Report - benevolentculminate.cn/usps/tb.php?yz=ys1664144835460

Report Overview

Submitted URL
benevolentculminate.cn/usps/tb.php?yz=ys1664144835460
IP
172.67.194.30
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-01 00:36:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.164.68.21
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	5.7 kB	104.18.20.226
cdn.jsdelivr.cc	323508	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	98 kB	172.67.151.125
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	38 kB	103.235.46.191
bonepa.com	905859	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	965 B	185.66.201.42
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	730 B	152 kB	142.250.74.72
uprimp.com	216873	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	925 B	1.7 kB	185.66.200.220
v00jtf.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	900 B	104.21.84.78
benevolentculminate.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	4.8 kB	172.67.194.30
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.77.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.89.255.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-01	medium	benevolentculminate.cn/usps/tb.php?yz=ys1664144835460	Phishing
2022-10-01	medium	benevolentculminate.cn/j/og2.js?_t=1664584554660	Phishing
2022-10-01	medium	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8	30 kB	2023-03-08	2023-03-08
Pretty URL hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 2eaf2524778f16d005f5e54b08fcb206 66f305968e9ef84d330828c49d03644aa948a00d 7147bf44f14c208e53944ec5604b4162f460cf5305a5c78592d65742d10f6a8d Loading...

	cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js	64 kB	2023-03-07	2024-04-20
Pretty URL cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js IP 172.67.151.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2024-04-20 23:30:44 Times Seen2408 Hash c99230d2575380d7f95ff626606d2426 df0920ee8df5e0a410c714946f22f36846a32a16 a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709 Loading...

	uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g	427 B	2023-03-08	2023-03-08
Pretty URL uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g IP 185.66.200.220 ASN #201702 skHosting.eu s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 17b4193a75af978b8aef9a1dae218f61 0495f3c15d73aa55c25b3e4605a1e8a81097186e 427479caee3d9ef5b84f5d1737fd6959e15db05111889622e74683aa84154f5b Loading...

	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	21 kB	2023-03-08	2023-03-08
Pretty URL v00jtf.cn/IUXHoHre/usps/?_t=1664584554815 IP 104.21.84.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 8137c73b336afaabd098b352a4b1feaf a23a4b6ce4d9405bfb98d921a3a2bbeb8c724bb4 9d302cc3c9d3af75c60a6a3abf34eb89427aa7032eea3c50f7a74ac239e3294b Loading...

	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	289 B	2023-03-07	2023-04-19
Pretty URL v00jtf.cn/IUXHoHre/usps/?_t=1664584554815 IP 104.21.84.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:40 Last Seen2023-04-19 07:54:55 Times Seen156 Hash 87dd64e953a58857154a65712ee76503 e741bb44bb1e0b052136235b67a3dbae8d04154d 9ab73ab5064c5f99421116dd127fe4e09178aa7c49ed282406227e8f3a5b6dc6 Loading...

	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	153 B	2023-03-07	2023-08-13
Pretty URL v00jtf.cn/IUXHoHre/usps/?_t=1664584554815 IP 104.21.84.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:40 Last Seen2023-08-13 05:27:55 Times Seen313 Hash f89f2abea47c87b0c53911fd5c57e2cd 8212dc5e0aa57db97863ac935ecd48e78bef6c93 f07ed966b46022ce34f82943bdfcbfe650e94de72e48554a68f1b9322f9a5619 Loading...

	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	153 B	2023-03-07	2023-08-13
Pretty URL v00jtf.cn/IUXHoHre/usps/?_t=1664584554815 IP 104.21.84.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:40 Last Seen2023-08-13 05:27:55 Times Seen385 Hash 364bd8f8f5ac961020da38fed6a7f257 8ff887b90f7145b34c383c149166f00ffc3b71b2 6a70ed1c5b6a7d6e01210d8ad432938c59953ce7dab1c21a7be8339d34099319 Loading...

	v00jtf.cn/IUXHoHre/usps/?_t=1664584554815	706 B	2023-03-08	2023-03-08
Pretty URL v00jtf.cn/IUXHoHre/usps/?_t=1664584554815 IP 104.21.84.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash fa1524f4a328e2760d0cfbd79a48db8f c6cda00763309eb44bf294dfb276c785001ebdb8 789bf178a1fddecb87f5910351b0ebd8d116327b86bbc1281a696e2e24f6ad1c Loading...

	benevolentculminate.cn/usps/tb.php?yz=ys1664144835460	396 B	2023-03-07	2023-04-05
Pretty URL benevolentculminate.cn/usps/tb.php?yz=ys1664144835460 IP 172.67.194.30 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:40 Last Seen2023-04-05 02:08:43 Times Seen66 Hash de61ca3b537d40f379c5275f9e1e0eb6 7456a6d855246d02119ee161809557b39e387db5 482802c1f1ddb9c7fcb559b97270915cb1d2f1dc1a222ba08bbff87d5c931973 Loading...

	cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js	73 kB	2023-03-07	2023-11-30
Pretty URL cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js IP 172.67.151.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2023-11-30 03:40:45 Times Seen2141 Hash 80924b62e5b3ac73aa4849776b439770 341572abd41f0ca4ec64eb0d61dff2fa864bbece 0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef Loading...

	cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js	21 kB	2023-03-07	2024-02-22
Pretty URL cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js IP 172.67.151.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2024-02-22 22:40:31 Times Seen2172 Hash 31c898c6d2ea13c30441657ff1900d81 926358fdd9da991539764240ab29de37391cdd57 e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6 Loading...

	bonepa.com/js/responsive.js	3.3 kB	2023-03-07	2023-03-08
Pretty URL bonepa.com/js/responsive.js IP 185.66.201.42 ASN #201702 skHosting.eu s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:56:40 Last Seen2023-03-08 04:33:09 Times Seen1 Hash c73b78ce175ab6d220bc9d36887cb801 bc235a64616537bd4efb2652c5333f24d764c4d5 d9d88d83a3f02dc448ce1c0abfee8d267bb3409266a34bd79cc28276afde195d Loading...

	v00jtf.cn/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-24
Pretty URL v00jtf.cn/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 14:55:40 Times Seen54794 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	www.googletagmanager.com/gtag/js?id=G-7XZKDKDNDT&l=dataLayer&cx=c	217 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-7XZKDKDNDT&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 6ddb15f9830ff1de5a75bc84e5bc9988 32ab4fa958566c1fcaa1c9c0b1f3b82b0b4b277a cffe30014a0ba07bad75dffd499a36cf3910b3d029abea813db44cc4f5bc5a1a Loading...

	cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js	4.8 kB	2023-03-07	2023-11-30
Pretty URL cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js IP 172.67.151.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2023-11-30 03:40:45 Times Seen1349 Hash dc6de9813c714ba99733ca4fb5d3a1fa 70ad9cf6787f5b640095afb3d1a8914b43da483d b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d Loading...

	www.googletagmanager.com/gtag/js?id=G-LW7434MYMN	214 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-LW7434MYMN IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:23 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 42290c7b1da8d9f62fb9e6adfea13c80 19657989e8541cb2f964cac44c56920925ef643a 9275e1d4126c1f464c0d08ccae70f0eaaa8afafbef37663ff625eb1d90ef6433 Loading...

	hm.baidu.com/hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4	30 kB	2023-03-08	2023-03-08
Pretty URL hm.baidu.com/hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash c18ef602a21f7f36fe405f203320c16e 9051be902916bcecae34d908f39f818eb5bc42b5 67653e1ed75cf7d4f97307724a0612188ec985535264a5699a707c4fad810642 Loading...

	benevolentculminate.cn/j/og2.js?_t=1664584554660	2.1 kB	2023-03-07	2023-05-13
Pretty URL benevolentculminate.cn/j/og2.js?_t=1664584554660 IP 172.67.194.30 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:40 Last Seen2023-05-13 08:10:15 Times Seen78 Hash a2aba2e9fbba54130583d9e60732584a d79bcf7999954159381992e2ba5f3c3c6d3520c4 ff399ce0e73811942164279fbe3a4c16b016e7a3b8098d0173e732c19c5c1d4c Loading...

	cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js	90 kB	2023-03-07	2024-04-23
Pretty URL cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js IP 172.67.151.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2024-04-23 19:43:15 Times Seen5977 Hash 3e4bb227fb55271bfe9c9d4a09147bd8 156837f75f6600ccb602b4efcbd393636c33f35e ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127 Loading...

	www.googletagmanager.com/gtag/js?id=G-0C230YDF7G	214 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-0C230YDF7G IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 146da4cfd08b8244e7f3c27da5d78896 1f23fb9a2163fbd375765fa9fce9922b6ae5c4d3 2a519c6900615555958945d7273657459758710074f8202e9eb87d715f400134 Loading...

	hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204	30 kB	2023-03-08	2023-03-08
Pretty URL hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 3f88bd99e59bd58eab9c4ec3931642e5 0abcf642c8ae0543609f8c45c33bd92b7ec7a095 63d6064dbaccadd04275e180d478b57bddec7dd21de08013d5fbebf195cca5ee Loading...

	hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6	30 kB	2023-03-08	2023-03-08
Pretty URL hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash 4ab20ffe3455e901c60482aec482d504 890b9c76d71d0977d251434689101dcaa883e82e 6d49d4440e191cad01269a9e0fdbfa792504566471e5748422f025202ad27bb6 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2bdca4742b90dc8baafd83f973e32126	1.1 kB	2023-03-07	2023-11-30
Pretty Observations First Seen2023-03-07 01:02:21 Last Seen2023-11-30 03:40:45 Times Seen1229 Hash 2bdca4742b90dc8baafd83f973e32126 0bf64d92a304e9b623e6b6bc23254ff6a68bf32f dcc5c06f0c04f18293f2ce37777d07a16b2a5610b5fc8c05e15538b67cec2650 Loading...

		Size	First Seen	Last Seen
	#1 Write - b4e2c0eced46f131ec5ee2289fbd0345	361 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 04:01:27 Last Seen2023-03-08 04:01:27 Times Seen1 Hash b4e2c0eced46f131ec5ee2289fbd0345 1e34170273c72dfee51138a09226b4e38e083ba6 6d426826868d48936e6d3a245f7b5ab6000b233ce93b9bcbcdd6955e6205f88f Loading...

HTTP Transactions (54)

URL IP Response Size

benevolentculminate.cn/usps/tb.php?yz=ys1664144835460

172.67.194.30

200 OK

558 B

URL HTTP/1.1
benevolentculminate.cn/usps/tb.php?yz=ys1664144835460
IP
172.67.194.30:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF line terminators
Size
558 B (558 bytes)
Hash
1d64a2f8771d604a8561a6907b0a9374
5dc805e01cccecbd67322a9538b26f36d3607357
8806561a1de4b06f0085c55feec0e2bd043f6826ce14db37de20f56656c921be

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usps/tb.php?yz=ys1664144835460 HTTP/1.1
Host: benevolentculminate.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcSh%2BZrt4bS58XCtbsf8w3Yj%2BsdLs9VCG2fov2nIhER4TLtioWSSz%2FQZpZIE8BlXsHyaUqm6R4%2BZhrazZX0%2FDVIosmnevxOCQvVJhf56RJYC8Olko%2FVn103eTHndYdM0CN8zDWq%2FnAEg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311f0cbdf7b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

18.164.68.21

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.164.68.21:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 00:02:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 73afe8565c6794e933a665f6672c4b12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: DV7OCfy4Xhuq1hTC0TcX3gyBv3h5aq80GbuQaptZ3oUIGv0I5CuVqg==
Age: 2019

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8490
Expires: Sat, 01 Oct 2022 02:57:27 GMT
Date: Sat, 01 Oct 2022 00:35:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4a22d2eb50abe339ba0b974642de3650
af15bc424a715a3b8d77e4948a9e152a3ba87ede
dff04734315b51fc11069e2d21b5be37b03d28ad01986e1ae2c96afc6ba31859

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFF04734315B51FC11069E2D21B5BE37B03D28AD01986E1AE2C96AFC6BA31859"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9999
Expires: Sat, 01 Oct 2022 03:22:36 GMT
Date: Sat, 01 Oct 2022 00:35:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: azR1u0xHaSKNFlSz3S1/ul9GdBmIUmERtBp5uQbSrIoeiR1eh/qJnndjbWqlUVb4QMWVl6ZzlnQ=
x-amz-request-id: CTH3YXWNCNQYSK98
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Sep 2022 23:51:38 GMT
age: 2659
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 00:35:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

benevolentculminate.cn/favicon.ico

172.67.194.30

200 OK

455 B

URL HTTP/1.1
benevolentculminate.cn/favicon.ico
IP
172.67.194.30:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
455 B (455 bytes)
Hash
3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: benevolentculminate.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benevolentculminate.cn/usps/tb.php?yz=ys1664144835460

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:58 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4GVtSU1RvtfuNybEt8eg6PDgeHI56AUOzwN7vDxW7cm07UbkTPRWth3MFsC7YjMgd8cPdJj2LnY0C8QNyTTxNdIETRD%2FEzCoMnVze3%2BGNJWCNcn7RDB9Ah319bhMFPab9KkvpXLZ0SX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311f0f0f07b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

benevolentculminate.cn/j/og2.js?_t=1664584554660

172.67.194.30

200 OK

942 B

URL HTTP/1.1
benevolentculminate.cn/j/og2.js?_t=1664584554660
IP
172.67.194.30:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
942 B (942 bytes)
Hash
bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /j/og2.js?_t=1664584554660 HTTP/1.1
Host: benevolentculminate.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benevolentculminate.cn/usps/tb.php?yz=ys1664144835460

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Jun 2022 06:57:07 GMT
Vary: Accept-Encoding
ETag: W/"62a43cc3-850"
Expires: Sat, 01 Oct 2022 12:35:58 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NehD06XRYtjP1WTAWJ6gssB5%2BNdnOUOwaEnLkDUQEZjCpBmbgF7Rr8Hgp%2BD6EFVJw2li69fGhp9X0LTL6I%2BUqzmvZ5tR5v1HffXnPn%2BAWMVUvrwUDjku45MyPr6wCdwb5vBMP0dL4jci"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311f0faf5cb517-OSL
alt-svc: h2=":443"; ma=60

benevolentculminate.cn/j/og2.php?_t=1664584554762

172.67.194.30

200 OK

92 B

URL HTTP/1.1
benevolentculminate.cn/j/og2.php?_t=1664584554762
IP
172.67.194.30:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
8f0b2c6917afafbd5073669fa8c52e36
9ac6470e911b3ae6bfa5b77797d082b33791d186
5b632af2265d07d19df95540c23448736e1fdc04be532b33329d02c5954041c6

HTTP Headers

POST /j/og2.php?_t=1664584554762 HTTP/1.1
Host: benevolentculminate.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 43
Origin: http://benevolentculminate.cn
Connection: keep-alive
Referer: http://benevolentculminate.cn/usps/tb.php?yz=ys1664144835460

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:58 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJsP%2FqIG%2Fck%2Fa7SWoKwXxoVTf1c1cK3aZaILi81radY%2B3TpiSOVnIExnxOTenm2osFRRR0Zrk6QyRR1%2B%2BxdQYJc2cEOt6n6Qt04EE0WHUnQ9vPPajhASovyumStVLGOgnX6mO8kjRGcZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311f103faeb517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48c4fa74c2e28d77b9c120f763f5ed80
d8bb96d28fd4d028f842b2b36daa3b405d33a8bb
63730426cfa6a1a756498023b225c09ac3293ba65df180e974887f05ff231f5b

HTTP Headers

POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/J9SXWUI3FKg
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48c4fa74c2e28d77b9c120f763f5ed80
d8bb96d28fd4d028f842b2b36daa3b405d33a8bb
63730426cfa6a1a756498023b225c09ac3293ba65df180e974887f05ff231f5b

HTTP Headers

POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.164.68.21

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.164.68.21:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 00:12:22 GMT
Expires: Sat, 01 Oct 2022 00:14:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c3ac810888cb46ee4166354c2171bcde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: x5K7g6sFPk6kveOZhyEWB-RkKugEh3Ke_coDnzS-VZlOsEU5DAyPOQ==
Age: 1416

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ea79071e8195e36ab87e7d65f9e8a383
d9ea0080a19d01f2aa78595a51a0a38d9427f898
a3bdece4977eef2f175183d0190f765f712fa27861066e9323fbe6995c839c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
f045f16f15e7b03b09aa600075bdd840
aca1c5e5cca09941e92601d14e86b4b836b720a1
6656beff5795516adee01f46de6d2f0c427beed3ce69ac091feedf8d6d1ee408

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:58 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "07C7121E9D8A39FC0CB4D5338D9885223ACD3895"
Expires: Sat, 01 Oct 2022 11:00:00 GMT
Last-Modified: Fri, 30 Sep 2022 23:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2837
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311f131f59b4fa-OSL

cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js

172.67.151.125

200 OK

32 kB

URL HTTP/2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65446), with CRLF line terminators
Size
32 kB (32423 bytes)
Hash
244ce40409a61245a81253b86a7657d3
1d3905f028ae7bbf0dac95fc7f55885a9f43f042
ce7c8c1bf480dda130d6c03e4e7e462183d50a9f09b82eed7edff508338d3f11

HTTP Headers

GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Sat, 01 Oct 2022 00:17:35 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1NbitoSltahKfNgJyY5h%2BxAGjdEF4UGUr4g2Eytbfg73dtlrpbsvkGBlN6lJsUDLycqrXKTLoO%2BGeSo6xT9Skw%2BejktR4X1X4pDauZk1bNfLRy1NCU9aziJHdO%2BQ4aYgK1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f12de0db51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js

172.67.151.125

200 OK

2.5 kB

URL HTTP/2
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4720), with CRLF line terminators
Size
2.5 kB (2505 bytes)
Hash
99808d2fb5edc2bd23be1c3e6285c596
f40dd347e7c8ee7e983bd41f195f101e3a3fadc5
9f0e1b80d1a22dcf2f28f14c782cf176e2f5ab3eddc4a230bb47990cb33f0ba5

HTTP Headers

GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdsQwI6S5jC2ZwwNbaEnMvjelWJ3GXYdnwkp6yGGRsWcMv2CGKN45430-s2v57JOsXldQJq3rMwQOTmm_DkHtW4
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 01:11:55 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NisWMOcTxM8R9UXOuJyiN6k4ar9uIVfJiUAA0SWkLuzycQC44jeXA66uul8gXZWiniDa2sgUkcxwIFGrjGxang8uS9IGSkGvOJtxQQdX9f68399riT%2FT2dW%2FQ%2Bga9ljBZkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f12de15b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js

172.67.151.125

200 OK

20 kB

URL HTTP/2
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (48058), with CRLF line terminators
Size
20 kB (20088 bytes)
Hash
8f224c16d4464f4e28e59c304d397637
cea2ed34c8c4d9fea83371791a4c679227846c33
a716ce613e2a5cc4162b8dc4e37ffea5d6960b641b0b8beb9c4816724e9ebd32

HTTP Headers

GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycds_5oPtcr3KFpC_u7Lnvdlqz8VeCGxAgHcXFP3zMljDMh6Q0ifyAwrLV7e0dbEbUBwQbF9kY0g0GrHWdqicRh8
expires: Sat, 01 Oct 2022 00:44:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6KkYrkIDA%2BWhDvA0FCYz5IRyZiRXa%2FRgnNPD6EscaSWrKT9%2F4ijRfwzGRFVOMrHxxs%2BJZvN%2FunyPSWy5w%2Bw8iS2qYJ8TVb0cL1n8Qwa8VUKttRkciwEvM7evx8HIA6FQGeg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f12de12b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-0C230YDF7G

142.250.74.72

200 OK

75 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (18966)
Size
75 kB (75038 bytes)
Hash
858521482858b8a8068fdf7866ac18b8
73bcc640f71c7780c187f9fe20cb208727d104d9
8f3f86ba2e3ae637a58c39b1074df526b303b87c7b1e6bb2bac8d710634a46c2

HTTP Headers

GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 00:35:58 GMT
expires: Sat, 01 Oct 2022 00:35:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75038
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b7672b641dbc52b00c4b7fb26a66007
3a31407c73e7ff4e1f5980146910b0d55da655f6
d3261eef738122d9c022fae94003c6786bcf6cd05498af7edf766ba72de6947e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3261EEF738122D9C022FAE94003C6786BCF6CD05498AF7EDF766BA72DE6947E"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12390
Expires: Sat, 01 Oct 2022 04:02:28 GMT
Date: Sat, 01 Oct 2022 00:35:58 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ea79071e8195e36ab87e7d65f9e8a383
d9ea0080a19d01f2aa78595a51a0a38d9427f898
a3bdece4977eef2f175183d0190f765f712fa27861066e9323fbe6995c839c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
16d3657391e3777cbd5ae9351d93cdcd
365fae278608b67a56ecffa609f48b8d751612d7
1d923f44f9347867c282b6a139724a140c54b865f61d0bc001d73187c1467705

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Sat, 01 Oct 2022 03:49:17 GMT
Date: Sat, 01 Oct 2022 00:35:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
16d3657391e3777cbd5ae9351d93cdcd
365fae278608b67a56ecffa609f48b8d751612d7
1d923f44f9347867c282b6a139724a140c54b865f61d0bc001d73187c1467705

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Sat, 01 Oct 2022 03:49:17 GMT
Date: Sat, 01 Oct 2022 00:35:58 GMT
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=G-LW7434MYMN

142.250.74.72

200 OK

75 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (18966)
Size
75 kB (75100 bytes)
Hash
cb1e95d304afa08c04c078c7f7a952aa
b42b72c1ff9f0af80fc15d968193a918324abc97
644f07b8a3b2b1f92c3c6ef01e4f952ff0af8797e72012ef75397dcedeb4e9e8

HTTP Headers

GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 00:35:58 GMT
expires: Sat, 01 Oct 2022 00:35:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5122e4e90dbec75b210b4ecb32441966
0ee24da64bfdf35ed16af732ac75128d617b4bd0
d1b1c22a750abac917f9036a9db2ddf59b7cc1fc63a819853b5ddc348805c4df

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1B1C22A750ABAC917F9036A9DB2DDF59B7CC1FC63A819853B5DDC348805C4DF"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6763
Expires: Sat, 01 Oct 2022 02:28:41 GMT
Date: Sat, 01 Oct 2022 00:35:58 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ea79071e8195e36ab87e7d65f9e8a383
d9ea0080a19d01f2aa78595a51a0a38d9427f898
a3bdece4977eef2f175183d0190f765f712fa27861066e9323fbe6995c839c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 00:35:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.89.255.30

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.255.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cVCQDm6LJG47KnitVzwY2Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jUONInVyR/HeylDVzMXV2hoYtvM=

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
93e7f95bd59cb31915d4649b5dbc8483
8d36e40757209d2590d26ec69a9cddac53c972d3
935875928c2a1bbe9d2db83d9266ee2934f0919f04d8d6ce0e48354668b261d4

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 04 Oct 2022 22:11:26 GMT
ETag: "8d36e40757209d2590d26ec69a9cddac53c972d3"
Last-Modified: Fri, 30 Sep 2022 22:11:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1673
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311f18eaadb4fa-OSL

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
93e7f95bd59cb31915d4649b5dbc8483
8d36e40757209d2590d26ec69a9cddac53c972d3
935875928c2a1bbe9d2db83d9266ee2934f0919f04d8d6ce0e48354668b261d4

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 00:35:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 04 Oct 2022 22:11:26 GMT
ETag: "8d36e40757209d2590d26ec69a9cddac53c972d3"
Last-Modified: Fri, 30 Sep 2022 22:11:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1673
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311f18ffe5b4fd-OSL

uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g

185.66.200.220

200 OK

930 B

URL HTTP/2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP
185.66.200.220:0
ASN
#201702 skHosting.eu s.r.o.

File type
data
Size
930 B (930 bytes)
Hash
f77df422c706d5192b8dd4a0c3fb16b4
ce98289cae6a0b933cf274d15d7414d1f85e1479
eeeca37a4cc0d2720c1db5358446351ff0d71fd4b458e0cd9eeb6ce5cc0bca96

HTTP Headers

GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: application/javascript
expires: Sat, 01 Oct 2022 00:35:58 GMT
last-modified: Sat, 01 Oct 2022 00:35:58 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4758
Expires: Sat, 01 Oct 2022 01:55:18 GMT
Date: Sat, 01 Oct 2022 00:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4758
Expires: Sat, 01 Oct 2022 01:55:18 GMT
Date: Sat, 01 Oct 2022 00:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4758
Expires: Sat, 01 Oct 2022 01:55:18 GMT
Date: Sat, 01 Oct 2022 00:36:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f707500-bb78-464b-8e9e-2668be34caad.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f707500-bb78-464b-8e9e-2668be34caad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12024 bytes)
Hash
63b4a02eebad3106bb8e99f215914517
cb342453361e167efb495b22a3ce3d3c21e7742f
328ddf664fb20bf69e7ba70e8105a5dee0821238b28da55d112d5ea387c1d06f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f707500-bb78-464b-8e9e-2668be34caad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12024
x-amzn-requestid: 1e64f9da-2a35-4629-a7e9-9b0738c7c172
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65THQ-IAMFYWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-160e7397241a05bb638cd47d;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0MC3mLDLxSn-9vHW4vaEysK2Xz9apPi9m-nvz5gKQyVmuU9HC-hQKQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 03:52:06 GMT
age: 74634
etag: "cb342453361e167efb495b22a3ce3d3c21e7742f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10201 bytes)
Hash
4be456dbe857580c7b4c7fca3936e04e
49798c4a15545a49f3870b2a16af78dbf8e168cc
23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CueKD4mKZFXrPdwSOtYV3muaegRDOA632EztOt22qrk0Qd2yj1oPkg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:57:18 GMT
age: 9522
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8269 bytes)
Hash
574cd0b975349cc445e798136863c8a0
74c20bb0c312988822deb9d46b20e4642357fbd7
62d6448a8da1ed783761e1e966c3f03f2d9b4351e04e13e71e330e4cce465fc4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8269
x-amzn-requestid: 2ff31dda-d215-42fb-a439-de67799ebeb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8dqPFvQIAMFxlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e7641-2c2e3443499003525414587b;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: btbI_vFcRysDsOGN3zHGO3PEnzCG8XZyV7E65PB1bwBab86rJM79ZQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:06 GMT
age: 8394
etag: "74c20bb0c312988822deb9d46b20e4642357fbd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8091 bytes)
Hash
9466667cfaaedbb374259e8fb8dd63e3
0cd9a66508c343b43b095ac7f550919ec35097d3
bb70996bea518ba4ddc2c269e9a7c9bea3a9c91fed124a29570828b89250764c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 78ccaa77-230e-4aa1-a409-7b2a444df9ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF_OIAMFpdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-0384396f2ed848bc1c17e1b7;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G75a-PITD4Wmlxxk_rrpRWNytSGNZlrL_JeoR4A_w6vshDkmRlouPw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:05 GMT
age: 8395
etag: "0cd9a66508c343b43b095ac7f550919ec35097d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46fd1600-2a91-4b2c-8b8b-5f8bdd64364a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3885 bytes)
Hash
0de8b7bbf1fbb1da9d346d6995a7b7a4
0ff6e67904c9e00a4e3dda9e5ef2007ec7426018
9c1e15fd02fb1129821410b33b60b3fede2338f7971bfd93b1547d12255d840b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46fd1600-2a91-4b2c-8b8b-5f8bdd64364a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3885
x-amzn-requestid: 6e42fb31-7c36-4551-b124-b4a31807a223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDlUaFjXIAMFbrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314f4f-54e426f20cdec55272e3b9ec;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 07:05:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -eraUd3Mk8fl-_TOcX2W60PcXq8L4I0gD7yCQdjmPOIHvSZov1zd-A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 14:30:39 GMT
age: 36321
etag: "0ff6e67904c9e00a4e3dda9e5ef2007ec7426018"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F560edc86-1e97-4593-b97a-0e5e481931eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11373 bytes)
Hash
05fe3ce0222762233d97a00a63dc8960
2b18eae551b2a537b6f839cf97ba6eff6d1b7d07
69c2d96e2c3543cded0e4778d3e1206d7a2fff7ede92c1437bb7b66d4363596e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F560edc86-1e97-4593-b97a-0e5e481931eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11373
x-amzn-requestid: 63c9c5f9-ab5b-447c-9837-a20ae37cefc9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLlMEq6oAMFRXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f2ed-36d33fe66aec59b477696c26;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QSCSEPZCfx7H19whFgxP2kAGKYDcqBv6dEIstTnzKmZHxzpkTFZr1Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 12:08:44 GMT
age: 44836
etag: "2b18eae551b2a537b6f839cf97ba6eff6d1b7d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (667)
Size
11 kB (11380 bytes)
Hash
b389c7b12cd4c6248b64de60e030b195
e0681b234979e36eaa85036a96f79ac854aedbb8
012737324fa6e194137e649a1677d8b56cb9992a61aa3d0bc421f88a40657a41

HTTP Headers

GET /hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11380
Content-Type: application/javascript
Date: Sat, 01 Oct 2022 00:36:00 GMT
Etag: 052c716795c6bcf745df7c0f6d9e6ca2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C0E112C918EBF410; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css

172.67.151.125

200 OK

36 kB

URL HTTP/2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65321), with CRLF line terminators
Size
36 kB (36405 bytes)
Hash
1bd4854a80ed5404566eb100e1e8fc01
dcbc4ea90a9c451ea7923ddc6e380ba2ab4c9719
5fc6325182bd7a254cc099ba159f2adddbf34ef6e027cabc1b1c2ede5135cf89

HTTP Headers

GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/css
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Sat, 01 Oct 2022 01:11:17 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZajHr%2Bhc5G7%2Bz9AYgGPgQ6iqgUU009auvtQeb%2BLknTXCGYTEN3kwNh0KZuFCuP3Vzmnr0vudajhYZ62nNqw9yLi7KTVAtUfcOwsy21MYyYQfXZfH0ijT7eWzJezGvZVtWTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f12bdf4b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (628)
Size
11 kB (11341 bytes)
Hash
86e198d35ea11fe2026b925d447f9fda
3f6885719d600e4d932be7b784c5e2bfb0283889
ea6dc1cb294115508376e08ef4dc0f2451f89f6bd17b58e7c406dba266f51afc

HTTP Headers

GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11341
Content-Type: application/javascript
Date: Sat, 01 Oct 2022 00:36:00 GMT
Etag: e9ed7faa61e0e485221fd101b40c75a9
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0F6C3B510FD067E0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?957de4d70bf7b7be33bc859d43ad70c6
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11346 bytes)
Hash
5070b74cf578860c1d0040c8ba06aa3e
cf69e8375da971a2ffce65d1111167013dd513bd
e172534962dc6fe4bd26964a3ad89f151c32ba9e4e37db9a0d5cf2824dfcea37

HTTP Headers

GET /hm.js?957de4d70bf7b7be33bc859d43ad70c6 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11346
Content-Type: application/javascript
Date: Sat, 01 Oct 2022 00:36:00 GMT
Etag: 3ff1946899f3909a576c2405dde94878
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=37A6549AB0FF4CE8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584557&rnd=121717064&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61092&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584557&rnd=121717064&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61092&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584557&rnd=121717064&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61092&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 00:36:00 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8C870A4E1F3623FB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=1469335819&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=1469335819&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=1469335819&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 00:36:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DBF4A1C58848474C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=2087950713&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=2087950713&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=2087950713&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 00:36:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8B6BE8DB37B0A1E8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=405340973&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=405340973&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584558&rnd=405340973&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Fbenevolentculminate.cn%2F&v=1.2.97&lv=2&sn=61093&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584554815%231664584555964 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 01 Oct 2022 00:36:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A444ED40D6A4AC87; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

v00jtf.cn/IUXHoHre/usps/?_t=1664584554815

104.21.84.78

200 OK

0 B

URL HTTP/2
v00jtf.cn/IUXHoHre/usps/?_t=1664584554815
IP
104.21.84.78:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /IUXHoHre/usps/?_t=1664584554815 HTTP/1.1
Host: v00jtf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benevolentculminate.cn/
Cookie: _ga_SE17BSYYVD=GS1.1.1664580882.1.0.1664580889.0.0.0; _ga=GA1.1.199580036.1664580882; _ga_LW7434MYMN=GS1.1.1664584347.2.1.1664584524.0.0.0; _ga_0C230YDF7G=GS1.1.1664584347.2.1.1664584524.0.0.0; Hm_lvt_b1ebd0cde90f0657589b5fd0eaf7d423=1664580884; Hm_lvt_bbb3e86814c9ceef66d180a6c15fa17d=1664580885; Hm_lvt_8b68846a3ac1709b0ec7199084ee5ea8=1664580885,1664584349,1664584518; Hm_lvt_ba99808308e7272d58c43367a11d1204=1664580885,1664584349,1664584518; pType=mo; _ga_7XZKDKDNDT=GS1.1.1664584347.1.1.1664584524.0.0.0; Hm_lvt_957de4d70bf7b7be33bc859d43ad70c6=1664584349,1664584518; Hm_lvt_5bc34d9a0b7ef4a641f623683ea4f5e4=1664584349,1664584518
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pType=mo; expires=Sat, 01-Oct-2022 00:47:58 GMT; Max-Age=720; path=/; domain=v00jtf.cn
usps-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn
usps-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWAH78jRgqRWKF5sSSS3spSaO48lYYfjYSDem7RC%2BYSjri9Lk7hEcAPGSnjaQ2x%2B4kbe5cfTnSHR2Q7%2B526rWxKJ1MTzK%2BkZE8jR8spJor8xPmw%2BEwYZ0oFmsPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75311f10e9500b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166458455823143&xtt=220558

185.66.200.220

200 OK

0 B

URL HTTP/2
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166458455823143&xtt=220558
IP
185.66.200.220:0
ASN
#201702 skHosting.eu s.r.o.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166458455823143&xtt=220558 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/html; charset=UTF-8
expires: Sat, 01 Oct 2022 00:35:58 GMT
last-modified: Sat, 01 Oct 2022 00:35:58 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2

bonepa.com/4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_5458&maxw=0

185.66.201.42

200 OK

0 B

URL HTTP/2
bonepa.com/4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_5458&maxw=0
IP
185.66.201.42:0
ASN
#201702 skHosting.eu s.r.o.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_5458&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Cookie: shown1=0; total_impressions=3; used_ad2633278=1; used_c_51856=1; used_ad2633647=2; used_c_51865=2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 00:36:01 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Sun, 02-Oct-2022 00:36:01 GMT; Max-Age=86400; secure; SameSite=None
used_ad2706762=1; expires=Sat, 01-Oct-2022 03:59:59 GMT; Max-Age=12238; path=/; secure; SameSite=None
total_impressions=4; expires=Sat, 01-Oct-2022 03:59:59 GMT; Max-Age=12238; secure; SameSite=None
used_c_55917=1; expires=Sun, 02-Oct-2022 00:36:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2

cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js

172.67.151.125

200 OK

0 B

URL HTTP/2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Sat, 01 Oct 2022 01:11:34 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dul0aWuvJ68NhXUUrViq5hk9y8U6%2FSGz%2B0%2FtuufZMzAoGEH63rmqM2ky9VKn9uXT6bUNQOVu4fMCrpdVxMpQxH%2FqesJLwERtkOdiRV0ZGw0A27%2Fqs56SsVizPWkfQeKOGqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f130e32b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js

172.67.151.125

200 OK

0 B

URL HTTP/2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP
172.67.151.125:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Sat, 01 Oct 2022 00:57:48 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZTBeSKvFxhXf%2By6%2FKEyuH25Jk3eCXC7WcaSBb9GiEc7aQJCM7jsPbpLf5pJDeBaCuPMPzFsU3SuJKO3JldMl08zWV64HnOqAJvAmH6ofqfOWugsXmoOrUBDfguP3K7sAaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311f12de0fb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bonepa.com/js/responsive.js

185.66.201.42

200 OK

0 B

URL HTTP/2
bonepa.com/js/responsive.js
IP
185.66.201.42:0
ASN
#201702 skHosting.eu s.r.o.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Cookie: used_ad2633278=1; used_c_51856=1; used_ad2633647=2; used_c_51865=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 00:35:58 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 17:57:57 GMT
etag: W/"6329ff25-cd3"
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations