg/1/niMGqOAYk+h56JhwkFtwIcqP7/77P7P0qHjKLaXeyVfSym8lKX9gRGVYN02ybbQMiOuCf8AK5nIrmABAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e41d2910c9e8.372786183569812000%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xingfu.buzz
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 07 Feb 2025 22:07:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oEMQz7lf7ADLKdxMmee26hpR+QzKP0sixdFqaLPr6ZKSy1MNZBlmyF2gAdkJ/ET/CTOYuMBWPQUWLgy+sbg/DcLpex1W9KMRVl1oykLF4SlCEnDQWMyLSCkC3TcyqGnBhAIzo0Wgg7GwGhgx/vz0dLh1IStgR0vmfSu23n2PZVabq4hlllbXVeajazGls/ZRJtVncht6/z53ob2+1+P/L+kmI53PHAIMfoBR6sXn/OE/lPsiM+loS02VP/1F1tWVLFOte6RF/i1JqvzX4Bn0vTs0cBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oEMQz7lf7ADLKdxMmee26hpR+QzKP0sixdFqaLPr6ZKSy1MNZBlmyF2gAdkJ/ET/CTOYuMBWPQUWLgy+sbg/DcLpex1W9KMRVl1oykLF4SlCEnDQWMyLSCkC3TcyqGnBhAIzo0Wgg7GwGhgx/vz0dLh1IStgR0vmfSu23n2PZVabq4hlllbXVeajazGls/ZRJtVncht6/z53ob2+1+P/L+kmI53PHAIMfoBR6sXn/OE/lPsiM+loS02VP/1F1tWVLFOte6RF/i1JqvzX4Bn0vTs0cBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oEMQz7lf7ADLKdxMmee26hpR+QzKP0sixdFqaLPr6ZKSy1MNZBlmyF2gAdkJ/ET/CTOYuMBWPQUWLgy+sbg/DcLpex1W9KMRVl1oykLF4SlCEnDQWMyLSCkC3TcyqGnBhAIzo0Wgg7GwGhgx/vz0dLh1IStgR0vmfSu23n2PZVabq4hlllbXVeajazGls/ZRJtVncht6/z53ob2+1+P/L+kmI53PHAIMfoBR6sXn/OE/lPsiM+loS02VP/1F1tWVLFOte6RF/i1JqvzX4Bn0vTs0cBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e41d2910c9e8.372786183569812000%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xingfu.buzz
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 07 Feb 2025 22:07:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QW0oEQQy8iheYpvLsnv32W0HxAN07s+LPsCgL45LD29OCmCKkEpJUCINlAk8oD5RPyCfJMVOakZQTmcbT80soxdau19TqZxiRFY3CBc4x59nBocVZSwlDd4GaI7Izl7kXFCGBDjZRPVgCPDLi7fVxOHVwkGN3oPNDs6ehnWM/RqnxmlkXpkury1qLiFRrwnQmblKPxtg/tvfLLbXb/T70fpWyje34w0QjdEMMVr++t3PEv5YDNoYkSPW4KVpd3YWtNjVSyy65wLgtsP4nX34AuVVkoUoBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QW0oEQQy8iheYpvLsnv32W0HxAN07s+LPsCgL45LD29OCmCKkEpJUCINlAk8oD5RPyCfJMVOakZQTmcbT80soxdau19TqZxiRFY3CBc4x59nBocVZSwlDd4GaI7Izl7kXFCGBDjZRPVgCPDLi7fVxOHVwkGN3oPNDs6ehnWM/RqnxmlkXpkury1qLiFRrwnQmblKPxtg/tvfLLbXb/T70fpWyje34w0QjdEMMVr++t3PEv5YDNoYkSPW4KVpd3YWtNjVSyy65wLgtsP4nX34AuVVkoUoBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01QW0oEQQy8iheYpvLsnv32W0HxAN07s+LPsCgL45LD29OCmCKkEpJUCINlAk8oD5RPyCfJMVOakZQTmcbT80soxdau19TqZxiRFY3CBc4x59nBocVZSwlDd4GaI7Izl7kXFCGBDjZRPVgCPDLi7fVxOHVwkGN3oPNDs6ehnWM/RqnxmlkXpkury1qLiFRrwnQmblKPxtg/tvfLLbXb/T70fpWyje34w0QjdEMMVr++t3PEv5YDNoYkSPW4KVpd3YWtNjVSyy65wLgtsP4nX34AuVVkoUoBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e41d2910c9e8.372786183569812000%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xingfu.buzz
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 07 Feb 2025 22:07:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oDMQz8lf7AmrEelp1ze20hJR9g72ZLLyGkBLZBH197oaWagwZpRowIxBNoQn6KdoAd2LzEUBCEQlTx17ejS/RLu15DqzcXStDimTISebGSQC45kRRxRXaxbGrJrTAgXSNwdnSQsshgAWBJnMVgRoXUDX56f/aX09FjQKby17oZ2Ejhcc8yzknn2MbJ2OhsJAvFtdXlXDMzV21McY7UuA6hb5+Xj/Ue2v3x2HPsCVStL+l30DHFvfWC76x+fV9m93+SAd1Nqf88IvmKwikVJTDPkhss2VyL1ixLlEV/AOQUkdhhAQAA
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oDMQz8lf7AmrEelp1ze20hJR9g72ZLLyGkBLZBH197oaWagwZpRowIxBNoQn6KdoAd2LzEUBCEQlTx17ejS/RLu15DqzcXStDimTISebGSQC45kRRxRXaxbGrJrTAgXSNwdnSQsshgAWBJnMVgRoXUDX56f/aX09FjQKby17oZ2Ejhcc8yzknn2MbJ2OhsJAvFtdXlXDMzV21McY7UuA6hb5+Xj/Ue2v3x2HPsCVStL+l30DHFvfWC76x+fV9m93+SAd1Nqf88IvmKwikVJTDPkhss2VyL1ixLlEV/AOQUkdhhAQAA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Py2oDMQz8lf7AmrEelp1ze20hJR9g72ZLLyGkBLZBH197oaWagwZpRowIxBNoQn6KdoAd2LzEUBCEQlTx17ejS/RLu15DqzcXStDimTISebGSQC45kRRxRXaxbGrJrTAgXSNwdnSQsshgAWBJnMVgRoXUDX56f/aX09FjQKby17oZ2Ejhcc8yzknn2MbJ2OhsJAvFtdXlXDMzV21McY7UuA6hb5+Xj/Ue2v3x2HPsCVStL+l30DHFvfWC76x+fV9m93+SAd1Nqf88IvmKwikVJTDPkhss2VyL1ixLlEV/AOQUkdhhAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e41d2910c9e8.372786183569812000%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xingfu.buzz
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 07 Feb 2025 22:07:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4b39eb95df25d95c3aaabbf897c5f4eb
1b80cda5dd2ee56df5f8577ffcf82642e473616d
699bb26b819a1a56e70d40d2a933fdac56339ffd32c791813853ca26b66d9992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5860
Cache-Control: max-age=101235
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e2eeb8-118"
Expires: Fri, 10 Feb 2023 02:14:52 GMT
Last-Modified: Wed, 08 Feb 2023 00:37:12 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
s3t3d2y8.afcdn.net/library/426059/6b652d60271d1474f9b3e4231d162ecd268a899f.mp4
185.76.9.19206 Partial Content 17 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/6b652d60271d1474f9b3e4231d162ecd268a899f.mp4
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 5f12af07b5826552a75db08153af5cdd
6b652d60271d1474f9b3e4231d162ecd268a899f
1d29cb5f015592b0ff2fe0bd08ff553d7c3530954da18bc17b29f1c5f895bc15
GET /library/426059/6b652d60271d1474f9b3e4231d162ecd268a899f.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: video/mp4
content-length: 16821
last-modified: Tue, 07 Feb 2023 17:53:53 GMT
etag: "63e29031-41b5"
expires: Wed, 07 Feb 2024 18:27:11 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1707330476
server: CDN77-Turbo
x-77-nzt: AblMCQ1NXpj//YQBAA
x-77-nzt-ray: c0a4cc284dc1c9f4291de46310c0e118
x-cache: HIT
x-age: 99581
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-16820/16821
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/4fb58cbf7b0e20191aa2ab08911238caa1c69e33.mp4
185.76.9.19206 Partial Content 190 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/4fb58cbf7b0e20191aa2ab08911238caa1c69e33.mp4
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 190 kB (190269 bytes)
Hash 6f30751314cfb2b2280f668dc6c4ee4b
4fb58cbf7b0e20191aa2ab08911238caa1c69e33
7d838642d7b7cf42780fc70243a27a73bd22e3e9135d24e79d5b1ed0cc547560
GET /library/426059/4fb58cbf7b0e20191aa2ab08911238caa1c69e33.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: video/mp4
content-length: 190269
last-modified: Tue, 07 Feb 2023 17:53:42 GMT
etag: "63e29026-2e73d"
expires: Wed, 07 Feb 2024 18:27:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1707330457
server: CDN77-Turbo
x-77-nzt: AblMCQ1qC1f/EIUBAA
x-77-nzt-ray: c0a4cc284dc1c9f4291de463b8979618
x-cache: HIT
x-age: 99600
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-190268/190269
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a77924333faf583901b105005d00c0d1
ad357fab1697697cba7308514e76cf8ceaf2dd86
983e6f65c4b4711af2d367e9ba4521df56f4fc07bbd7b0a4ebfab8d9274557fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4026
Cache-Control: max-age=155906
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e3cb71-118"
Expires: Fri, 10 Feb 2023 17:26:03 GMT
Last-Modified: Wed, 08 Feb 2023 16:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOptrnpttdZXPPbdLa6V01cqq5ZXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6bSfeyenaebjTPbfO2iijOrSiebWafSjN0rldg54PHodjHOdK6V0rpXSuldK6V0rg.wA--&p1=5304560&trackOff=1&kbLimit=1000
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOptrnpttdZXPPbdLa6V01cqq5ZXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6bSfeyenaebjTPbfO2iijOrSiebWafSjN0rldg54PHodjHOdK6V0rpXSuldK6V0rg.wA--&p1=5304560&trackOff=1&kbLimit=1000
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOptrnpttdZXPPbdLa6V01cqq5ZXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6bSfeyenaebjTPbfO2iijOrSiebWafSjN0rldg54PHodjHOdK6V0rpXSuldK6V0rg.wA--&p1=5304560&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:07:37 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOptrnpttdZXPPbdLa6V01cqq5ZXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6bSfeyenaebjTPbfO2iijOrSiebWafSjN0rldg54PHodjHOdK6V0rpXSuldK6V0rg.wA--&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67569723.29806; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCdd1Ddb6YkKuSHYCRz6iLDe7d2rg; SameSite=None; Secure; path=/; expires=Thu, 09-Feb-23 21:07:37 GMT; HttpOnly
server: cloudflare
cf-ray: 7967ade33c8db4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a77924333faf583901b105005d00c0d1
ad357fab1697697cba7308514e76cf8ceaf2dd86
983e6f65c4b4711af2d367e9ba4521df56f4fc07bbd7b0a4ebfab8d9274557fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4026
Cache-Control: max-age=155906
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e3cb71-118"
Expires: Fri, 10 Feb 2023 17:26:03 GMT
Last-Modified: Wed, 08 Feb 2023 16:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4b39eb95df25d95c3aaabbf897c5f4eb
1b80cda5dd2ee56df5f8577ffcf82642e473616d
699bb26b819a1a56e70d40d2a933fdac56339ffd32c791813853ca26b66d9992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5860
Cache-Control: max-age=101235
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e2eeb8-118"
Expires: Fri, 10 Feb 2023 02:14:52 GMT
Last-Modified: Wed, 08 Feb 2023 00:37:12 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d6f5a5e227740905025ee384af172f2
59d9c0e94aa9b72351b97f54b206ad12c9157d77
a6e87d75e28ab3181bb639fddac2564c31ab206dacd174d200f1081969fbe261
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A6E87D75E28AB3181BB639FDDAC2564C31AB206DACD174D200F1081969FBE261"
Last-Modified: Wed, 08 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4166
Expires: Wed, 08 Feb 2023 23:17:03 GMT
Date: Wed, 08 Feb 2023 22:07:37 GMT
Connection: keep-alive
onegamepics.com/bnr/4/832/1d7346/8321d7346fb501efaf08e910f46ceb70.png
172.67.203.233200 OK 344 B URL HTTP/2 onegamepics.com/bnr/4/832/1d7346/8321d7346fb501efaf08e910f46ceb70.png
IP 172.67.203.233:0
Hash 8d6f5a5e227740905025ee384af172f2
59d9c0e94aa9b72351b97f54b206ad12c9157d77
a6e87d75e28ab3181bb639fddac2564c31ab206dacd174d200f1081969fbe261
GET /bnr/4/832/1d7346/8321d7346fb501efaf08e910f46ceb70.png HTTP/1.1
Host: onegamepics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/png
content-length: 166242
last-modified: Tue, 21 Jun 2022 14:25:48 GMT
etag: "62b1d4ec-28962"
expires: Mon, 06 Feb 2023 12:40:33 GMT
cache-control: max-age=345600
cf-cache-status: HIT
age: 293224
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvsIZllS8vSrs7UpINEH%2Fh6%2BdSxR33n8toTuseX8UmpuIJ1%2FIQmWbUfqN19GUVPtLTpeqMMIe2Sj8ZnTeAkPlpX5JZTDWAQwsqCIKsPkj0wCaSNqaHCuQVGv98Dp8AOcfxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade47866b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
216.58.211.3200 OK 782 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP 216.58.211.3:0
Hash a1bbc7a0761469a569c1bfd3834a362a
3010a41e7c73ee14f3eae062579d84764dadb7fc
693baf6ed92ec11fc9f29efcab51eb8fc6da4f3a968b3f8706ae596c96b6c9f3
POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ccjzuavqrh.com/whob.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/whob.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1944065&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=z0ttdhHAPBvm6eS4wzWMbeJnSvMm72CKbvjiTg-l19z3JBs-JH6XwZNjoC4R6NB65TmCk6-QxMdNPU4pPvm1fW_7pGWVdHQHVqmVkSg4l3_rB-wpITrP_9Eu0cC3t8eHuFXBaE3drT0vHcn8WZJ8ghLQyvGXcXVzjcnAK-E3fo87bgoLNAqG531eD1WNjy_uEbQxLC1DeYhc3onOUWESSkuTwELvsFt9Myt46kcez1jfsSLv4Ntj84Tt8TPFm8fM7eMopDz_8X2T0irRQjJ52_9hKu9Mq3rukwigyV4TvT8rRd8L-Ph59zYT2AmgteR_AnbYsIdNS6ObC7ftejtf7vIEflcUmJBMOx0nUXltz5rJHUHg6J7d3egb7PXkmyk3kOBHB-FbQtOteZwpqYQxZyzQgZEOLukqYcc7TlApAsRR-40grkmRuQbktyKezjp38uVfm5VUXG0tOWwTV1dNCkidOAsa1mUKrdfkw6w61PHNwEK5az1Da-c4hNBqLnW-voeC7crsn9U_8KkMta9YyTcNDafx59HiL0Ffps29Bu8BuEcz-sAQnZi7xSt1Xw63KV-IYJoK4HmYwFPmf_zvYLGyrACG9jXngqMPPB8ZwPEJcAHGw9cv2dvRai6EccSCTqiEICTsecDdEDGgjMWwv7hjZDKc6uvsvNjyEoCtxzJxKJq49799zqBdGB9FzFihH6-MZzpIdRtMe9Z_fSf29O0lwNzbM91VV7CJiXHpan4O3slL6oMVMTBW-QBPAmxjIK15weyIBaFX8u-EPGsROZKhjqo6tmQYoaUXZ4pR-ndGUuEJZI1HruorrKHfjvcjNXiYGRJeH_qOyGPVaw==&abvar=29&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e; OACICAP=ACQ6xAAAAAAAAAAB; OACIBLOCK=ACQ6xAAAAABj4yxQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ccjzuavqrh.com/whob.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/whob.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1944129&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=YuO4DSjKbyzbmu_Ku_Z2pSG-VTNms-2V_J1k1PBguotB3Ap-YwGSUsCcOTN2UyYWNuT5mGqEFOEcIRXPEPgvVD-JlMeBYCTv1Js4T8WCHphckT7239AuKaas1P93rnhCBp7PNlROGG6AG1JU73sdxhakhlcoN77GZD5vQ-vMe_ZPFVz89ufnSy81Kl9vj0NxWiPY6CbpcAdRh3YUQNkoGz9KnF4UygczM0pAvwk6loE36-rNptto2yF12ZJvI-9GqPNoRWpF8KKyq6S95qH-jPjxh3Xxd96YL4MT-Yg-i7FEsSdauRGp1zosn2yB4DSxAgCfADew8R5kMvcEE7BrJF1yDLTTJ_zSsIA5a_H2vkR-sryb2-b5ih3PbP9pGyAxK-j1zMm_IqPV8cggV3pcWlwClw3RBlGn_ifnzuMZLtB_OvIxUrsvVn4LiD50bXRRKDGIx6aDVZNUI25eLtO5ErjqG7OXq7cEPmiJCvHdJeaShVGaGvbzhApPw5l2fr1857qlI2m8swf-Mkcm0GX_8GbdLZmI44sdFbXUy-qEpjT1vwqgr42a80i5ZagdaZjbnFyXOEvwh54J-x66jPfFwj6MDqrwTRcipPHs6lhTlnpO7_SAFLg90WPpNedcuMzVJSC5Cb8Ibz5csKNfk_qGxyxhmIwCd_vztBqfJ-huWmRWzpjCVoDRalgn8-gZQeLS1Qi5uP1UHmIltXRkKXA2kL81Vt-iEQ83mBAw8MPnWSepf4xUXVD5tBnTa4U0unM6cvWt6HzLzD-_nbFAIK9x5eHmF0QGX_e-0lW1J9BT2eCVmMVkbBskrOKcGW4136paLwjjhwwx1za5VPyImbPb&abvar=27&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e; OACICAP=ACQ6xAAAAAAAAAAB; OACIBLOCK=ACQ6xAAAAABj4yxQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ccjzuavqrh.com/whob.gif?z=1944128&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=uzPNe5CDOgUc2jDUhlGOYayhshXezAKfGwkhKOttzYzhLuLvRVVDdq8yXe8GaelMZa5NSGR2X3l5Jah3TzPEu8PKGlR5BfovjMWTEEdcdI4PuiB-r2oayARhLii8F6wl3fF2jNeZ6J8-0a_tuu0qqtwffJTT26ns54zJn0lwP3QQ7IcQihdrwxmVflc3Uve9_2ea-UPTAlx9hscE00HwUd0cRATNo3hhVwC69HgO2mMQ82CfMqiaw1-bnTq_Sff2DWPKpmtAdlvyHCIJI-a7DO1LkulN_BRFKUj-1WjJy81IveCj8Hw61P9169F91zvYWUn2GQJkG5TGB2aO1K_Ip0jMIahuW9PZ_Bta_xmyIsPr9-uIMExORTufktUYBFTZWl6nhq8HV1cNrH7i3RTkKqdjmxfuT8H7cq3GZ1nZP0LKqmkH2YQezmTJsg8vCaMT0zpJg_zntWaycOwdhxgyrEDtosg8ceuolYbWE3OmLeWqz9GRkxQJqJyXL-11A9cw2-Xb5YEpuhpNTRUxmWX5z7PYtdL44ECxf_P5rMICF9x8bdq7j0NJmh2GNYDgPUhgwkbHmzLKdVxLnh-PqRHreTFKjzdoRBRHsBKD5rc9qS5G8N5M2ULn1yDue8hn6ZRVeUXWXBPMRzNIbclhJ-a_M4M8wRq1wJVWrILdXf0d7AKp3WGZqCSoyebG_ibs44EUSzGbw-Dooj8s-43jNVgYbK9o8FFHaZM0jJYN_3rXOU8v-1UWS_wly9WDDW7INIb2LTWVst81v40ukWK4uWg4sgs7NVG0c1prc_jV9nkvm0Qd33Vrv-nBKpVqePj3WFI8pFVCLLoIYCVIekVAhWE3&abvar=28&os=0
62.122.171.6200 OK 137 B URL HTTP/2 ccjzuavqrh.com/whob.gif?z=1944128&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=uzPNe5CDOgUc2jDUhlGOYayhshXezAKfGwkhKOttzYzhLuLvRVVDdq8yXe8GaelMZa5NSGR2X3l5Jah3TzPEu8PKGlR5BfovjMWTEEdcdI4PuiB-r2oayARhLii8F6wl3fF2jNeZ6J8-0a_tuu0qqtwffJTT26ns54zJn0lwP3QQ7IcQihdrwxmVflc3Uve9_2ea-UPTAlx9hscE00HwUd0cRATNo3hhVwC69HgO2mMQ82CfMqiaw1-bnTq_Sff2DWPKpmtAdlvyHCIJI-a7DO1LkulN_BRFKUj-1WjJy81IveCj8Hw61P9169F91zvYWUn2GQJkG5TGB2aO1K_Ip0jMIahuW9PZ_Bta_xmyIsPr9-uIMExORTufktUYBFTZWl6nhq8HV1cNrH7i3RTkKqdjmxfuT8H7cq3GZ1nZP0LKqmkH2YQezmTJsg8vCaMT0zpJg_zntWaycOwdhxgyrEDtosg8ceuolYbWE3OmLeWqz9GRkxQJqJyXL-11A9cw2-Xb5YEpuhpNTRUxmWX5z7PYtdL44ECxf_P5rMICF9x8bdq7j0NJmh2GNYDgPUhgwkbHmzLKdVxLnh-PqRHreTFKjzdoRBRHsBKD5rc9qS5G8N5M2ULn1yDue8hn6ZRVeUXWXBPMRzNIbclhJ-a_M4M8wRq1wJVWrILdXf0d7AKp3WGZqCSoyebG_ibs44EUSzGbw-Dooj8s-43jNVgYbK9o8FFHaZM0jJYN_3rXOU8v-1UWS_wly9WDDW7INIb2LTWVst81v40ukWK4uWg4sgs7NVG0c1prc_jV9nkvm0Qd33Vrv-nBKpVqePj3WFI8pFVCLLoIYCVIekVAhWE3&abvar=28&os=0
IP 62.122.171.6:0
Hash d1a33d83d9b1ad12748b42ad40156852
e83b301379f1e2507534d9fb6d06231cc2cb07ef
79346a0abe80090498ddeeb5b1f91689a2c91b4f1e42a7b3b06675da7a70a978
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1944128&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=uzPNe5CDOgUc2jDUhlGOYayhshXezAKfGwkhKOttzYzhLuLvRVVDdq8yXe8GaelMZa5NSGR2X3l5Jah3TzPEu8PKGlR5BfovjMWTEEdcdI4PuiB-r2oayARhLii8F6wl3fF2jNeZ6J8-0a_tuu0qqtwffJTT26ns54zJn0lwP3QQ7IcQihdrwxmVflc3Uve9_2ea-UPTAlx9hscE00HwUd0cRATNo3hhVwC69HgO2mMQ82CfMqiaw1-bnTq_Sff2DWPKpmtAdlvyHCIJI-a7DO1LkulN_BRFKUj-1WjJy81IveCj8Hw61P9169F91zvYWUn2GQJkG5TGB2aO1K_Ip0jMIahuW9PZ_Bta_xmyIsPr9-uIMExORTufktUYBFTZWl6nhq8HV1cNrH7i3RTkKqdjmxfuT8H7cq3GZ1nZP0LKqmkH2YQezmTJsg8vCaMT0zpJg_zntWaycOwdhxgyrEDtosg8ceuolYbWE3OmLeWqz9GRkxQJqJyXL-11A9cw2-Xb5YEpuhpNTRUxmWX5z7PYtdL44ECxf_P5rMICF9x8bdq7j0NJmh2GNYDgPUhgwkbHmzLKdVxLnh-PqRHreTFKjzdoRBRHsBKD5rc9qS5G8N5M2ULn1yDue8hn6ZRVeUXWXBPMRzNIbclhJ-a_M4M8wRq1wJVWrILdXf0d7AKp3WGZqCSoyebG_ibs44EUSzGbw-Dooj8s-43jNVgYbK9o8FFHaZM0jJYN_3rXOU8v-1UWS_wly9WDDW7INIb2LTWVst81v40ukWK4uWg4sgs7NVG0c1prc_jV9nkvm0Qd33Vrv-nBKpVqePj3WFI8pFVCLLoIYCVIekVAhWE3&abvar=28&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e; OACICAP=ACQ6xAAAAAAAAAAB; OACIBLOCK=ACQ6xAAAAABj4yxQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ccjzuavqrh.com/whob.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0
62.122.171.6200 OK 43 B URL HTTP/2 ccjzuavqrh.com/whob.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1944127&pb=c43de46b6a5531557ceaea73b243e86f1675901257&psp=1-gej1FxunErxCJFtDiU7vbJ5EBGSLiU15UwaxR6F1BPX0JmlSClhgVl8klZItlDCPcTxD8dgHxnMHNjyQbcD0iAzlMX3ftq3VvMhbyvWn0d7GEvRiusp34bui0w_x2S7DNTb9kygV77k_D-7gbb1-Y1J4eskblGy1ALEP3qVICoXzku6WfqQj1ef1RlH5dDtoY3leuO2iisYfHXBwiRWxDq4ljXloZVWQX72NyTjJqhlmAYWrjt2nwZwMuXbK0zVbpZ8rPv4sXF8lsSnqoBzxMysimib3TgBhY47B2UHvYy7_2ud0nTh5xS8fVIgS_HyFBKF84uihwl5E4o2ttCAfml47PB1qMrMIkgp_cOAzbkG98m2Avsd7_Oor-hgKjQLH3zaOiOJLQDjrJVihfhjfkAI3ZjWef8_mvQMphX_x6Ga0C0N70zskky1EOZ77yT-VNmQW7Dne29wF4FRo67yYixR_RshLYKpBzHCkhkqnDsjzR0rvzTQMEwVmdhInkhyQWj7HiR5PgZptQ4hA_DCkDFkZBVWZ2IZgeY_bBOoXCC7retvPGkQSMQgdhend-A3vLZ33D3Cy3lrejMeLvOPEJ36HaRAYmYsuPCY_70Jtb3XCDfQ49xsryveREwWUche1EyDJJ57CRjkvYLwOrjYGRYvmt_TL-5tHjOAbS2Ha5CGnxHI1z0O41K1QJRz3mEYIv8Fwfu7oqvy7bj61QMHHHT-jz35nrX3uUEviujhBV4_GteJ2cyuSk8T5eEaIleaeWW_A2ReGM7OCGmgy1zNZng3Gd4sX-hjbT857tPiYwJU3MIYxUTEUb1zGC0yXcl4q2TW_5RdZbaKxhghcG4&abvar=28&os=0 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230208170758b1af0747a24746a83b66372e; OACICAP=ACQ6xAAAAAAAAAAB; OACIBLOCK=ACQ6xAAAAABj4yxQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 384e5d3c42375faac444e1d182e29243
523223928902dc1be66d43852c51e21b6649ccb8
2f79b0cdfa8445867ad3373a3b7955957bb2a50cacf1cba75918e2a36dbc8acb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4181
Cache-Control: max-age=106762
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e30ade-116"
Expires: Fri, 10 Feb 2023 03:46:59 GMT
Last-Modified: Wed, 08 Feb 2023 02:37:18 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 2827
expires: Thu, 09 Feb 2023 02:07:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade58de5b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 384e5d3c42375faac444e1d182e29243
523223928902dc1be66d43852c51e21b6649ccb8
2f79b0cdfa8445867ad3373a3b7955957bb2a50cacf1cba75918e2a36dbc8acb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4181
Cache-Control: max-age=106762
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e30ade-116"
Expires: Fri, 10 Feb 2023 03:46:59 GMT
Last-Modified: Wed, 08 Feb 2023 02:37:18 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
216.58.211.3200 OK 2.1 kB URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP 216.58.211.3:0
Hash 33c86b5c0052e08a69277fe07ad29156
b7af8b0e37519257e22bcd33fd345a51a46c5959
c2758a5e011cfc58e439f1f7c7931183559d9fbbcbb9258a4e0b0acd7aca4b87
POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=05f747f9753a0b4172a8faf1128a78e1 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A43686%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-08%22%3B%7D%7D; expires=Thu, 08 Feb 2024 22:07:37 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exoclick.com/tag.php?goal=b6647498898aaf300c2b252f70f24c63
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=b6647498898aaf300c2b252f70f24c63
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=b6647498898aaf300c2b252f70f24c63 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:07:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83757%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-08%22%3B%7D%7D; expires=Thu, 08 Feb 2024 22:07:37 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash a28222744ed7330bea9a621b935adcc1
d6c82547cae9ebf20c9e2534b2b072977d721399
14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142894
Date: Wed, 08 Feb 2023 22:07:37 GMT
Etag: "63e3a415-1d7"
Expires: Fri, 10 Feb 2023 13:49:11 GMT
Last-Modified: Wed, 08 Feb 2023 13:31:01 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BrZtAJVOlLJZyOiLp5_fhsxc0ahILSwHbWJSM5NcFGPzy5VGkeWBNQ==
Age: 1090
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a92ccff8d4f5dbf498a84273c497750a
6e1f87bbaacd48a45b942601f23866aee9cf4e84
a141f97dc5fe23c6e997b749b2d9eb9a9dcc37fd3d50977f5dcf5bfa3a639826
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6279
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:38 GMT
Last-Modified: Wed, 08 Feb 2023 20:22:59 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a92ccff8d4f5dbf498a84273c497750a
6e1f87bbaacd48a45b942601f23866aee9cf4e84
a141f97dc5fe23c6e997b749b2d9eb9a9dcc37fd3d50977f5dcf5bfa3a639826
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6279
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:38 GMT
Last-Modified: Wed, 08 Feb 2023 20:22:59 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675893961/78788500
104.18.63.124200 OK 26 kB URL HTTP/2 img.strpst.com/thumbs/1675893961/78788500
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f310799ff326fb91d9f7d5dd10349fd2
c2fab68e4fbb6ac4b7c94b268996c60440a13396
cf688c61e0c60bc2175aade0a5c93152da848b5251a6ced022116da8e606fa4a
GET /thumbs/1675893961/78788500 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/jpeg
content-length: 26203
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27155, status=webp_bigger
etag: "020396f7cbb29f22dc079b73551c8c26"
last-modified: Wed, 08 Feb 2023 22:05:16 GMT
cf-cache-status: HIT
age: 60
expires: Wed, 08 Feb 2023 22:37:38 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade79edc0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a92ccff8d4f5dbf498a84273c497750a
6e1f87bbaacd48a45b942601f23866aee9cf4e84
a141f97dc5fe23c6e997b749b2d9eb9a9dcc37fd3d50977f5dcf5bfa3a639826
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2076
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:38 GMT
Last-Modified: Wed, 08 Feb 2023 21:33:02 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a92ccff8d4f5dbf498a84273c497750a
6e1f87bbaacd48a45b942601f23866aee9cf4e84
a141f97dc5fe23c6e997b749b2d9eb9a9dcc37fd3d50977f5dcf5bfa3a639826
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6279
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:38 GMT
Last-Modified: Wed, 08 Feb 2023 20:22:59 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675893961/2935682
104.18.63.124200 OK 63 kB URL HTTP/2 img.strpst.com/thumbs/1675893961/2935682
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash ba07d6e6a9ed73d12c2d3270ca646f0d
e873b8730d84485500f0f4b21d2e21f8900b8656
ed85242063f691850534028cfa1ecf79018acdad2dfea04209bcea37be6bdb12
GET /thumbs/1675893961/2935682 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/jpeg
content-length: 63083
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=65903, status=webp_bigger
etag: "5a2d11aaf30c9dd3e644cb740cf5329e"
last-modified: Wed, 08 Feb 2023 22:05:59 GMT
cf-cache-status: HIT
age: 60
expires: Wed, 08 Feb 2023 22:37:38 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade7bef70afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675893961/90342407
104.18.63.124200 OK 24 kB URL HTTP/2 img.strpst.com/thumbs/1675893961/90342407
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 95597c00da1c1ebc49ea67c132dc6787
6a8984e6929644272d2990e2a4c8d3f5e99c94da
79d87e5dafbbb125b9f6d9cfa1d96b4f6486bcfefb2dcf61740bbcfd6cb08ea0
GET /thumbs/1675893961/90342407 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/jpeg
content-length: 23478
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24729, status=webp_bigger
etag: "bfcb817c9e9f282c945583c3f5fd9c7e"
last-modified: Wed, 08 Feb 2023 22:06:04 GMT
cf-cache-status: HIT
age: 60
expires: Wed, 08 Feb 2023 22:37:38 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade7befd0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a92ccff8d4f5dbf498a84273c497750a
6e1f87bbaacd48a45b942601f23866aee9cf4e84
a141f97dc5fe23c6e997b749b2d9eb9a9dcc37fd3d50977f5dcf5bfa3a639826
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6279
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:07:38 GMT
Last-Modified: Wed, 08 Feb 2023 20:22:59 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675893961/73697527
104.18.63.124200 OK 31 kB URL HTTP/2 img.strpst.com/thumbs/1675893961/73697527
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 7ae0c948b856a2f46ac32fa3b4c08556
ca4415785172d5ebb9b155a0cabbfd783d978523
86659cc8b45477fd6960162a0d8276f567884ce8f6dc581d6a674c152a1da579
GET /thumbs/1675893961/73697527 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/jpeg
content-length: 31393
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=32946, status=webp_bigger
etag: "c2bb2d70b1d0f6b6df22df254c1e9bbe"
last-modified: Wed, 08 Feb 2023 22:05:34 GMT
cf-cache-status: HIT
age: 60
expires: Wed, 08 Feb 2023 22:37:38 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade7cf070afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/px.gif?akey=266b4922b628e301b635443fceb60cc0
35.156.167.37307 Temporary Redirect 0 B URL HTTP/2 simplewebanalysis.com/px.gif?akey=266b4922b628e301b635443fceb60cc0
IP 35.156.167.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px.gif?akey=266b4922b628e301b635443fceb60cc0 HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/gif
content-length: 0
location: https://professionalswebcheck.com/dbs?uuid=03ebbc09-07d7-4452-98ef-a0361a176224&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjozLCJhY3VzIjoxLCJhY2kiOnsgIjE2NSI6MTY3NTg5NDA1OH0sImFjY2wiOnsgIjIwLDEiOjE2NzU4OTQwNTh9fQ.ka7wgcFPCk-u-DFa1JFOHoljAEvazkmVn2gFKQQbRz4
server: nginx/1.17.6
set-cookie: uid_id2=03ebbc09-07d7-4452-98ef-a0361a176224:3:1; expires=Sat, 05 Feb 2033 22:07:38 GMT; secure; SameSite=None
ak=165,1675894058; expires=Tue, 09 May 2023 22:07:38 GMT; secure; SameSite=None
acl=20,1,1675894058; expires=Tue, 09 May 2023 22:07:38 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 22:07:38 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2
professionalswebcheck.com/dbs?uuid=03ebbc09-07d7-4452-98ef-a0361a176224&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjozLCJhY3VzIjoxLCJhY2kiOnsgIjE2NSI6MTY3NTg5NDA1OH0sImFjY2wiOnsgIjIwLDEiOjE2NzU4OTQwNTh9fQ.ka7wgcFPCk-u-DFa1JFOHoljAEvazkmVn2gFKQQbRz4
35.156.167.37200 OK 7 B URL HTTP/2 professionalswebcheck.com/dbs?uuid=03ebbc09-07d7-4452-98ef-a0361a176224&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjozLCJhY3VzIjoxLCJhY2kiOnsgIjE2NSI6MTY3NTg5NDA1OH0sImFjY2wiOnsgIjIwLDEiOjE2NzU4OTQwNTh9fQ.ka7wgcFPCk-u-DFa1JFOHoljAEvazkmVn2gFKQQbRz4
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /dbs?uuid=03ebbc09-07d7-4452-98ef-a0361a176224&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjozLCJhY3VzIjoxLCJhY2kiOnsgIjE2NSI6MTY3NTg5NDA1OH0sImFjY2wiOnsgIjIwLDEiOjE2NzU4OTQwNTh9fQ.ka7wgcFPCk-u-DFa1JFOHoljAEvazkmVn2gFKQQbRz4 HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forgoodplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:38 GMT
content-type: image/gif
content-length: 7
server: nginx/1.17.6
set-cookie: uid_id2=03ebbc09-07d7-4452-98ef-a0361a176224:3:1; expires=Sat, 05 Feb 2033 22:07:38 GMT; secure; SameSite=None
ak=165,1675894058; expires=Tue, 09 May 2023 22:07:38 GMT; secure; SameSite=None
acl=20,1,1675894058; expires=Tue, 09 May 2023 22:07:38 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 22:07:38 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2
c.statcounter.com/t.php?sc_project=12759162&u1=42086E6EC9DF4FED6A380DDA90EDA386&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=r&rdom=xingfu.icu&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//www.xingfu.icu/&u=https%3A//xingfu.buzz/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99-%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E5%8F%91%E5%B8%83%E9%A1%B5&invisible=1&sc_rum_e_s=922&sc_rum_e_e=934&sc_rum_f_s=0&sc_rum_f_e=893&get_config=true
104.20.218.77200 OK 0 B URL HTTP/2 c.statcounter.com/t.php?sc_project=12759162&u1=42086E6EC9DF4FED6A380DDA90EDA386&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=r&rdom=xingfu.icu&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//www.xingfu.icu/&u=https%3A//xingfu.buzz/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99-%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E5%8F%91%E5%B8%83%E9%A1%B5&invisible=1&sc_rum_e_s=922&sc_rum_e_e=934&sc_rum_f_s=0&sc_rum_f_e=893&get_config=true
IP 104.20.218.77:0
GET /t.php?sc_project=12759162&u1=42086E6EC9DF4FED6A380DDA90EDA386&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=r&rdom=xingfu.icu&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//www.xingfu.icu/&u=https%3A//xingfu.buzz/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99-%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E5%8F%91%E5%B8%83%E9%A1%B5&invisible=1&sc_rum_e_s=922&sc_rum_e_e=934&sc_rum_f_s=0&sc_rum_f_e=893&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xingfu.buzz
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc12759162.1675894057.0; SameSite=None; Secure; Expires=Tuesday, 08-Feb-2028 06:07:37 PST; Path=/; Domain=.statcounter.com
is_visitor_unique=1675894057404258233; SameSite=None; Secure; Expires=Saturday, 08-Feb-2025 06:07:37 PST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://xingfu.buzz
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967ade31ee00b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ccjzuavqrh.com/get/1944065?zoneid=1944065&jp=_clyxan2bbq7rlzwljwr5y5&nojs=0&ix=0&abvar=29&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7709655767795797
62.122.171.6200 OK 0 B URL HTTP/2 ccjzuavqrh.com/get/1944065?zoneid=1944065&jp=_clyxan2bbq7rlzwljwr5y5&nojs=0&ix=0&abvar=29&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7709655767795797
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1944065?zoneid=1944065&jp=_clyxan2bbq7rlzwljwr5y5&nojs=0&ix=0&abvar=29&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7709655767795797 HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=230208170758b1af0747a24746a83b66372e; Path=/; Expires=Thu, 08 Feb 2024 22:07:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
twistconcept.com/index.min.js?pk=266b4922b628e301b635443fceb60cc0
104.21.86.46200 OK 0 B URL HTTP/2 twistconcept.com/index.min.js?pk=266b4922b628e301b635443fceb60cc0
IP 104.21.86.46:0
GET /index.min.js?pk=266b4922b628e301b635443fceb60cc0 HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/javascript
last-modified: Thu, 07 Apr 2022 08:49:08 GMT
etag: W/"624ea584-28c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SR2RikPeKSbkhlQk%2BYC%2FlPZhGBp063%2FzUCv4w%2BinMUTodpHNEEfv%2FYObY70HTohRglqBWaatqYuKAJnaeO3nNE97XmH8yhuc2A5%2BbE%2FxqU3jrV8puYN1X1zuEPSrWroszbe1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ade548fb0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.xingfu.icu/
172.67.164.74200 OK 0 B IP 172.67.164.74:0
GET / HTTP/1.1
Host: www.xingfu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:34 GMT
content-type: text/html
last-modified: Tue, 13 Dec 2022 16:47:50 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciKMQP%2Bxk7FkFDrnDl%2FI%2BlOb1I%2FZ3QZjNirpwnYQPEs2K3se4a%2FwQxK%2BqnM6V7IzJP99NvM6T8Z0sJmWXT%2FlDxGUHGvJq9XPu9Q80FhEytFMT%2F5KCyb9p44bBKAK2nv%2B2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967adcf7c1c1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.statcounter.com/t.php?sc_project=12759162&u1=6E54F443C9F74FB182EB661237E14F9D&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.xingfu.icu/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&invisible=1&sc_rum_e_s=1328&sc_rum_e_e=1338&sc_rum_f_s=0&sc_rum_f_e=1298&get_config=true
104.20.218.77200 OK 0 B URL HTTP/2 c.statcounter.com/t.php?sc_project=12759162&u1=6E54F443C9F74FB182EB661237E14F9D&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.xingfu.icu/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&invisible=1&sc_rum_e_s=1328&sc_rum_e_e=1338&sc_rum_f_s=0&sc_rum_f_e=1298&get_config=true
IP 104.20.218.77:0
GET /t.php?sc_project=12759162&u1=6E54F443C9F74FB182EB661237E14F9D&java=1&security=ae496903&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.xingfu.icu/&t=%E6%80%A7%E7%A6%8F%E5%8A%A0%E6%B2%B9%E7%AB%99%20%E6%9C%80%E6%96%B0%E5%9C%B0%E5%9D%80%E8%B7%B3%E8%BD%AC%E4%B8%AD...&invisible=1&sc_rum_e_s=1328&sc_rum_e_e=1338&sc_rum_f_s=0&sc_rum_f_e=1298&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xingfu.icu
Connection: keep-alive
Referer: https://www.xingfu.icu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:35 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc12759162.1675894055.0; SameSite=None; Secure; Expires=Tuesday, 08-Feb-2028 06:07:35 PST; Path=/; Domain=.statcounter.com
is_visitor_unique=1675894055462594674; SameSite=None; Secure; Expires=Saturday, 08-Feb-2025 06:07:35 PST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.xingfu.icu
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967add40acab51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
xingfu.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.71.175200 OK 0 B URL HTTP/2 xingfu.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.71.175:0
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: xingfu.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:36 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 18:52:43 GMT
etag: W/"63e14c7b-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XaOvEFcwWcldw%2FZjA0PAp2aiiraavdXsrg%2FXJtDlHahE3zhG3QILS0UT7SFZwSGoKKovsCCWWgRVM15CxYZ40l5cEBmOj6tzvJPF2L9fs%2BiBsG7E7cFpHeDGgcEA9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967addfa8ceb529-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 10 Feb 2023 22:07:36 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ccjzuavqrh.com/lv/esnk/1944127/code.js
62.122.171.6200 OK 0 B URL HTTP/2 ccjzuavqrh.com/lv/esnk/1944127/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1944127/code.js HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 11:38:30 GMT
vary: Accept-Encoding
etag: W/"63e0e6b6-1a880"
x-js-ab1: var28
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ccjzuavqrh.com/lv/esnk/1944129/code.js
62.122.171.6200 OK 0 B URL HTTP/2 ccjzuavqrh.com/lv/esnk/1944129/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1944129/code.js HTTP/1.1
Host: ccjzuavqrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 11:35:37 GMT
vary: Accept-Encoding
etag: W/"63e0e609-1c688"
x-js-ab1: var27
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
www.statcounter.com/counter/counter.js
104.20.218.77200 OK 0 B URL HTTP/2 www.statcounter.com/counter/counter.js
IP 104.20.218.77:0
GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xingfu.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 11:47:55 GMT
etag: W/"63e23a6b-aa70"
expires: Wed, 08 Feb 2023 22:53:09 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 40465
server: cloudflare
cf-ray: 7967add35a03b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
forgoodplay.com/iframe/5ecd7b791e80c?iframe&ag_custom_domain=nbpp.bar
104.21.44.235200 OK 0 B URL HTTP/2 forgoodplay.com/iframe/5ecd7b791e80c?iframe&ag_custom_domain=nbpp.bar
IP 104.21.44.235:0
GET /iframe/5ecd7b791e80c?iframe&ag_custom_domain=nbpp.bar HTTP/1.1
Host: forgoodplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:37 GMT
content-type: text/html
set-cookie: c_2e3a3477945e708c944fd599d0e2e0c2=1; Expires=Thu, 09-Feb-23 22:07:37 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
z_3e0b4e9ca299999fd092c44147c6e3b1=1; Expires=Thu, 09-Feb-23 22:07:37 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dszCWriZejtYZN6V%2BfZ5ix0ss79MJsBwDBhQjEiefpyTAURfGVTCTwkvarEcDKwhMDXt36THuXZc37W4EPwcILikHEt6SmYzXTYmJ%2Bnl8nACpoOGSLE3oVeBDqPznbZqlSE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967ade2ccf2b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.19200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xingfu.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:07:36 GMT
content-type: application/javascript
etag: W/"399103e4fd49f2a2ded14428d20"
expires: Wed, 08 Feb 2023 19:22:27 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675895057
server: CDN77-Turbo
x-77-nzt: AblMCQ1/ihH/RyYAAA
x-77-nzt-ray: c0a4cc28e9cc58f1281de4634abdef39
x-cache: HIT
x-age: 9799
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2