r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5799
Expires: Fri, 25 Nov 2022 04:05:29 GMT
Date: Fri, 25 Nov 2022 02:28:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 467
Cache-Control: max-age=115808
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:50 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 10:38:58 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 02:17:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 687
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8255
Expires: Fri, 25 Nov 2022 04:46:25 GMT
Date: Fri, 25 Nov 2022 02:28:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6i+5gcPhd1Py93z1jZiNAc1i1xuhIMyb937TvupMifJpXykShkfSqEBQvP0DoBdYxbuyBphYnG4=
x-amz-request-id: BMM827YTCCCMTH5H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 01:43:38 GMT
age: 2712
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:28:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
154.197.149.237200 OK 787 B URL HTTP/1.1 www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
IP 154.197.149.237:0
ASN #135097 LUOGELANG FRANCE LIMITED
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash f96802514c1d73464bb9def22ee2d60c
62308f4b0965a702ec77cf7a533bd8fedbef0dcc
c0d706aaf3c2eddaf327a34040013ebc1538a473e0c2bdee11a0c6380d418aa6
GET /tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/ HTTP/1.1
Host: www.cyjinlun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:58 GMT
Content-Type: text/html
Content-Length: 787
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 02:11:11 GMT
cache-control: public,max-age=3600
age: 1059
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.cyjinlun.com/tj.js
154.197.149.237200 OK 258 B IP 154.197.149.237:0
ASN #135097 LUOGELANG FRANCE LIMITED
File type ASCII text, with CRLF line terminators
Hash e3fa5c8826f33187f7a70e6c8687ecb4
6afcaf95981413c82b6263c4b3e63d63a357dc32
27de7e06c9fd9afe595cdedb4a2c3adc051c2756c4f4b79ebd645a6bdfdd72ba
GET /tj.js HTTP/1.1
Host: www.cyjinlun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:59 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.cyjinlun.com/common.js
154.197.149.237200 OK 1.1 kB URL HTTP/1.1 www.cyjinlun.com/common.js
IP 154.197.149.237:0
ASN #135097 LUOGELANG FRANCE LIMITED
File type HTML document, ASCII text, with very long lines (431), with CRLF line terminators
Hash 4bae5573ca39cb826c328c652b62f0c6
5bd65995d10b89f26397fefe0e6d93c868d1f507
f8fe1d6d04f46a9606048f86ce662a1ff55f05841d04457db49472e11e68b725
GET /common.js HTTP/1.1
Host: www.cyjinlun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:59 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6251
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:50 GMT
Last-Modified: Fri, 25 Nov 2022 00:44:39 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.cyjinlun.com/favicon.ico
154.197.149.237200 OK 1.2 kB URL HTTP/1.1 www.cyjinlun.com/favicon.ico
IP 154.197.149.237:0
ASN #135097 LUOGELANG FRANCE LIMITED
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.cyjinlun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:59 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 30 Nov 2022 02:28:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e923820fef4b17148a57ac3eac74bc08
bf79402b435f1f1260fa3cae1f3e31bcdc2f2466
bee25e4f2d18654680dfb9d679dc8fa3ff71c8fd5c03d1b341bbe48bcecf15d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEE25E4F2D18654680DFB9D679DC8FA3FF71C8FD5C03D1B341BBE48BCECF15D2"
Last-Modified: Thu, 24 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 25 Nov 2022 08:28:51 GMT
Date: Fri, 25 Nov 2022 02:28:51 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.53.106101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.53.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m8wZBHLf4QDlbfn/+vXg2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HAd/2HwxszpQL3JEohW4f7CeBbw=
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 83002aeac06712d58a6b3b9172dab8af
9bb0f572b12b7762d1caab982f59665cf88381a2
384a1f3e47b6f7c15f02e5333c741f498c10e2bdb64172021a40495877281718
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 29 Nov 2022 01:33:42 GMT
ETag: "9bb0f572b12b7762d1caab982f59665cf88381a2"
Last-Modified: Fri, 25 Nov 2022 01:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 531
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f40c6ad4b50b-OSL
jklliu-nioink-vgfdxg-8997.com/
156.248.236.202200 OK 6.8 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/
IP 156.248.236.202:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1253), with CRLF line terminators
Hash a59f78501758c9f6876b8d52c549535d
1fbe08a26c0443140c91055419b7ef96cdd68ca6
5496b79ac00ef2ce219862a16fa443bc3359bfc2f36846a5d75349ddcf740481
GET / HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cyjinlun.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.1.33, ASP.NET
Date: Fri, 25 Nov 2022 02:28:48 GMT
Content-Length: 6801
push.zhanzhang.baidu.com/push.js
182.61.240.101200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.240.101:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cyjinlun.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 25 Nov 2022 02:28:51 GMT
Etag: "4078521116"
Expires: Sat, 25 Nov 2023 02:28:51 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E1B35D62A947577F1CE9A9FA55ADC43B:FG=1; max-age=31536000; expires=Sat, 25-Nov-23 02:28:51 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/ate.css
156.248.236.202200 OK 4.5 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/ate.css
IP 156.248.236.202:0
File type ASCII text, with CRLF line terminators
Hash 1164a38c5186eff1838f351d96dbd192
1f5c06f7969ca9602774591594b1d4170137cdc3
fec2bebf191e9c67f3ce3234909acb71fa272057962f230dce334cdfd514b3e2
GET /template/waydoaxn/css/ate.css HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 24 Jan 2021 07:28:36 GMT
Accept-Ranges: bytes
ETag: "06ae58622f2d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:48 GMT
Content-Length: 4498
api.share.baidu.com/s.gif?l=http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
39.156.68.163200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.cyjinlun.com/tags.php?/%B0%C4%C3%C5%B0%D9%BC%D2%C0%D6/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cyjinlun.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 25 Nov 2022 02:28:51 GMT
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/geaueyhh.js
156.248.236.202200 OK 906 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/geaueyhh.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash b076dad755dd380b0c4e3a7fdc230937
1d229365f801023748c7f3b2a4e72651ef4a8f0e
c29417dffc2d001a36e00be40944fea8c78d5ed191d3be6a20780f6065207c39
GET /template/waydoaxn/mmnjuuta/geaueyhh.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 21 Nov 2022 09:55:52 GMT
Accept-Ranges: bytes
ETag: "084ad708ffdd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:48 GMT
Content-Length: 906
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/ebhhnphx.js
156.248.236.202200 OK 694 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/ebhhnphx.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 49022bf92ae6926ae9e522c912f10134
50de7661793180fc3eeae47b5387acffc3a28936
3957a9528b725714893452496479dd6db47c0a07eabf9b2a87ecc40381938b58
GET /template/waydoaxn/mmnjuuta/ebhhnphx.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 15:53:59 GMT
Accept-Ranges: bytes
ETag: "805c1cc53ffd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:48 GMT
Content-Length: 694
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/vtffstvy.js
156.248.236.202200 OK 906 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/vtffstvy.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 73ece4336a7d7ce6da8fc16351d0158f
8be48a998ca451d471a614de776b8c974d28e240
6d7d07f5de6ace635aa7f12922b9e95e8317d22998bd491df41bc52ea6de5aa1
GET /template/waydoaxn/mmnjuuta/vtffstvy.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 17:15:41 GMT
Accept-Ranges: bytes
ETag: "809c55b73fdd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:48 GMT
Content-Length: 906
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/nyyhulad.js
156.248.236.202200 OK 2.3 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/nyyhulad.js
IP 156.248.236.202:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1bb4af907d3e53bf968ffc99ec607c3d
c0d313e7cd1a7f7a83c15aff30bd2961084349b1
771ad927ee7cb0317fccbf2693fe582209a3a00e95b13734a39ccf2b809355c0
GET /template/waydoaxn/mmnjuuta/nyyhulad.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 21 Nov 2022 11:46:52 GMT
Accept-Ranges: bytes
ETag: "0de58f29efdd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 2277
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/rradauct.js
156.248.236.202200 OK 778 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/rradauct.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 9ff7011b41ba1bfcccc3f8312919e880
7fcdaa99180321296307e6fd1030fd7cc7a13974
ca669ec6f75f77f192f9935bdabc36195dd7a395a8fe282da44e2f62c21beda3
GET /template/waydoaxn/mmnjuuta/rradauct.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 06 Nov 2022 06:32:46 GMT
Accept-Ranges: bytes
ETag: "d6695395a9f1d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 778
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/app.js
156.248.236.202200 OK 2.0 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/app.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 8b047cc7eeb8212442312012e825c7b8
924b14cd12c3a9100bfe2d604e3e5447e9d82e99
3df7446d03f7805bfb9d0e8e3b1446756bb6496e496219050659433e0a9c6131
GET /template/waydoaxn/mmnjuuta/app.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 15:54:45 GMT
Accept-Ranges: bytes
ETag: "80102ce853ffd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 1997
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/mqntlfic.js
156.248.236.202200 OK 2.0 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/mqntlfic.js
IP 156.248.236.202:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1f86a6d58c1cc8f21036a2edc9e1798c
3f6dda660166297eeeea00817b2b4f78fcfcf920
4190beddc7bac190dcfa55c34fe1ee877fed75326bb81dc4607fd32ed208d695
GET /template/waydoaxn/mmnjuuta/mqntlfic.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 21 Nov 2022 11:47:29 GMT
Accept-Ranges: bytes
ETag: "809e6689ffdd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 1991
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/ficsblek.js
156.248.236.202200 OK 886 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/ficsblek.js
IP 156.248.236.202:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash bf8f2bbc84c3165f1ce81244d63c625f
11722537ad1a60ea7a411098709027442e41ff19
74344961b9cadc92932eabbf2d74ee45aed7d7ed9f07132d0009d2346c0f1301
GET /template/waydoaxn/mmnjuuta/ficsblek.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 11 Nov 2022 13:51:30 GMT
Accept-Ranges: bytes
ETag: "44d789b3d4f5d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 886
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/zui.css
156.248.236.202200 OK 15 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/zui.css
IP 156.248.236.202:0
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 48c376278eb9da985b90bb1612dbeee1
4d755742285a8bc38f9c73b3a5976c6b381e3c32
af7cb37270a26d66dd3bb89f42d9c122bb2a1bfe9f6fe076138d9864c7193bee
GET /template/waydoaxn/css/zui.css HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 27 Jan 2021 05:34:18 GMT
Accept-Ranges: bytes
ETag: "0e972e6ef4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 15351
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/kcpmvycl.js
156.248.236.202200 OK 212 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/mmnjuuta/kcpmvycl.js
IP 156.248.236.202:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 6d23b1e6dc71e3ef03252b13f7a1454f
2696a8fedeb76ed53e14542eb8ff95c6d2da91ca
2366bd84896434e3d5976e5818a34c1f46ca2ea7d2b7dca1445f83ab39d08bd9
GET /template/waydoaxn/mmnjuuta/kcpmvycl.js HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 19 Sep 2022 23:34:44 GMT
Accept-Ranges: bytes
ETag: "c8102a6680ccd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 212
ak-d.tripcdn.com/images/0Z01t2215cyparbxc8012.gif
96.6.16.143200 OK 1.4 MB URL HTTP/2 ak-d.tripcdn.com/images/0Z01t2215cyparbxc8012.gif
IP 96.6.16.143:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 1.4 MB (1369097 bytes)
Hash 328c8d1c235a2191ea073d29ff1e131b
4bb53374e8d7604be8c3627b0ed1d57f0749c39b
bef0d5038e32ecdeb1f1ae632115b53f2e23649d6d271e7fb96f45a3a517337f
GET /images/0Z01t2215cyparbxc8012.gif HTTP/1.1
Host: ak-d.tripcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 1369097
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=6608422
expires: Thu, 09 Feb 2023 14:09:14 GMT
date: Fri, 25 Nov 2022 02:28:52 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/loogo8.png
156.248.236.202404 Not Found 1.2 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/loogo8.png
IP 156.248.236.202:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 8363acaeab9cbb099b59b78a44127ca6
aef448ce5500e3734059ec285cf6ec0b547075f2
9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
GET /template/waydoaxn/css/loogo8.png HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 1163
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/1.gif
156.248.236.202200 OK 254 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/1.gif
IP 156.248.236.202:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/waydoaxn/images/1.gif HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Jun 2021 00:37:23 GMT
Accept-Ranges: bytes
ETag: "28ba8f2595ed71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 254
hm.baidu.com/hm.js?da1e38fbcfb8f5e52830a77942e08334
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?da1e38fbcfb8f5e52830a77942e08334
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 198df0f7470759f34ecd79e6bc6a9d8e
2365315973d4c5f224b2c393d1efb6267118dbf9
d33424edb9118f6a12db997ef0ece945b03ff7957c757d5a175b202627b17a30
GET /hm.js?da1e38fbcfb8f5e52830a77942e08334 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cyjinlun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Fri, 25 Nov 2022 02:28:51 GMT
Etag: c9e2205cfcecf6d8ca707f556ad08978
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=65CE370F15B743D5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/video-play.png
156.248.236.202200 OK 1.6 kB URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/video-play.png
IP 156.248.236.202:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/waydoaxn/images/video-play.png HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 24 Jan 2021 07:28:46 GMT
Accept-Ranges: bytes
ETag: "4081698d22f2d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:49 GMT
Content-Length: 1567
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b6832207df2cb4a097c6ed58f6d874bb
a53042f7f0cf5bad52dc1dee5e60ec07d9d5ae14
b2de299ebbef36d74cc7edef70900928a9862820dc2c2e1cf569774f9395ac6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2DE299EBBEF36D74CC7EDEF70900928A9862820DC2C2E1CF569774F9395AC6E"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1769
Expires: Fri, 25 Nov 2022 02:58:22 GMT
Date: Fri, 25 Nov 2022 02:28:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 63add92414da3c7a6c6c80da09a52b3b
02f05fd6c6d0435d02119cc6040ef8b583697f09
6b669228c50af0eb33dd89682464071c62c509ccc83f604346de463841ce9424
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B669228C50AF0EB33DD89682464071C62C509CCC83F604346DE463841CE9424"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7751
Expires: Fri, 25 Nov 2022 04:38:04 GMT
Date: Fri, 25 Nov 2022 02:28:53 GMT
Connection: keep-alive
jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/video-mask.png
156.248.236.202200 OK 107 B URL HTTP/1.1 jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/images/video-mask.png
IP 156.248.236.202:0
File type PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Hash 6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa
GET /template/waydoaxn/images/video-mask.png HTTP/1.1
Host: jklliu-nioink-vgfdxg-8997.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/template/waydoaxn/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 24 Jan 2021 07:28:42 GMT
Accept-Ranges: bytes
ETag: "b0b58b8a22f2d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:51 GMT
Content-Length: 107
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5819
Expires: Fri, 25 Nov 2022 04:05:52 GMT
Date: Fri, 25 Nov 2022 02:28:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6673267df195141739d1018c17101368
b80047da428636adb7027f12718c8d11bd461da4
de30af07eed7326a1326c831e04727649a112c20d0c485a7e973edd96f91bfaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11954
x-amzn-requestid: 0c912d90-72b5-4060-ae22-c2ecbe16b57a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8J-nEFEoAMF2eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2390-503ead086c8021af6eaeaa85;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JZAeoFNsUy2usSV7O41YGIfVow9gaIMXuKnfcaundLduQ5UX2eTKOQ==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 17:17:27 GMT
age: 33086
etag: "b80047da428636adb7027f12718c8d11bd461da4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5863138af1ddbba34a7856242a7b3a06
2eba66ff6539388c48562503e8d11ff0e060350a
d1543e1b803a07095148b743925eebbbf21f566a2df9b785a1a9d48c5604496c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8917
x-amzn-requestid: 10f3b269-9437-476d-ae4f-a0ac3fb78491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wEIwoAMF8uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4cfeecf4553b26381ed11875;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lr9z8FWWpMGtxtvcYzeT-ewuydSzpma8I06pszLDQIICotFkB_SZlA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:55:30 GMT
age: 16403
etag: "2eba66ff6539388c48562503e8d11ff0e060350a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ESacQ13nZwlbUKiNnwl6AxqC9ar8cxPctKLMFWS86aB3ZGsbxG0ZOA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 04:22:08 GMT
age: 79605
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 77065
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1adbf0cd373a4c06caa71eac14e1286c
236199a790f16dcf96dba80b9945836b37e3c2eb
767fd66cf0751dd80b2453588f9363fac7d9637da3dc9098d25fb65699ca8c5e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6590
x-amzn-requestid: 5d8b02c4-673a-4c77-8f24-498d9b8a28ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8zGeAIAMF4HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-661ce3991caf87e8558158c3;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4iFMdgZvXpHdbGKY-3exNXsKVn2FuWGQg70mCqzGLSHk_bSTiXSCxA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:01:38 GMT
age: 16035
etag: "236199a790f16dcf96dba80b9945836b37e3c2eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d43ec6824d4fdc4d31b8c245bf8c5849
81f85633fca39972d8e0bf9a4ec7cd999e54564f
b0e521b23879af86102f46a9ec412faf6345df31a97a7b58880f63f81fdcd0c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7900
x-amzn-requestid: a9d184b1-3b4a-4ca6-9ad2-ce3aac10f422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB91H2IIAMFjGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38b-5732361f36c023c22c922ee9;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cRreyOCHys8rW4UWA3JSMhtOiiltT6ULxxgi9aLM7sw07UruCXgPkQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:13:14 GMT
age: 15339
etag: "81f85633fca39972d8e0bf9a4ec7cd999e54564f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1630198555&si=da1e38fbcfb8f5e52830a77942e08334&v=1.3.0&lv=1&sn=35812&r=0&ww=1280&u=http%3A%2F%2Fwww.cyjinlun.com%2Ftags.php%3F%2F%25B0%25C4%25C3%25C5%25B0%25D9%25BC%25D2%25C0%25D6%2F&tt=%E8%8A%9C%E6%B9%96%E9%82%AE%E8%88%B6%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1630198555&si=da1e38fbcfb8f5e52830a77942e08334&v=1.3.0&lv=1&sn=35812&r=0&ww=1280&u=http%3A%2F%2Fwww.cyjinlun.com%2Ftags.php%3F%2F%25B0%25C4%25C3%25C5%25B0%25D9%25BC%25D2%25C0%25D6%2F&tt=%E8%8A%9C%E6%B9%96%E9%82%AE%E8%88%B6%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1630198555&si=da1e38fbcfb8f5e52830a77942e08334&v=1.3.0&lv=1&sn=35812&r=0&ww=1280&u=http%3A%2F%2Fwww.cyjinlun.com%2Ftags.php%3F%2F%25B0%25C4%25C3%25C5%25B0%25D9%25BC%25D2%25C0%25D6%2F&tt=%E8%8A%9C%E6%B9%96%E9%82%AE%E8%88%B6%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cyjinlun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 25 Nov 2022 02:28:53 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=66B60F9C9B259AE1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 57c2339af4be62cf0bdc905ff8a88627
28a9a0433a6b99262339ec2de626985574a0d14e
217979335ae6af1d9f9af167d075a809cfd39749a1e14d561c9ebdaa156b773c
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 01:08:20 GMT
ETag: "28a9a0433a6b99262339ec2de626985574a0d14e"
Last-Modified: Fri, 25 Nov 2022 01:08:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2858
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f41e1c9cb503-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash caa8b707641e35df881fa30781fc611f
3acaa4abd1496376732c3e5c0f69b0a40963dfff
8f337366f326b600dbb75a8f48b7f040a6b42fb36e3c9b6c55f8d617a08c694e
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 28 Nov 2022 23:39:03 GMT
ETag: "3acaa4abd1496376732c3e5c0f69b0a40963dfff"
Last-Modified: Thu, 24 Nov 2022 23:39:04 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 650
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f41e1fa3b529-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 57c2339af4be62cf0bdc905ff8a88627
28a9a0433a6b99262339ec2de626985574a0d14e
217979335ae6af1d9f9af167d075a809cfd39749a1e14d561c9ebdaa156b773c
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 01:08:20 GMT
ETag: "28a9a0433a6b99262339ec2de626985574a0d14e"
Last-Modified: Fri, 25 Nov 2022 01:08:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2858
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f41e19beb527-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 57c2339af4be62cf0bdc905ff8a88627
28a9a0433a6b99262339ec2de626985574a0d14e
217979335ae6af1d9f9af167d075a809cfd39749a1e14d561c9ebdaa156b773c
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 01:08:20 GMT
ETag: "28a9a0433a6b99262339ec2de626985574a0d14e"
Last-Modified: Fri, 25 Nov 2022 01:08:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2858
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f41e19770af6-OSL
pic.picnewsss.com/tu-2022290039/960-70.gif
23.225.139.251200 OK 235 kB URL HTTP/2 pic.picnewsss.com/tu-2022290039/960-70.gif
IP 23.225.139.251:0
File type GIF image data, version 89a, 960 x 70\012- data
Size 235 kB (234662 bytes)
Hash 045e057522911771386c41137c11403c
5de92d710e919b3d21d1ba31035d08fe9b1d54c3
73a29558a84433e9a39e3dc400deca8ed1308382e2c29deefce604ac2f687a82
GET /tu-2022290039/960-70.gif HTTP/1.1
Host: pic.picnewsss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=2592000
content-type: image/gif
date: Thu, 24 Nov 2022 15:25:05 GMT
etag: "1669339977"
expires: Sat, 24 Dec 2022 15:25:05 GMT
last-modified: Fri, 25 Nov 2022 01:32:57 GMT
server: nginx
x-cache: HIT, policy, memory
content-length: 234662
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 68808f81ec2a527406b919acd271913e
26b45a1aec32e9c841feff6171a46367db290714
afcffbe6fdeed4f13121e52a97c54d22717618edd0407b140d5056d57198b052
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 14:24:39 GMT
Expires: Tue, 29 Nov 2022 14:24:38 GMT
Etag: "26b45a1aec32e9c841feff6171a46367db290714"
Cache-Control: max-age=387943,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e5fe7fac4-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1166802b4be588e4ad421e4087c8fc6a
a6f082a187cebda2646caf25557fc52f387f0bc4
aec263a750a92f0a4b298d09d1f02f1c7de52a99a0c381d258b54377c8ee5b59
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 16:45:16 GMT
Expires: Mon, 28 Nov 2022 16:45:15 GMT
Etag: "a6f082a187cebda2646caf25557fc52f387f0bc4"
Cache-Control: max-age=309980,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e9ff3fac4-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 30560bb985f62cf43b07a4d052c01dfd
392611dff6ef5eb39e216bb8587d6040e590604e
c0a25c0045587d03547315c48733530a9b12f78a6f58da8513af564197dda40f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 13:20:38 GMT
Expires: Thu, 01 Dec 2022 13:20:37 GMT
Etag: "392611dff6ef5eb39e216bb8587d6040e590604e"
Cache-Control: max-age=556902,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41efffbfac4-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ae60b0c5d475fe54a08b51023d08df7
dfbf0a55be87969a83a659bdf7838ad8754bb4e6
5dbb121c770f1e9791fd61b83fa6a2eee7f057f0db82474e0ff4c6dba00a88f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DBB121C770F1E9791FD61B83FA6A2EEE7F057F0DB82474E0FF4C6DBA00A88F6"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1209
Expires: Fri, 25 Nov 2022 02:49:03 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4e0bf2eba20ecd37a22c849e08a8d2c6
87279bcf79e894aa1f5d3167f896958308a290d1
2f0c6e68762615c3d208453349458006655a7f2bc7983c2f776e6119db6f812d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F0C6E68762615C3D208453349458006655A7F2BC7983C2F776E6119DB6F812D"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6098
Expires: Fri, 25 Nov 2022 04:10:32 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc0c87e2958de9a09b47bdab344e4580
231fd032aae20cbebfe468ceb8ea99103fa6de66
eaca7f7c80089c7bbfb0d3886ea60c71d31dbe1984ea7f773a20bc38b1d88ea2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EACA7F7C80089C7BBFB0D3886EA60C71D31DBE1984EA7F773A20BC38B1D88EA2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7243
Expires: Fri, 25 Nov 2022 04:29:37 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 62e1241d2f892dd0358d10bc58897543
c429bc925e26bdc1cfbf8f061c092437c2f980da
d31cf74ba322eae9cf783734a4716069a07df3d8afa6f644925ade3cb7200750
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:52:33 GMT
Expires: Tue, 29 Nov 2022 08:52:32 GMT
Etag: "c429bc925e26bdc1cfbf8f061c092437c2f980da"
Cache-Control: max-age=368017,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e5cb8b51e-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c43cd7eff889c7574c754fcecd2118fe
7c8118b4e27d144f96f375ae985e1676223229a6
7eda225f9eff08db9385d8193069dee4799d31a987040c215fe130b8ddadce20
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 03:31:13 GMT
Expires: Thu, 01 Dec 2022 03:31:12 GMT
Etag: "7c8118b4e27d144f96f375ae985e1676223229a6"
Cache-Control: max-age=521537,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e5fbab529-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 4843fada1c0617d36927afca3400e17e
49ba6d2eb8d9050c4ef1c54fc62980ee6cdf46a0
a7467348802a0796518d6f90895f44cf80ee8520290567f3c3ec26c4497505ab
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 23:09:43 GMT
Expires: Mon, 28 Nov 2022 23:09:42 GMT
Etag: "49ba6d2eb8d9050c4ef1c54fc62980ee6cdf46a0"
Cache-Control: max-age=333047,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e5891b4f4-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18bacd5eb80bb02db49baa0a2a72dfd6
391e49fe9cacd9c98d3d3b343c289faa10ac0b51
8e83801976858d481c394cd71917e459feaa550ae7a4c91d482774dcf3b2ad62
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 00:54:35 GMT
Expires: Wed, 30 Nov 2022 00:54:34 GMT
Etag: "391e49fe9cacd9c98d3d3b343c289faa10ac0b51"
Cache-Control: max-age=425739,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41e5b7bb4f9-OSL
gg72a1.com/gg/960x60-2.gif
137.175.13.103200 OK 567 kB URL HTTP/2 gg72a1.com/gg/960x60-2.gif
IP 137.175.13.103:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 567 kB (566629 bytes)
Hash c9fa1542af8b7e568dc7b3a56522b833
1449fff789834cb44c300d12d770eeb251a4bbd5
7db19a9e96ed52f61b3b4c76bf6cac9259ae0b3e9d18eb597320c30a0e4e1e90
GET /gg/960x60-2.gif HTTP/1.1
Host: gg72a1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:31:10 GMT
content-type: image/gif
content-length: 566629
last-modified: Tue, 01 Nov 2022 07:49:47 GMT
etag: "6360cf9b-8a565"
expires: Sun, 25 Dec 2022 02:31:10 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56310c6e6ca66324f31c4405b3b23108
4ecc7a97cc17eed10486292c7e127d3eab486965
268c4d940a7a31bb53331ed027ceafbc562d00004aafbc17256dd31551c1903a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "268C4D940A7A31BB53331ED027CEAFBC562D00004AAFBC17256DD31551C1903A"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13577
Expires: Fri, 25 Nov 2022 06:15:11 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
72agg2.com/gg/150x150.gif
137.175.13.103200 OK 53 kB URL HTTP/2 72agg2.com/gg/150x150.gif
IP 137.175.13.103:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash d4f0c13668bf21f1a23a4a25d952f793
a689990450d6d70e5599f10ee8a9676942a21c9a
807ab782766f73f76ed28addc99e9c95e4bc42b64b1358cfd5f7170ecf3f7a4c
GET /gg/150x150.gif HTTP/1.1
Host: 72agg2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:31:11 GMT
content-type: image/gif
content-length: 53401
last-modified: Sun, 06 Nov 2022 12:21:13 GMT
etag: "6367a6b9-d099"
expires: Sun, 25 Dec 2022 02:31:11 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 62e1241d2f892dd0358d10bc58897543
c429bc925e26bdc1cfbf8f061c092437c2f980da
d31cf74ba322eae9cf783734a4716069a07df3d8afa6f644925ade3cb7200750
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:52:33 GMT
Expires: Tue, 29 Nov 2022 08:52:32 GMT
Etag: "c429bc925e26bdc1cfbf8f061c092437c2f980da"
Cache-Control: max-age=368017,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41eab851bfa-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56310c6e6ca66324f31c4405b3b23108
4ecc7a97cc17eed10486292c7e127d3eab486965
268c4d940a7a31bb53331ed027ceafbc562d00004aafbc17256dd31551c1903a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "268C4D940A7A31BB53331ED027CEAFBC562D00004AAFBC17256DD31551C1903A"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13577
Expires: Fri, 25 Nov 2022 06:15:11 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9381665bdbe88ea0f7fef1e4fdb81a5d
93c65c106fdc534bb9207b44b5d1cc49856c88d6
50eff0cc9219bf8a9b2ac708744e23aa7ad08a5219dbe6acf6040083faa9c0ae
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50EFF0CC9219BF8A9B2AC708744E23AA7AD08A5219DBE6ACF6040083FAA9C0AE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2485
Expires: Fri, 25 Nov 2022 03:10:19 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9381665bdbe88ea0f7fef1e4fdb81a5d
93c65c106fdc534bb9207b44b5d1cc49856c88d6
50eff0cc9219bf8a9b2ac708744e23aa7ad08a5219dbe6acf6040083faa9c0ae
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50EFF0CC9219BF8A9B2AC708744E23AA7AD08A5219DBE6ACF6040083FAA9C0AE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2485
Expires: Fri, 25 Nov 2022 03:10:19 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4df841114c42c425f2dff89af1aca46
c5de308cdb8419e1e4f7e96ad22b180c374cf582
93d8bc690d1e8ace87c2a68f677677169e3959a83158cc000ab593191f04866c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "93D8BC690D1E8ACE87C2A68F677677169E3959A83158CC000AB593191F04866C"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=334
Expires: Fri, 25 Nov 2022 02:34:28 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
kvexx.com/0385a02384cf8bb1f4b429d18548cbd7.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvexx.com/0385a02384cf8bb1f4b429d18548cbd7.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /0385a02384cf8bb1f4b429d18548cbd7.gif HTTP/1.1
Host: kvexx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvhuuu.top/0385a02384cf8bb1f4b429d18548cbd7.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c567dd3e6a0ebfb2eb6c1e5ba6e85df5
29dafea2db9b1f69829827aa6565aee2d8371a52
0f1954e1b52b93ae4a4fd9d2a4b3859983fc13758432b829b4223fe04fc528b0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F1954E1B52B93AE4A4FD9D2A4B3859983FC13758432B829B4223FE04FC528B0"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9963
Expires: Fri, 25 Nov 2022 05:14:57 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash caab19262fb45643597dea7992cd7aea
fe2450344b1b928a018bb9011d50b55e528965f3
fa6b424e9b549cd9b3191422f703bf61a35dc205960fd88e267fc5472069677e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=162130
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:54 GMT
Etag: "637ffeb8-117"
Expires: Sat, 26 Nov 2022 23:31:04 GMT
Last-Modified: Thu, 24 Nov 2022 23:31:04 GMT
Server: nginx
Content-Length: 279
kvemm.com/9b68c13628d3eda27f139dbcab11f1e5.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/9b68c13628d3eda27f139dbcab11f1e5.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /9b68c13628d3eda27f139dbcab11f1e5.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvtddd.top/9b68c13628d3eda27f139dbcab11f1e5.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvemm.com/c70f7dd4a4c94432f7e7dfd8886c435b.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/c70f7dd4a4c94432f7e7dfd8886c435b.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /c70f7dd4a4c94432f7e7dfd8886c435b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvtddd.top/c70f7dd4a4c94432f7e7dfd8886c435b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvemm.com/b1dec1c6aa5f13c7681a48b3a87fa578.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/b1dec1c6aa5f13c7681a48b3a87fa578.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /b1dec1c6aa5f13c7681a48b3a87fa578.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvtddd.top/b1dec1c6aa5f13c7681a48b3a87fa578.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvezz.com/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvezz.com/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d8766c5ff8e42ad5dafb8044a9ffd1e1.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://acoozzh.top/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08bdd5a8f4110c2cfecf7751879f103a
2c426dbf5d1c60246c5419bcf9764efc06d8a348
126c1c4f16a84cfa7953eac5e4742113b66b14462857bcb3b718118da74ba07a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "126C1C4F16A84CFA7953EAC5E4742113B66B14462857BCB3B718118DA74BA07A"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3485
Expires: Fri, 25 Nov 2022 03:26:59 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvevv.com/62c32c04c4566524981b72086b0c545b.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kvevv.com/62c32c04c4566524981b72086b0c545b.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /62c32c04c4566524981b72086b0c545b.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/62c32c04c4566524981b72086b0c545b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash bce32206664d0392e3369f413a3a30a6
aff0edfc53ce4d3ae7f51ae57c36aeba6a409184
6b6b7e3f90467f81f780393dccbd19952262bec0ca20afd4dc96208f2be487f5
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 24 Nov 2022 19:36:30 GMT
Expires: Fri, 25 Nov 2022 19:36:30 GMT
ETag: "aff0edfc53ce4d3ae7f51ae57c36aeba6a409184"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /47fc3dfa6dab926d04bc8c0e76b89995.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/47fc3dfa6dab926d04bc8c0e76b89995.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kzerr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkccc.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
aooacctp.com/logotp/xfb63.gif
104.21.234.186200 OK 801 kB URL HTTP/2 aooacctp.com/logotp/xfb63.gif
IP 104.21.234.186:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 801 kB (800906 bytes)
Hash b67d8e3b2e6a17ef65cca5924479bcaf
170f0e54f86d9fe303bca99f7524cee878289a3f
2b6a9b53114e36c800d36b460001279b5b27d86ad0b0f79d71bd5157d7d2ba8c
GET /logotp/xfb63.gif HTTP/1.1
Host: aooacctp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: image/gif
content-length: 800906
last-modified: Sun, 14 Aug 2022 07:55:32 GMT
etag: "62f8aa74-c388a"
expires: Mon, 19 Dec 2022 12:07:39 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 443272
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wp3Zgyym7c5yQLxQuDnoru7AA4J5PZ9CxQJl%2F7ooQm%2Bo0hlo3IyycXN29dBsXkmJw6kwkm4fYA2MtEONh3nRwYXwWVMYiL7kzgJaDCgsbGkRnQH1lzoqeMVF2nDEZow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4208a3174c1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 75e57e4a6cf40312bc50060099e11b36
976ea6be9fccf8fd82d0e903063e7fc78a5ced25
8fd7d7afb623d51086a47097d76a77aef8844c1bd8a04d7b0b9d47767ba4e151
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 16:52:19 GMT
Expires: Thu, 01 Dec 2022 16:52:18 GMT
Etag: "976ea6be9fccf8fd82d0e903063e7fc78a5ced25"
Cache-Control: max-age=569603,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4201db7b51e-OSL
kveww.com/2d9e99d0532fbc12eded53b70c20d64d.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kveww.com/2d9e99d0532fbc12eded53b70c20d64d.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2d9e99d0532fbc12eded53b70c20d64d.gif HTTP/1.1
Host: kveww.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvhqqq.top/2d9e99d0532fbc12eded53b70c20d64d.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
362728tdg.com/692ec1480cfd4a7c9e7e8e565285e57c.gif
45.61.212.219200 OK 20 kB URL HTTP/1.1 362728tdg.com/692ec1480cfd4a7c9e7e8e565285e57c.gif
IP 45.61.212.219:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash 8cfb25e3db03d9ecd14a077cc189fe25
0aaa8cae625d7ddfe85192ca0ba1964c9432f50d
56dfaabecf830964bc2225b38737611d7841b962d29728817a256a93d667a9a6
Analyzer Verdict Alert quad9 Sinkholed
GET /692ec1480cfd4a7c9e7e8e565285e57c.gif HTTP/1.1
Host: 362728tdg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6377444c-4c60"
Date: Sat, 19 Nov 2022 08:55:03 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:37:32 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-19
Content-Length: 19552
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b2202a261fc1546305c6884d617215a2
ab919987cd6fe36d3d8972debd8557a06785d18d
c0c0d0e875183f0c0eb1d996060aa866d5ff2c30acb8ffd40ff8a1d656fb4f4e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C0C0D0E875183F0C0EB1D996060AA866D5FF2C30ACB8FFD40FF8A1D656FB4F4E"
Last-Modified: Tue, 22 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Fri, 25 Nov 2022 08:28:14 GMT
Date: Fri, 25 Nov 2022 02:28:54 GMT
Connection: keep-alive
kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
98.126.214.50301 Moved Permanently 162 B URL HTTP/2 kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
IP 98.126.214.50:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkeee.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzerr.com/088dd32a701a1e73cabc4ae46ece3879.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzerr.com/088dd32a701a1e73cabc4ae46ece3879.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /088dd32a701a1e73cabc4ae46ece3879.gif HTTP/1.1
Host: kzerr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkccc.top/088dd32a701a1e73cabc4ae46ece3879.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kveww.com/99462c01e85acc1311bebac224df6cce.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kveww.com/99462c01e85acc1311bebac224df6cce.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /99462c01e85acc1311bebac224df6cce.gif HTTP/1.1
Host: kveww.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvhqqq.top/99462c01e85acc1311bebac224df6cce.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzeaa.com/57d302c9956928857573010dc47c3edf.gif
98.126.214.50301 Moved Permanently 162 B URL HTTP/2 kzeaa.com/57d302c9956928857573010dc47c3edf.gif
IP 98.126.214.50:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /57d302c9956928857573010dc47c3edf.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkeee.top/57d302c9956928857573010dc47c3edf.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzecc.com/2dafd276863e05cd86626a2b7b394960.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzecc.com/2dafd276863e05cd86626a2b7b394960.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2dafd276863e05cd86626a2b7b394960.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkhhh.top/2dafd276863e05cd86626a2b7b394960.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: text/html
content-length: 162
location: https://kvkhhh.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP 142.250.74.35:0
Hash 4c567d2b4fcd38fee5373e6f16594d22
59e437754740c49a3906c3b1317a48da7f4476a0
d659c27c51abe90961059827a0bda62e89fa71e6fc1213ae9acb5707413620a0
POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:54 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 9b1b0cdee388d7b2fd46a552f0d69013
e3501c9feb845229f8bf9980d217400bf6dd8465
807c1ce76ac88be84d04c5bca6d1f93ad321dd60e0006cc45eae7bc0db1e8d47
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 08:49:44 GMT
Expires: Wed, 30 Nov 2022 08:49:43 GMT
Etag: "e3501c9feb845229f8bf9980d217400bf6dd8465"
Cache-Control: max-age=454248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f421a905b529-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1b0f31ddd7c6bb23a36c87f7498dc039
578307d677cf2ee6777bef48c738bc5657cdd4f9
081e23f7b569bd930660eb9ce954f1c531157711776b680334a697ac1ab27811
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 17:12:59 GMT
Expires: Wed, 30 Nov 2022 17:12:58 GMT
Etag: "578307d677cf2ee6777bef48c738bc5657cdd4f9"
Cache-Control: max-age=484443,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f421ad45b4f9-OSL
www.tukudhgg.vip/lm/klm01.gif
172.67.208.179200 OK 78 kB URL HTTP/2 www.tukudhgg.vip/lm/klm01.gif
IP 172.67.208.179:0
File type GIF image data, version 89a, 320 x 190\012- data
Hash f12d32b75b26394038be19df19aea586
286e3cee23dee594ce497c1f2020ccb842e0ae69
06a090053e07f41505d1949525aa511001d14069cb8560f933d60740f9e3eba9
GET /lm/klm01.gif HTTP/1.1
Host: www.tukudhgg.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: image/gif
content-length: 78524
last-modified: Wed, 24 Aug 2022 10:34:37 GMT
etag: "6305febd-132bc"
expires: Sat, 24 Dec 2022 06:29:29 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 31549
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZloudDshsr0JTfKxo9dhcCknS%2FL5NQZLzH%2BIDMmKjvbgrsz51gCfIZhQjYdLs86viSHkc30tTKhnTUIKYuiYtR0TNQHifUR6uQdhv1CQd7URkltkZxyF35KLkzfhphSCTdx0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f421fe7bb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 3c802933cbcc9e541e2f677ea7d32465
189b12dcbf7a957d0808bed1b7738abe5fdcf31a
b48a53359186928285167549c54fbcf2033d0971441aa57de3f59561626dae95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1273
Cache-Control: max-age=157642
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:54 GMT
Etag: "637fe837-2d7"
Expires: Sat, 26 Nov 2022 22:16:16 GMT
Last-Modified: Thu, 24 Nov 2022 21:55:03 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 3c802933cbcc9e541e2f677ea7d32465
189b12dcbf7a957d0808bed1b7738abe5fdcf31a
b48a53359186928285167549c54fbcf2033d0971441aa57de3f59561626dae95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1273
Cache-Control: max-age=157642
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:54 GMT
Etag: "637fe837-2d7"
Expires: Sat, 26 Nov 2022 22:16:16 GMT
Last-Modified: Thu, 24 Nov 2022 21:55:03 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 727
img.1129555.com/images/637774cdd383e8d4961b98ca.gif
91.199.87.220302 Found 84 kB URL HTTP/2 img.1129555.com/images/637774cdd383e8d4961b98ca.gif
IP 91.199.87.220:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 42be17309f3be79d863eb59c6e91bfb7
a2c5e368fca35cf1569e0d2eae6df628662fe8ea
00ef9977c6b702b70d96a810cc0892d2fb8f76e6c372104fe47f5da516935a73
GET /images/637774cdd383e8d4961b98ca.gif HTTP/1.1
Host: img.1129555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/cb8d74bc86e64a459905d45a452dc6b8
cache-control: max-age=3600
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash af969d89223fe91b4ae51be1d2539d20
51391bd16364c826817c6e65b7ae5f4081d9a365
ea63475e5402f6195218c7f3ddc1ab5b33444b317be93a6e44d54914e2c0b7cd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:24:55 GMT
Expires: Tue, 29 Nov 2022 15:24:54 GMT
Etag: "51391bd16364c826817c6e65b7ae5f4081d9a365"
Cache-Control: max-age=391559,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4221d7ab4f9-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash af969d89223fe91b4ae51be1d2539d20
51391bd16364c826817c6e65b7ae5f4081d9a365
ea63475e5402f6195218c7f3ddc1ab5b33444b317be93a6e44d54914e2c0b7cd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:24:55 GMT
Expires: Tue, 29 Nov 2022 15:24:54 GMT
Etag: "51391bd16364c826817c6e65b7ae5f4081d9a365"
Cache-Control: max-age=391559,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4221921b529-OSL
p3.douyinpic.com/obj/tos-cn-i-dy/43675272081b4e54affe1cd54bbf116d
47.246.44.225200 OK 498 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/43675272081b4e54affe1cd54bbf116d
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 70\012- data
Size 498 kB (497844 bytes)
Hash 9d43f768f1897d7d3fd5ba803e1a770a
ff8fb3f427df7b6cfef65fcae162e0abab9474a4
00fe4f1ccfc623639abadf4e745aca22b946365e932a7a794d6c108fee0d85af
GET /obj/tos-cn-i-dy/43675272081b4e54affe1cd54bbf116d HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 497844
date: Fri, 21 Oct 2022 07:50:10 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 21 Oct 2022 07:01:49 GMT
nw-session-id: 20221021150149010175073134084B29D39kjgg02dy
nw-session-trace: 2022-10-21T15:01:49.52333251+08:00 46
x-bdcdn-cache-status: TCP_HIT
x-length: 497844
x-powered-by: ImageX
x-response-date: Fri, 21 Oct 2022 15:01:49 GMT
x-tt-logid: 20221021150149010175073134084B29D3
via: n150-056-031, cache12.l2de2[0,0,206-0,H], cache1.l2de2[1,0], cache1.l2de2[1,0], cache7.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc02:22:54::97
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 018712afb6141c72f112ec6efc8c36fea5b8eee46f016b310737a577e46df3cb7961fa862fafbc44eb9c3aa03ba32ef68ca60ceb1f1447124e4a71a5a0372ae71dfa79066aafd564ff57f1afd3e032180c6e20dad0f880f2f97540dd975200ea8c
x-response-lb: image
ali-swift-global-savetime: 1666338610
age: 3004724
x-cache: HIT TCP_MEM_HIT dirn:3:272949395
x-swift-savetime: Wed, 26 Oct 2022 14:12:14 GMT
x-swift-cachetime: 31081076
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16693433347408302e
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c49f78544b6f2904ffb41993c180c163
d5308117cc5acd7319c1ae69db584d6e70314a5c
12f58ea880bc1234a7f011d3ba96993f3ee1089901a936403be5a3f39f30ae75
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 23:03:11 GMT
Expires: Thu, 01 Dec 2022 23:03:10 GMT
Etag: "d5308117cc5acd7319c1ae69db584d6e70314a5c"
Cache-Control: max-age=591855,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4224f2db51e-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash af969d89223fe91b4ae51be1d2539d20
51391bd16364c826817c6e65b7ae5f4081d9a365
ea63475e5402f6195218c7f3ddc1ab5b33444b317be93a6e44d54914e2c0b7cd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:24:55 GMT
Expires: Tue, 29 Nov 2022 15:24:54 GMT
Etag: "51391bd16364c826817c6e65b7ae5f4081d9a365"
Cache-Control: max-age=391559,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4222ce71bfa-OSL
8499483.com/8499/960x60.gif
172.247.50.228200 OK 331 kB URL HTTP/2 8499483.com/8499/960x60.gif
IP 172.247.50.228:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /8499/960x60.gif HTTP/1.1
Host: 8499483.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: image/gif
content-length: 331043
last-modified: Wed, 09 Nov 2022 06:22:39 GMT
etag: "50d23-5ed03aef4304d"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7a8daad4ab6e765df1af9dd1c0eb2da5
0a17bb68661cccb2714b7b98d0f7b8df1b700cb4
cfa1ebd1b22eeb6cb79139c1d465de12da2f0e1a3f050ecce2fd0a90656c7fae
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 01:44:18 GMT
Expires: Fri, 02 Dec 2022 01:44:17 GMT
Etag: "0a17bb68661cccb2714b7b98d0f7b8df1b700cb4"
Cache-Control: max-age=601522,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4237d5f1bfa-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 07570daf9d11b9b8b8357b089ad60a5a
1e0c563991e0918f538182a887165bf2fd225b80
8f7ff4d51ecb7edcdefc1d6d0aa80e6774d0bd665b2d0f6bcbeaa4b40acbef60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=162854
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:54 GMT
Etag: "6380018c-117"
Expires: Sat, 26 Nov 2022 23:43:08 GMT
Last-Modified: Thu, 24 Nov 2022 23:43:08 GMT
Server: nginx
Content-Length: 279
538936vxn.com/d435373888944b359330ac8c9bcff8c1.gif
45.61.212.229200 OK 553 kB URL HTTP/1.1 538936vxn.com/d435373888944b359330ac8c9bcff8c1.gif
IP 45.61.212.229:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 553 kB (552818 bytes)
Hash 097e6fa9314192dc3dd55cb1c5023ee5
c30366c4c910616f1a3c1b773ffb4af967e20eb5
db020d7293807326453f5848c0bf219e2b835f2530468a9d816a3c1c7941023a
Analyzer Verdict Alert quad9 Sinkholed
GET /d435373888944b359330ac8c9bcff8c1.gif HTTP/1.1
Host: 538936vxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b9374-86f72"
Date: Thu, 24 Nov 2022 01:37:07 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:31:48 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-29
Content-Length: 552818
573569djd.com/9ea0c0a8968d4200b29648688b7f45bf.gif
45.61.212.51200 OK 359 kB URL HTTP/1.1 573569djd.com/9ea0c0a8968d4200b29648688b7f45bf.gif
IP 45.61.212.51:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 359 kB (358672 bytes)
Hash 668143938c3bb811847d83330decd423
f86300da5d773b84bc65d3c901a4767fd8566c48
a06c47f458fdbd01ba8ba0202fb615e94e2353d65098b480ede52a13a645f859
GET /9ea0c0a8968d4200b29648688b7f45bf.gif HTTP/1.1
Host: 573569djd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63774740-57910"
Date: Sat, 19 Nov 2022 08:55:02 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:50:08 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-21
Content-Length: 358672
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash dce8ee1fa8d1015fb532092abacc9359
169b07506a34587443ded2cb51fe798c9b3c9f97
62b436793a7f4f0171c15eac68dc2bf3c612349ef273d4c1d6d2d86a088d083f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 22:05:45 GMT
Expires: Tue, 29 Nov 2022 22:05:44 GMT
Etag: "169b07506a34587443ded2cb51fe798c9b3c9f97"
Cache-Control: max-age=415609,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f422ddcab4f9-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d685a35382a82e6921f907da14f44449
c69756402ab47527b8bc7fcfb08e2659c39a0c53
058b5da7e8c3be9c3487f9384edcbb6ae28540e7c455555491517e808aaaec5a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 09:56:23 GMT
Expires: Tue, 29 Nov 2022 09:56:22 GMT
Etag: "c69756402ab47527b8bc7fcfb08e2659c39a0c53"
Cache-Control: max-age=371846,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f423dd9a1bfa-OSL
acoozzh.top/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
104.21.33.100200 OK 38 kB URL HTTP/2 acoozzh.top/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
IP 104.21.33.100:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 84051de17ff2fbe6c2af3e15319f4de8
a8013e3dbbd4bbe5bb25e2ee1da2e34f2c5b8a47
62801552ce63b30c91b5e476981f7d85e808025c2e15d82bcb103b3884f64ad8
GET /d8766c5ff8e42ad5dafb8044a9ffd1e1.gif HTTP/1.1
Host: acoozzh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 37847
last-modified: Mon, 02 May 2022 19:12:15 GMT
etag: "62702d0f-93d7"
expires: Mon, 19 Dec 2022 09:48:58 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 491997
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vvKfhYOUYLGGmkV44MHLqiSMNNR4RtN2pDQwwx7yvs%2B30MqnBoAYuumllxGrWJPJklSRSnByrvvaX5dU7ItXvDN8AuAw3lqvotWbIvpeFpRYbx7s%2FPt99JnYNnwJFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f423ffe2b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash caab19262fb45643597dea7992cd7aea
fe2450344b1b928a018bb9011d50b55e528965f3
fa6b424e9b549cd9b3191422f703bf61a35dc205960fd88e267fc5472069677e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=162130
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637ffeb8-117"
Expires: Sat, 26 Nov 2022 23:31:05 GMT
Last-Modified: Thu, 24 Nov 2022 23:31:04 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e441e33ecbf9e829ca9dfd8596b76d86
a149b4004a60cb06134f9d88d830deb38a8f1539
80f587d5f7e6f35e053d40b70c4e0cb921c427cfa35022d63455d870cb80d53f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 05:58:46 GMT
Expires: Thu, 01 Dec 2022 05:58:45 GMT
Etag: "a149b4004a60cb06134f9d88d830deb38a8f1539"
Cache-Control: max-age=530389,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f4230996b529-OSL
kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com/150x150.gif
47.75.19.37200 OK 55 kB URL HTTP/1.1 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com/150x150.gif
IP 47.75.19.37:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 150 x 150\012- data
Hash 582452b1cbd33dbd20c3287441dc3478
6ebc8fc783b55f0cb6d54263544e6aefcce534f1
b12b502c1e1fe5109718fc7004000d66ac7a6d96aaada405378c2e63e33300fb
GET /150x150.gif HTTP/1.1
Host: kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Content-Length: 54604
Connection: keep-alive
x-oss-request-id: 638028664C8B373239A3DCB8
Accept-Ranges: bytes
ETag: "582452B1CBD33DBD20C3287441DC3478"
Last-Modified: Mon, 03 Oct 2022 10:13:12 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18371020748093193871
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: WCRSscvTPb0gwyh0Qdw0eA==
x-oss-server-time: 1
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 5bf5455522677a13884f404460fc8be9
e774e485c0f5c22d3da908244d0c46e2787cd265
bf742bb818c0c0435f3fb9ea8293ac5aa599452ae422d9847d71a5986ba24bfd
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 28 Nov 2022 23:43:57 GMT
ETag: "e774e485c0f5c22d3da908244d0c46e2787cd265"
Last-Modified: Thu, 24 Nov 2022 23:43:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3578
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f4248831b503-OSL
acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
104.21.33.100200 OK 400 kB URL HTTP/2 acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 104.21.33.100:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 400 kB (400264 bytes)
Hash b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: acoozzh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Thu, 22 Dec 2022 00:38:06 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 265849
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nX6L7CfjuMGIdoiwbgz1KForF8Rl%2BJLO%2FxdytT9WGMr3oTRKJAz%2BF55lUx2Q9BuUirukn5Kmu2Coz%2BUHWEP6N5A2tBWYvjGAEzy5io6RCruYksCRR2bDCJDmtlk2xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4249833b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
8357.app/images/111.gif
116.213.38.134200 OK 235 kB IP 116.213.38.134:0
File type GIF image data, version 89a, 950 x 60\012- data
Size 235 kB (235089 bytes)
Hash ce54fdef11a4b49711f4972717259e2c
d23e1ffcde7629b62300529d9193f53a6602dd0a
630298b0df9948f0cf5647484627e4f7276315cc13328271714f2d033cdb4d46
GET /images/111.gif HTTP/1.1
Host: 8357.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 10 Nov 2022 08:54:22 GMT
Accept-Ranges: bytes
ETag: "b0a9f76e2f4d81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:45 GMT
Content-Length: 235089
p3.douyinpic.com/obj/tos-cn-i-dy/e454ac1f03aa4643ab3fb8bca7151253
47.246.44.225200 OK 546 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/e454ac1f03aa4643ab3fb8bca7151253
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 250 x 250\012- data
Size 546 kB (545518 bytes)
Hash e703b6e305d4329be7218dbe01977a30
a945dd3df368fba689704555fefae5e2e745fb20
7202bcebddf613675a9251e6b15373c03e7bfce078dfad843e6f94e7824d5c71
GET /obj/tos-cn-i-dy/e454ac1f03aa4643ab3fb8bca7151253 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 545518
date: Mon, 31 Oct 2022 06:39:26 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 30 Oct 2022 12:37:29 GMT
nw-session-id: 202210302037290101311070360948214Dxxqsz02dy
nw-session-trace: 2022-10-30T20:37:29.73424725+08:00 52
x-bdcdn-cache-status: TCP_HIT
x-length: 545518
x-powered-by: ImageX
x-response-date: Sun, 30 Oct 2022 20:37:29 GMT
x-tt-logid: 202210302037290101311070360948214D
via: n150-112-092, cache13.l2ot7-1[0,0,206-0,H], cache31.l2ot7-1[1,0], cache31.l2ot7-1[1,0], cache4.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc02:20:751::154
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 0159e9cdbe3f91426c1450c6e2ed773756a838e728f5e83906d3fefb09f48b2a149d872c73f52f1c2ffac1739cf44173ec50bbf66732a5211e73762666ae72ac65b2942ab7ec3667b5a125876ff14636d2b8c9e2804d2654636bda6d9e98817053
x-response-lb: image
ali-swift-global-savetime: 1667198367
age: 2144968
x-cache: HIT TCP_MEM_HIT dirn:10:967836256 mlen:0
x-swift-savetime: Wed, 02 Nov 2022 13:56:19 GMT
x-swift-cachetime: 31336988
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16693433351088407e
X-Firefox-Spdy: h2
u1055.com/cd0079ce40f14b38b2f6853acacc905e.png
45.61.212.173200 OK 81 kB URL HTTP/2 u1055.com/cd0079ce40f14b38b2f6853acacc905e.png
IP 45.61.212.173:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 35e55bd418c0bb1ad4fdf2f2867e5102
7ec6859a8a7f22431ad759435dfac9337890d216
3e9a01ad36d379d7608aad2569be6dd631bab87dbd215bd23d1702a101ad2fbb
GET /cd0079ce40f14b38b2f6853acacc905e.png HTTP/1.1
Host: u1055.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a3448-13b91"
server: nginx
date: Thu, 10 Nov 2022 06:08:16 GMT
content-type: image/png
last-modified: Tue, 08 Nov 2022 10:49:44 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us5-cdnb-13
content-length: 80785
X-Firefox-Spdy: h2
u1010.com/0ff7b2a31b1c4ea9848803459ac6daaf.gif
103.170.15.49200 OK 70 kB URL HTTP/2 u1010.com/0ff7b2a31b1c4ea9848803459ac6daaf.gif
IP 103.170.15.49:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 180 x 180\012- data
Hash 67275b45a207b88fdb89464f1e03a46f
3c87e58ce0597a307bd6369163a39df67371b3df
5be4b853f464d46739aa80f7ebfb7f2cfdcd0cee88bc0bf697ba1d243ddc3eb5
GET /0ff7b2a31b1c4ea9848803459ac6daaf.gif HTTP/1.1
Host: u1010.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a1962-11334"
server: nginx
date: Tue, 15 Nov 2022 15:24:56 GMT
content-type: image/gif
last-modified: Tue, 08 Nov 2022 08:54:58 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-39
content-length: 70452
X-Firefox-Spdy: h2
n0533.com/7512405275124866b7fcece7e39348e1.gif
20.243.254.232200 OK 91 kB URL HTTP/1.1 n0533.com/7512405275124866b7fcece7e39348e1.gif
IP 20.243.254.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 100\012- data
Hash 62b3bf929422e901c730c19691b7f4de
86f1140094a1a931b074a10908b16b739582c83e
c9fd595fadf8b281d9b3832517983de4ffffc87bcd116553fed9a1c20ab20800
GET /7512405275124866b7fcece7e39348e1.gif HTTP/1.1
Host: n0533.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 19 Nov 2022 15:09:18 GMT
ETag: W/"6378f19e-51701"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 134c5e2bab597f5d39ccc691a3ad39df
2602d264dc883172ce2a1a6e6a5f9d1a4671a475
3d774ecf21651d37362547cfca0d6894b1e78237152a3d1b95d843a1f04ca822
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D774ECF21651D37362547CFCA0D6894B1E78237152A3D1B95D843A1F04CA822"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8276
Expires: Fri, 25 Nov 2022 04:46:51 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 59b02c1c948cef8ac39cb280b2422d4d
31b11d0550d45edc800a0f7e17838abbbb1498c8
66d52879030be45f297ae1d7fd40cee0700712dc87456efd19a6886506aa064f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 23:21:49 GMT
Expires: Tue, 29 Nov 2022 23:21:48 GMT
Etag: "31b11d0550d45edc800a0f7e17838abbbb1498c8"
Cache-Control: max-age=420172,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f6f41fe821fac4-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ede9d7df49a7e00d51c415d5022c7936
bf85e6580bf13510d145273c27b0ed7f35fd76a4
924dbbab8cfc5f6878c78e36b562723253fdcf06826fdab6bb4b2af6f5242e4b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "924DBBAB8CFC5F6878C78E36B562723253FDCF06826FDAB6BB4B2AF6F5242E4B"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2634
Expires: Fri, 25 Nov 2022 03:12:49 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12456
Expires: Fri, 25 Nov 2022 05:56:31 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12414
Expires: Fri, 25 Nov 2022 05:55:49 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12456
Expires: Fri, 25 Nov 2022 05:56:31 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
xk3.me/img/sWQr/os3rJzCf6.gif
45.126.180.173200 OK 37 kB URL HTTP/1.1 xk3.me/img/sWQr/os3rJzCf6.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 240 x 240\012- data
Hash a7d5e2fce182e61fa0610227ada28f05
f0edb65a755e97a28065ca0ca0c96f33e649d207
ce2052aa4c8b181297f162d0459eaaa8d7fd766c244770eb6afee327e6649ff3
GET /img/sWQr/os3rJzCf6.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"50210-1664882819000"
Last-Modified: Tue, 04 Oct 2022 11:26:59 GMT
Expires: Sat, 10 Dec 2022 02:28:54 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2c8b0a4f9244101a483b049a271dabc2
69139d94131b2ce6cef1d7f5e6ab84f0ce249595
eed8db9d99a4f5e0edca1106077a1df8cdb7672984b6727549528aa6f66c2715
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=149892
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637fceeb-117"
Expires: Sat, 26 Nov 2022 20:07:07 GMT
Last-Modified: Thu, 24 Nov 2022 20:07:07 GMT
Server: nginx
Content-Length: 279
362728tdg.com/5d94a04b442545bdb59d7d2fba1b2897..gif
45.61.212.219200 OK 423 kB URL HTTP/1.1 362728tdg.com/5d94a04b442545bdb59d7d2fba1b2897..gif
IP 45.61.212.219:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 423 kB (422791 bytes)
Hash bdeb53a7d3c2f219a7ae903a7346cd91
e5349fa31f22ce3605b9256c0a6e37def92b13b6
316319f597bb6dd3d686c46a51e67693243868108b798fa8174f8a124b6422b4
Analyzer Verdict Alert quad9 Sinkholed
GET /5d94a04b442545bdb59d7d2fba1b2897..gif HTTP/1.1
Host: 362728tdg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b9164-67387"
Date: Sun, 30 Oct 2022 06:51:12 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:23:00 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-19
Content-Length: 422791
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1031dcd5959571008400be96c44bb14
3ef227bc7dfcd797124e34c9a96db7ba1ea57e9d
c3e5581ef9b10564243d1167ae0ec9c52e1efae77878e294f332903ed8c7f1d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3E5581EF9B10564243D1167AE0EC9C52E1EFAE77878E294F332903ED8C7F1D7"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=472
Expires: Fri, 25 Nov 2022 02:36:47 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
628536nyv.com/a560e00e7bb844119014562b6f612399.gif
45.61.212.116200 OK 654 kB URL HTTP/1.1 628536nyv.com/a560e00e7bb844119014562b6f612399.gif
IP 45.61.212.116:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 654 kB (653713 bytes)
Hash 6e1b913d233fb64271527a796618f37b
a858c96c304244dfa9d5cd159a3a5c80c6b98598
4dc0708abb2de56eaee1961f8143ec911357863a2b259c4154701ddd128d3a37
Analyzer Verdict Alert quad9 Sinkholed
GET /a560e00e7bb844119014562b6f612399.gif HTTP/1.1
Host: 628536nyv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b8daa-9f991"
Date: Sat, 12 Nov 2022 02:07:53 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:07:06 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us2-cdnb-16
Content-Length: 653713
278838mcu.com/1e087086b5844df1bdf3b79c296c8758.gif
103.170.15.80200 OK 580 kB URL HTTP/1.1 278838mcu.com/1e087086b5844df1bdf3b79c296c8758.gif
IP 103.170.15.80:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 580 kB (580315 bytes)
Hash 1a429adb0604b6dd52d269910a16df11
0e6e0b7135822c02ae159c14a1b4aebfa75b0982
819a4224605c47089d7456012a957beef9f0a59191a8a63e4c0aefa6c3ece6b7
Analyzer Verdict Alert quad9 Sinkholed
GET /1e087086b5844df1bdf3b79c296c8758.gif HTTP/1.1
Host: 278838mcu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6377451b-8dadb"
Date: Fri, 18 Nov 2022 09:38:39 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:40:59 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-10
Content-Length: 580315
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1031dcd5959571008400be96c44bb14
3ef227bc7dfcd797124e34c9a96db7ba1ea57e9d
c3e5581ef9b10564243d1167ae0ec9c52e1efae77878e294f332903ed8c7f1d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3E5581EF9B10564243D1167AE0EC9C52E1EFAE77878E294F332903ED8C7F1D7"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=472
Expires: Fri, 25 Nov 2022 02:36:47 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1031dcd5959571008400be96c44bb14
3ef227bc7dfcd797124e34c9a96db7ba1ea57e9d
c3e5581ef9b10564243d1167ae0ec9c52e1efae77878e294f332903ed8c7f1d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3E5581EF9B10564243D1167AE0EC9C52E1EFAE77878E294F332903ED8C7F1D7"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=472
Expires: Fri, 25 Nov 2022 02:36:47 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
kvtddd.top/9b68c13628d3eda27f139dbcab11f1e5.gif
104.21.235.61200 OK 20 kB URL HTTP/2 kvtddd.top/9b68c13628d3eda27f139dbcab11f1e5.gif
IP 104.21.235.61:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash b7f61bdb0706ca9b8dc0e4e68969ccb5
83e028495d819cffaaa3b0af6f298d069d66868a
a98a0838ccbb96ade4d4c5593381de618ca9c15b3bea2885f8be6d911f73a7b6
GET /9b68c13628d3eda27f139dbcab11f1e5.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 19807
last-modified: Sun, 13 Mar 2022 11:17:20 GMT
etag: "622dd2c0-4d5f"
expires: Sun, 04 Dec 2022 23:13:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1739718
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTS0tAYIZuRloIcVOKRjcbAVNwFz0OKEQgf1u2BlsB8nROWzdDR4OdkEmurX13znhYVIizkQARH8qShUtoba%2FVHfVfusynKf1%2BanU70sWf8w%2FHNxBde0egYMhDqe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f425ade3dd81-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
u1066.com/5adf5bf76d3a417c8d4ddfc5dc894e4c.png
103.170.15.64200 OK 81 kB URL HTTP/2 u1066.com/5adf5bf76d3a417c8d4ddfc5dc894e4c.png
IP 103.170.15.64:0
ASN #7483 Skycloud Computing co., Ltd.
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 35e55bd418c0bb1ad4fdf2f2867e5102
7ec6859a8a7f22431ad759435dfac9337890d216
3e9a01ad36d379d7608aad2569be6dd631bab87dbd215bd23d1702a101ad2fbb
GET /5adf5bf76d3a417c8d4ddfc5dc894e4c.png HTTP/1.1
Host: u1066.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a19dd-13b91"
server: nginx
date: Tue, 08 Nov 2022 09:39:23 GMT
content-type: image/png
last-modified: Tue, 08 Nov 2022 08:57:01 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-54
content-length: 80785
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13638
Expires: Fri, 25 Nov 2022 06:16:13 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
8357.app/images/222.gif
116.213.38.134200 OK 532 kB IP 116.213.38.134:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 532 kB (531920 bytes)
Hash e74d49a1c2617c360791835f66cfcdfa
c6df43d2eb3d74a1d9786d8a79a379eff3ad1461
7ba844b237d93bbc66b51a5dcd87f459a40d4a07a0fdbb9518c9ebe97979c519
GET /images/222.gif HTTP/1.1
Host: 8357.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Nov 2022 14:56:31 GMT
Accept-Ranges: bytes
ETag: "c080e3c8ddf5d81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 02:28:45 GMT
Content-Length: 531920
339282bdb.com/51af2492ce0f44c3bc75c996ee311b15.gif
45.61.212.46200 OK 21 kB URL HTTP/1.1 339282bdb.com/51af2492ce0f44c3bc75c996ee311b15.gif
IP 45.61.212.46:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash 07ccc0b877ff07608500e45e78915a0a
e9972b6f1517b3c5dadcde11212bcfd3a51c2abd
5623987f3399652066ac075bbf5ff8e116e13c846219fdafd4fb8d48e2b643ed
Analyzer Verdict Alert quad9 Sinkholed
GET /51af2492ce0f44c3bc75c996ee311b15.gif HTTP/1.1
Host: 339282bdb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635e20c7-51df"
Date: Mon, 21 Nov 2022 06:56:17 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sun, 30 Oct 2022 06:59:19 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 20959
666999123.com/tu/960x80.gif
104.21.25.197526 No Reason Phrase 7.5 kB URL HTTP/2 666999123.com/tu/960x80.gif
IP 104.21.25.197:0
Hash fc60684c8de981a9a483a953895d615c
28c6c399bc80d826e332b9a76f7f2095d453a3a3
5347135fe280449108ec28a2ebf49675b2bd0f93cf406bdb48673dccb9aa5597
GET /tu/960x80.gif HTTP/1.1
Host: 666999123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 526 No Reason Phrase
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_use_ob=0; path=/; expires=Fri, 25-Nov-22 02:29:25 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 76f6f421d824b4f7-OSL
server: cloudflare
X-Firefox-Spdy: h2
kvtddd.top/b1dec1c6aa5f13c7681a48b3a87fa578.gif
104.21.235.61200 OK 14 kB URL HTTP/2 kvtddd.top/b1dec1c6aa5f13c7681a48b3a87fa578.gif
IP 104.21.235.61:0
File type GIF image data, version 89a, 120 x 120\012- data
Hash d7b1b751f7022ee8a84b6323000ad4a5
8e49bd359ae0fc13855f0dbf7ebf45c4dc5b9503
89407d3f62723c801a184698f48907109c3c79750ba52107b8c2409aaae696a8
GET /b1dec1c6aa5f13c7681a48b3a87fa578.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 14190
last-modified: Wed, 13 Apr 2022 08:15:03 GMT
etag: "62568687-376e"
expires: Sun, 04 Dec 2022 23:39:43 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1738152
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J56IenNljW5mg3coUdP5BafD3ZL4DafaGMqKv2qRaTpivcA5SRdkcHQ%2Fv6LRYJvOcBAZperhKu0ncYDqguqgTB%2B%2Byd%2BTKwjS5Y20Wg7fHR0rTtKHbRM3sLopx6KQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f425ee33dd81-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kveii.com/f67b410855efed07dc1783436baaa5f7.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kveii.com/f67b410855efed07dc1783436baaa5f7.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /f67b410855efed07dc1783436baaa5f7.gif HTTP/1.1
Host: kveii.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: text/html
content-length: 162
location: https://kvhsss.top/f67b410855efed07dc1783436baaa5f7.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
qczuqw8.com/a2a3a17eb0bd457e92c818fe9001886f.gif
45.61.212.224200 OK 30 kB URL HTTP/1.1 qczuqw8.com/a2a3a17eb0bd457e92c818fe9001886f.gif
IP 45.61.212.224:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash c75065e9b2cdd6327ec4bcd5564139dd
942a4075f3561f09179d6a332eebfdca981601b0
2ca8007b97da4aa8dfe8e89950cd97d6c804f17d4d9cb51e0f7492335412724c
GET /a2a3a17eb0bd457e92c818fe9001886f.gif HTTP/1.1
Host: qczuqw8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "62a30bad-748c"
Date: Tue, 04 Oct 2022 05:48:41 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 10 Jun 2022 09:15:25 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-24
Content-Length: 29836
kvhuuu.top/0385a02384cf8bb1f4b429d18548cbd7.gif
104.21.234.153200 OK 211 kB URL HTTP/2 kvhuuu.top/0385a02384cf8bb1f4b429d18548cbd7.gif
IP 104.21.234.153:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 211 kB (211127 bytes)
Hash 88d9d5281cc8399fc9a5a866857fea84
4abe7059410209993012e28e4716b51bf6cf7575
6e5d5a54f87917acb45b64a2708004f72dcae06a1626336a01c290c0dfba5aa2
GET /0385a02384cf8bb1f4b429d18548cbd7.gif HTTP/1.1
Host: kvhuuu.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 211127
last-modified: Wed, 20 Apr 2022 12:41:47 GMT
etag: "625fff8b-338b7"
expires: Fri, 16 Dec 2022 13:41:07 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 737268
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nupIs2ybI36nKJ%2BWSlnHxnhPrVVfv%2BmLBNa%2BK9UfQPErDZ7GHYqBKcQ%2BxkjQxsrZgeHiM36TGTnESYnR0W3InuwpGD4LDbVqgDWgdOwDRP161HzAMBGdDzAaJgf%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f425ebe0d180-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
585227ybn.com/d9adf3894e834463bb5b067218c0bffe.gif
45.61.212.46200 OK 27 kB URL HTTP/1.1 585227ybn.com/d9adf3894e834463bb5b067218c0bffe.gif
IP 45.61.212.46:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash f5fe7344d7759d56fb230d85c58137a7
6ae77d48a8432a44b64707f70364ce5765e0ed0b
ba6da46bf6b7ff393961d884b86e0370e4f300cfcc6dc9baf359fc83417abff7
Analyzer Verdict Alert quad9 Sinkholed
GET /d9adf3894e834463bb5b067218c0bffe.gif HTTP/1.1
Host: 585227ybn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6377474b-6a9a"
Date: Sun, 20 Nov 2022 15:18:05 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:50:19 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 27290
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP 142.250.74.35:0
Hash 4c567d2b4fcd38fee5373e6f16594d22
59e437754740c49a3906c3b1317a48da7f4476a0
d659c27c51abe90961059827a0bda62e89fa71e6fc1213ae9acb5707413620a0
POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4b9254767674d5dcc8ce5386e03c7f7
4f62e9a592702b713098b7e925b09e762c290f0c
e3fb64782abc32232c869a5cb3f2fa8ab1ecc1abb435ed232873f9cdf6426c73
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E3FB64782ABC32232C869A5CB3F2FA8AB1ECC1ABB435ED232873F9CDF6426C73"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=630
Expires: Fri, 25 Nov 2022 02:39:25 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
kvkccc.top/088dd32a701a1e73cabc4ae46ece3879.gif
104.21.28.152200 OK 136 kB URL HTTP/2 kvkccc.top/088dd32a701a1e73cabc4ae46ece3879.gif
IP 104.21.28.152:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 136 kB (135514 bytes)
Hash 2d35693ebf0b160fa0e4c406999f24aa
9bc89c905b96fcd21581c7b37a163406970b677d
4b6598eef587226565e8cec85a8f777b94017e4a4f35e81a8001151394e821d6
GET /088dd32a701a1e73cabc4ae46ece3879.gif HTTP/1.1
Host: kvkccc.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 135514
last-modified: Mon, 21 Nov 2022 22:57:56 GMT
etag: "637c0274-2115a"
expires: Thu, 22 Dec 2022 05:45:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 247398
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0aBxpCeey%2FQPv%2BO2ZskILIYs8FI4UGDi7o3tGEdbBxNfiMuR28Yp4MWMwZVSQAmgwFF1%2Fpno5W9VPnG6ENS%2F33TlXiKYkh8Ts1mDbkFA1qJJfhYA8%2BGl2%2Faws7D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f42669680b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
u1033.com/0a13f4e71faf48029bddc74173033bd0.gif
103.189.109.78200 OK 45 kB URL HTTP/2 u1033.com/0a13f4e71faf48029bddc74173033bd0.gif
IP 103.189.109.78:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash 99df62dc07ec1b2fcaaf09f6deae1d89
04bc89b8f4a007970d4ab947c5c3125d489f1725
118ba81c767637fd965f75e9d9643f3ca1d22cd46f6084366ff3a331a890c635
GET /0a13f4e71faf48029bddc74173033bd0.gif HTTP/1.1
Host: u1033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "6378f1cb-af4f"
server: nginx
date: Sat, 19 Nov 2022 20:14:00 GMT
content-type: image/gif
last-modified: Sat, 19 Nov 2022 15:10:03 GMT
accept-ranges: bytes
x-cache: HIT from ty8-cdn109-068
content-length: 44879
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 42ef63a7d47cb46a28d10bfb9d5d0806
f7e6dc176323b7fd381948106f046fb174dc27e3
25f70e714748be9faf3b33d730f542d467a2b0eb336397069ea9c31218bf885c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "25F70E714748BE9FAF3B33D730F542D467A2B0EB336397069EA9C31218BF885C"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12599
Expires: Fri, 25 Nov 2022 05:58:54 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
xk3.me/img/sWQr/oS3Y6CtTu.gif
45.126.180.173200 OK 18 kB URL HTTP/1.1 xk3.me/img/sWQr/oS3Y6CtTu.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 120 x 120\012- data
Hash 0a66bb88136ee034a55d95f0ac7ee008
62302fdd5df2f4569cccae03ab77cc8bd2ed7ca7
1880d229ffa457e3c75855b666146c7558d59aad826ef3d069e5672f23080ace
GET /img/sWQr/oS3Y6CtTu.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"47277-1665311624000"
Last-Modified: Sun, 09 Oct 2022 10:33:44 GMT
Expires: Sat, 10 Dec 2022 02:28:55 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
585227ybn.com/e0495f2b3e4e40fe964dd95843989902.png
45.61.212.46200 OK 72 kB URL HTTP/1.1 585227ybn.com/e0495f2b3e4e40fe964dd95843989902.png
IP 45.61.212.46:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 0648e9d6710a7b0983a7146e0b403573
e431d5175ea33bbfd6f9af1fb3c9914872d79a35
8da4dd1361cf5dc8b93b3002da41c390081d1ccf0d186c3492513af10c4690b6
Analyzer Verdict Alert quad9 Sinkholed
GET /e0495f2b3e4e40fe964dd95843989902.png HTTP/1.1
Host: 585227ybn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63774533-1181f"
Date: Sun, 20 Nov 2022 15:18:04 GMT
Content-Type: image/png
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:41:23 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 71711
253669vqx.com/6a9378f59c0b40e5adbeb33037f8c4ac.gif
103.170.15.80200 OK 30 kB URL HTTP/1.1 253669vqx.com/6a9378f59c0b40e5adbeb33037f8c4ac.gif
IP 103.170.15.80:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 180 x 180\012- data
Hash c75065e9b2cdd6327ec4bcd5564139dd
942a4075f3561f09179d6a332eebfdca981601b0
2ca8007b97da4aa8dfe8e89950cd97d6c804f17d4d9cb51e0f7492335412724c
GET /6a9378f59c0b40e5adbeb33037f8c4ac.gif HTTP/1.1
Host: 253669vqx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b92e1-748c"
Date: Fri, 18 Nov 2022 08:09:28 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:29:21 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-10
Content-Length: 29836
u1077.com/8957a21676be40739ca2dd25362b86d5.gif
103.170.15.64200 OK 383 kB URL HTTP/2 u1077.com/8957a21676be40739ca2dd25362b86d5.gif
IP 103.170.15.64:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 100\012- data
Size 383 kB (382842 bytes)
Hash 3ee8c68d9bcee9dba9e18883f7a79dd7
ca6173103323ab2685f5c50c81c2e80d50583ab9
150795ba625225a034b7d362f7f69c1523bbbafb9820610a47b9abad1c030af9
GET /8957a21676be40739ca2dd25362b86d5.gif HTTP/1.1
Host: u1077.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a321b-5d77a"
server: nginx
date: Tue, 08 Nov 2022 10:41:44 GMT
content-type: image/gif
last-modified: Tue, 08 Nov 2022 10:40:27 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-54
content-length: 382842
X-Firefox-Spdy: h2
kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
104.21.235.61200 OK 902 kB URL HTTP/2 kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.21.235.61:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 902313
last-modified: Sat, 12 Mar 2022 15:17:28 GMT
etag: "622cb988-dc4a9"
expires: Sun, 04 Dec 2022 22:58:19 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1740636
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F69MSF1gw%2B0zb%2Bmn4w%2F1h4tr4dHfmwsrDZ%2BE5tJ6qRsijjZlmwFMsy%2FbAr5dKKlcNffE0TaXWgQ8R4wUVt4s%2FrUitqcR%2BOdttgws6fWKUriwTuleZBjPQ%2FbbCe8Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f425bdf5dd81-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtddd.top/c70f7dd4a4c94432f7e7dfd8886c435b.gif
104.21.235.61200 OK 1.6 MB URL HTTP/2 kvtddd.top/c70f7dd4a4c94432f7e7dfd8886c435b.gif
IP 104.21.235.61:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 1.6 MB (1590489 bytes)
Hash 59648e1a4d52551c26255ff6bc625648
165fbacafad21065e9faa33c5e3752cd463549ad
eb53352fe423b9358ba49249e57fe3d55746d854c681f6c45baedb23eb2196e5
GET /c70f7dd4a4c94432f7e7dfd8886c435b.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 1590489
last-modified: Sun, 26 Jun 2022 12:04:30 GMT
etag: "62b84b4e-1844d9"
expires: Sun, 04 Dec 2022 22:51:47 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1741028
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ew7ejQ%2FI9t8ILfkSVLJJrvmcqRzs4O%2FCO6%2Bfd0dWtc9p1cXM%2BAD43yg%2FTRKCo6Oi7ZnOkPOOsCgF51kq%2FWFgJQsjO1JMn3BVoJ2zvm2a4avtvTnL%2FFrVozoDT4LZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4265e89dd81-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkccc.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
104.21.28.152200 OK 65 kB URL HTTP/2 kvkccc.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP 104.21.28.152:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 514c48163ce5b65fb6bf16d8578b478b
6c21c2f7fd18259458573225fbfdf80cd27b6bac
045b14c655e54a2b1c3bef56f95352d2bb6b794889c746985ec51ef03578cb52
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kvkccc.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 65414
last-modified: Mon, 21 Nov 2022 22:57:57 GMT
etag: "637c0275-ff86"
expires: Thu, 22 Dec 2022 05:10:56 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 249479
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BY1kmY%2BD%2FY%2BPLjkAZKcSv0akVDfSl2f%2F0SYUmXXMyzIF5WHzXwd%2BGK%2FJC60N2ix%2B%2BYHlQdJykvtz0g22sbwqdnm%2FSxTqnp6nLV9LHvztdEvDiagkobAYnf1zI3a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f426f9820b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5c9bcc1c3c1dcbbceb3d3d1881b866d8
6081a020c69408511bf29c0885fc4ed3b41701fb
45b0692baf1fa822ac0a535a965830d654af123a342f164ca40f465fb4a16402
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5618
Cache-Control: max-age=106888
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637f10fd-117"
Expires: Sat, 26 Nov 2022 08:10:23 GMT
Last-Modified: Thu, 24 Nov 2022 06:36:45 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fcd7d7301431ec47278c06ef39eb4617
9c945255f365a83083b82248b347aaace9562bc3
9642af1105a6a959f1b61f4982754f78514b1b737a62a8ed28d42b9c3688fa4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9642AF1105A6A959F1B61F4982754F78514B1B737A62A8ED28D42B9C3688FA4A"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7723
Expires: Fri, 25 Nov 2022 04:37:38 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
xk3.me/img/sWQr/oS3Yw5cUt.gif
45.126.180.173200 OK 68 kB URL HTTP/1.1 xk3.me/img/sWQr/oS3Yw5cUt.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 120\012- data
Hash 6de040754b16c449d832764421b8cae4
c4f72b9505d7c581dbdc40a240fc5d3d569206e0
746f4381de1e914bf9ff265db8b5f795a1bac9781a9d86b49e5a7f3dd215e464
GET /img/sWQr/oS3Yw5cUt.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"171433-1665311635000"
Last-Modified: Sun, 09 Oct 2022 10:33:55 GMT
Expires: Sat, 10 Dec 2022 02:28:54 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
yaoji666.oss-cn-hongkong.aliyuncs.com/gg/66X66.gif
47.75.19.34200 OK 36 kB URL HTTP/1.1 yaoji666.oss-cn-hongkong.aliyuncs.com/gg/66X66.gif
IP 47.75.19.34:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 66 x 66\012- data
Hash da0800a5f4df960bb85a5b03e50f9f77
4d122c3c786b367c1d94c57e79e55fb933695209
8d78241171490168d4378bfd35ee6a474423fcf0d644a92d36b9b09b180c17f2
GET /gg/66X66.gif HTTP/1.1
Host: yaoji666.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Content-Length: 36349
Connection: keep-alive
x-oss-request-id: 638028679DB5783736947042
Accept-Ranges: bytes
ETag: "DA0800A5F4DF960BB85A5B03E50F9F77"
Last-Modified: Sat, 09 Jul 2022 12:36:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18107319261392544870
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: 2ggApfTflgu4WlsD5Q+fdw==
x-oss-server-time: 1
kvkeee.top/92f0c144d76dd785f7c04f84ae149b33.gif
172.67.171.171200 OK 65 kB URL HTTP/2 kvkeee.top/92f0c144d76dd785f7c04f84ae149b33.gif
IP 172.67.171.171:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 514c48163ce5b65fb6bf16d8578b478b
6c21c2f7fd18259458573225fbfdf80cd27b6bac
045b14c655e54a2b1c3bef56f95352d2bb6b794889c746985ec51ef03578cb52
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kvkeee.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 65414
last-modified: Mon, 21 Nov 2022 22:57:02 GMT
etag: "637c023e-ff86"
expires: Wed, 21 Dec 2022 23:57:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 268281
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YB9WgmqKlDEPLpmqWIPi5pN99D7qjJ91WrKHmyJSYIaYnXxX2dWYkxr2i1etxLSocq1D4KGY6O%2FtJ8fpvzkcCPjwTcdxpWlnwJkxLUjdNNSLtXzXU7h0bhYwBWbO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4276995fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkeee.top/57d302c9956928857573010dc47c3edf.gif
172.67.171.171200 OK 136 kB URL HTTP/2 kvkeee.top/57d302c9956928857573010dc47c3edf.gif
IP 172.67.171.171:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 136 kB (135514 bytes)
Hash 2d35693ebf0b160fa0e4c406999f24aa
9bc89c905b96fcd21581c7b37a163406970b677d
4b6598eef587226565e8cec85a8f777b94017e4a4f35e81a8001151394e821d6
GET /57d302c9956928857573010dc47c3edf.gif HTTP/1.1
Host: kvkeee.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 135514
last-modified: Mon, 21 Nov 2022 22:56:59 GMT
etag: "637c023b-2115a"
expires: Thu, 22 Dec 2022 23:32:26 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 183389
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3HpldPYRwdHPJl%2BnmtazqDaoAKk3rsk1I32v74T%2FRURZwLo9t4zgifm02TGrVDJDisuBgH%2BGg5zHrRYsbyHFjFtdrx5n%2FEOc9hAGkx3%2FrxLHbcGvFPfkZErU7Mq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4276994fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.35200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.35:0
Hash f78dd336434b861c0409e1d35202bd56
9592c244156b4dedc5de0244d1acb512df4c32b9
8bac37f5fa6a493ca6cbf1e62d950d16664efe11dc70d4f5191b6955ffa1ba0d
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f33bec07989d9985bbffa7a6ce4d3bc7
85373740875b6d430bf8f97460f05a443ee92e80
9d7484820d62c01da88842db7febd6f16471ae77ba8a9f48c9987790acebb274
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D7484820D62C01DA88842DB7FEBD6F16471AE77BA8A9F48C9987790ACEBB274"
Last-Modified: Tue, 22 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6210
Expires: Fri, 25 Nov 2022 04:12:25 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5c9bcc1c3c1dcbbceb3d3d1881b866d8
6081a020c69408511bf29c0885fc4ed3b41701fb
45b0692baf1fa822ac0a535a965830d654af123a342f164ca40f465fb4a16402
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101270
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637f10fd-117"
Expires: Sat, 26 Nov 2022 06:36:45 GMT
Last-Modified: Thu, 24 Nov 2022 06:36:45 GMT
Server: nginx
Content-Length: 279
kvhqqq.top/2d9e99d0532fbc12eded53b70c20d64d.gif
104.21.235.197200 OK 52 kB URL HTTP/2 kvhqqq.top/2d9e99d0532fbc12eded53b70c20d64d.gif
IP 104.21.235.197:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 04554377e02f6f2a8c2bb65542f9516b
f425b8cccee87398d104c3ac4a840c9fb3577519
3b4a6d3df41918f2c7b1cecf42bfa82089f654bd3ea92460e5b8513a3c1428d5
GET /2d9e99d0532fbc12eded53b70c20d64d.gif HTTP/1.1
Host: kvhqqq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 51538
last-modified: Mon, 02 May 2022 18:23:43 GMT
etag: "627021af-c952"
expires: Thu, 22 Dec 2022 20:27:06 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 194509
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1QYYqvPbZ4I1YvoUevA376DYCMJILupyEdNcRp3GvSBHmdft5MSOP2OcJAQAsDcPaYgAxX2TeI98cDAUEOS1UOT6gGH5pfRjXRyS7%2Bor%2FH8wa11vbMXv56wlLfY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f42799407413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
IP 142.250.74.35:0
Hash a764b45e66b9959f988972040a787989
69c267cb1878956f4fb351239ec98f3a0c5d3668
d4c1e33c0fc1bef8b332391adbb694d1f17104b643a0658c7e93bf8a552e7121
POST /s/gts1p5/dFBzDyqgPsM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 07570daf9d11b9b8b8357b089ad60a5a
1e0c563991e0918f538182a887165bf2fd225b80
8f7ff4d51ecb7edcdefc1d6d0aa80e6774d0bd665b2d0f6bcbeaa4b40acbef60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=162854
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "6380018c-117"
Expires: Sat, 26 Nov 2022 23:43:09 GMT
Last-Modified: Thu, 24 Nov 2022 23:43:08 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash bfa3a39190b8e9be3011e58e8236fbe6
25b14c97b4d434b9fc4d5a83af8e400907b7eb0b
e99d9a6cec465214792659078387cc8ca3712155fcbe3b362e6f6f1cfab69611
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 29 Nov 2022 00:22:15 GMT
ETag: "25b14c97b4d434b9fc4d5a83af8e400907b7eb0b"
Last-Modified: Fri, 25 Nov 2022 00:22:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2418
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f427ee79b50b-OSL
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.35200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.35:0
Hash f78dd336434b861c0409e1d35202bd56
9592c244156b4dedc5de0244d1acb512df4c32b9
8bac37f5fa6a493ca6cbf1e62d950d16664efe11dc70d4f5191b6955ffa1ba0d
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kvkhhh.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif
104.21.57.36200 OK 864 kB URL HTTP/2 kvkhhh.top/8fdce7479dd03f1ee73805e8d2e9bab8.gif
IP 104.21.57.36:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 864 kB (864004 bytes)
Hash d2c820747a9b9b8c3abaab0775436ab7
99651afd10bd3874fb84d7973845482cd2c81f23
8aa3c7b05ba9bb5176a7155ead2a0ea562b07fb0dd7b27a9cf91c38e95ed43ed
GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Host: kvkhhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 864004
last-modified: Sun, 04 Sep 2022 09:11:53 GMT
etag: "63146bd9-d2f04"
expires: Sat, 10 Dec 2022 11:57:43 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1261872
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SCp6r1Jx6u99oBC9G3UrmebwsjkE0sToxBmhPe1WREC9ZTgy2ZjQ0375sDMdlcSFQJ8ZLArSp8T4UKHEtHOb0AqKtFK19wXZvJtdUEOzubLIEHn1cvT%2Bf2V270N4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4280db8b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvthhh.top/62c32c04c4566524981b72086b0c545b.gif
104.21.235.66200 OK 13 kB URL HTTP/2 kvthhh.top/62c32c04c4566524981b72086b0c545b.gif
IP 104.21.235.66:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash a690f8caf2cb5e11ff99032b9a32c805
5e97e13e5d3fe285799de6be6d4ebfb25693ea9b
a8a13df22e12832c04680d33294029a2b0baad76ac970d9031fe6d66cbeaceee
GET /62c32c04c4566524981b72086b0c545b.gif HTTP/1.1
Host: kvthhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 13205
last-modified: Wed, 14 Sep 2022 06:19:23 GMT
etag: "6321726b-3395"
expires: Sun, 25 Dec 2022 02:28:55 GMT
cache-control: max-age=16070400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BnqsLYL1T8GifM9AC33dz9ZcSy%2F5KNLotfj6ROgXps96N3BIQzbLbEc0pt9tKkossxgcZiuAhy9S4PC6IFq%2BRDmiefEWYz%2FTvf%2BI4ZrKLHkInNyo2xQFaL1uzx0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f427cf298892-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2c8b0a4f9244101a483b049a271dabc2
69139d94131b2ce6cef1d7f5e6ab84f0ce249595
eed8db9d99a4f5e0edca1106077a1df8cdb7672984b6727549528aa6f66c2715
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=149892
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637fceeb-117"
Expires: Sat, 26 Nov 2022 20:07:07 GMT
Last-Modified: Thu, 24 Nov 2022 20:07:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
IP 142.250.74.35:0
Hash a764b45e66b9959f988972040a787989
69c267cb1878956f4fb351239ec98f3a0c5d3668
d4c1e33c0fc1bef8b332391adbb694d1f17104b643a0658c7e93bf8a552e7121
POST /s/gts1p5/dFBzDyqgPsM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 42ef63a7d47cb46a28d10bfb9d5d0806
f7e6dc176323b7fd381948106f046fb174dc27e3
25f70e714748be9faf3b33d730f542d467a2b0eb336397069ea9c31218bf885c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "25F70E714748BE9FAF3B33D730F542D467A2B0EB336397069EA9C31218BF885C"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12599
Expires: Fri, 25 Nov 2022 05:58:54 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13638
Expires: Fri, 25 Nov 2022 06:16:13 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
kzeii.com/8d62ac139591ff0c5f17d4c5f1ff3cf6.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kzeii.com/8d62ac139591ff0c5f17d4c5f1ff3cf6.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /8d62ac139591ff0c5f17d4c5f1ff3cf6.gif HTTP/1.1
Host: kzeii.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: text/html
content-length: 162
location: https://kvhsss.top/8d62ac139591ff0c5f17d4c5f1ff3cf6.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvhqqq.top/99462c01e85acc1311bebac224df6cce.gif
104.21.235.197200 OK 845 kB URL HTTP/2 kvhqqq.top/99462c01e85acc1311bebac224df6cce.gif
IP 104.21.235.197:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 845 kB (845326 bytes)
Hash c3e13dfb200737af2e68b42c07f28465
4d8262aecd8d789494afca5d63b5dd50600870dc
3e962d14b678808967d50df163581b65c6052144cb6239d72da58cceb7bf04ac
GET /99462c01e85acc1311bebac224df6cce.gif HTTP/1.1
Host: kvhqqq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 845326
last-modified: Mon, 15 Aug 2022 06:10:27 GMT
etag: "62f9e353-ce60e"
expires: Wed, 21 Dec 2022 12:56:36 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 307939
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ou6RC6gSIwW%2F7hwPzXbhZBHMpBnOq70sfskN8Pi8hkF3rpj%2BR0UDe32HlgIaqRVLBMuw%2FHDC0XqGYS62pnWWncsfs3QdnrbV9ZOT27m7V1pIJrsXbHG8cQpquIao"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f427f9647413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkhhh.top/2dafd276863e05cd86626a2b7b394960.gif
104.21.57.36200 OK 19 kB URL HTTP/2 kvkhhh.top/2dafd276863e05cd86626a2b7b394960.gif
IP 104.21.57.36:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash fe02bebb3cbbf8cd029504e748ad437a
08e06dff48f5dd378b31684cd4d48375f19b1e5f
8d2f2df857ef73c5b13658bb7d6289d6dc4b840fce5b8bbcdc779f5db9741509
GET /2dafd276863e05cd86626a2b7b394960.gif HTTP/1.1
Host: kvkhhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 19403
last-modified: Sat, 28 May 2022 12:31:18 GMT
etag: "62921616-4bcb"
expires: Fri, 16 Dec 2022 07:58:55 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 757800
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePGVE2rDUaZQAwjSus9AWrb3rPj4gv9v0PiObrNli0M1rCe4l3f1Jh7DJUF0P4u0tW7oDbbWiDlUWNsuOADl9%2BhGHgDV%2B8vQ%2FWC8d46phpcv8Juqb%2BgCE%2B3efQ9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f428bdf7b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvmaa.com/cf4287991556df0490caf209d0ed91fe.gif
170.178.176.170301 Moved Permanently 162 B URL HTTP/2 kvmaa.com/cf4287991556df0490caf209d0ed91fe.gif
IP 170.178.176.170:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /cf4287991556df0490caf209d0ed91fe.gif HTTP/1.1
Host: kvmaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: text/html
content-length: 162
location: https://nvhbbb.top/cf4287991556df0490caf209d0ed91fe.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvthhh.top/47fc3dfa6dab926d04bc8c0e76b89995.gif
104.21.235.66200 OK 65 kB URL HTTP/2 kvthhh.top/47fc3dfa6dab926d04bc8c0e76b89995.gif
IP 104.21.235.66:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 514c48163ce5b65fb6bf16d8578b478b
6c21c2f7fd18259458573225fbfdf80cd27b6bac
045b14c655e54a2b1c3bef56f95352d2bb6b794889c746985ec51ef03578cb52
GET /47fc3dfa6dab926d04bc8c0e76b89995.gif HTTP/1.1
Host: kvthhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 65414
last-modified: Mon, 21 Nov 2022 23:12:50 GMT
etag: "637c05f2-ff86"
expires: Thu, 22 Dec 2022 11:11:44 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 227831
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MeH0QUAVkES3XmLKNhgsXpxXNyzESwPGxtOgJ2peRE2CUZrEcAUwT2uGxlQPCc8IkgUZTu%2BnPtte3qVm8%2ByWqXMJ1fnrLweYc9FRwnYvhQdUTF%2ByF%2BMTw8WbH7jX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f4287fa98892-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5c9bcc1c3c1dcbbceb3d3d1881b866d8
6081a020c69408511bf29c0885fc4ed3b41701fb
45b0692baf1fa822ac0a535a965830d654af123a342f164ca40f465fb4a16402
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5618
Cache-Control: max-age=106888
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637f10fd-117"
Expires: Sat, 26 Nov 2022 08:10:23 GMT
Last-Modified: Thu, 24 Nov 2022 06:36:45 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4b9254767674d5dcc8ce5386e03c7f7
4f62e9a592702b713098b7e925b09e762c290f0c
e3fb64782abc32232c869a5cb3f2fa8ab1ecc1abb435ed232873f9cdf6426c73
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E3FB64782ABC32232C869A5CB3F2FA8AB1ECC1ABB435ED232873F9CDF6426C73"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7732
Expires: Fri, 25 Nov 2022 04:37:47 GMT
Date: Fri, 25 Nov 2022 02:28:55 GMT
Connection: keep-alive
kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com/960X60.gif
47.75.19.37200 OK 254 kB URL HTTP/1.1 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com/960X60.gif
IP 47.75.19.37:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 254 kB (253519 bytes)
Hash f744e995971941b6a95fcd2636f5a545
ac9c1230e04eab9e31512d2afe440fe5f0367dc5
59b1a138fa72df587e61916179965cbd819f91aec53ce6ab606949a7e06b3063
GET /960X60.gif HTTP/1.1
Host: kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Content-Length: 253519
Connection: keep-alive
x-oss-request-id: 63802866F27FBE31302E62D7
Accept-Ranges: bytes
ETag: "F744E995971941B6A95FCD2636F5A545"
Last-Modified: Thu, 13 Oct 2022 11:11:01 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17987192695826819902
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: 90TplZcZQbapX80mNvWlRQ==
x-oss-server-time: 2
ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dFBzDyqgPsM
IP 142.250.74.35:0
Hash a764b45e66b9959f988972040a787989
69c267cb1878956f4fb351239ec98f3a0c5d3668
d4c1e33c0fc1bef8b332391adbb694d1f17104b643a0658c7e93bf8a552e7121
POST /s/gts1p5/dFBzDyqgPsM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a13e9cb16219249bd1d3aa144301c103
40a50d1b7a445c42f24842821450f325f1a87f39
9007128b2be4008dd26d5b8be098a4ee745e03b13a2ab546120c573614b8f02c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=139083
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637fa4b2-116"
Expires: Sat, 26 Nov 2022 17:06:58 GMT
Last-Modified: Thu, 24 Nov 2022 17:06:58 GMT
Server: nginx
Content-Length: 278
taiwtp1.com/img/96060.gif
220.128.218.220200 OK 47 kB URL HTTP/2 taiwtp1.com/img/96060.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 960 x 60\012- data
Hash 2b9c30b086d03d90a45a9174aef7b408
e87dbe76669e2f402826dd598bb047d793b1e20c
f1eb3044b464fb4b4b8f3e081295bc19cc4cddc9361adb34ad7fb73b93b25de6
GET /img/96060.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:26:31 GMT
content-type: image/gif
content-length: 46855
last-modified: Wed, 09 Mar 2022 07:10:56 GMT
etag: "62285300-b707"
expires: Sun, 25 Dec 2022 02:26:31 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2aee78ed2e3d7de1b2a7a2b23d097360
782463d3db74bbe0439feaf7c1fe18aa6f20aef7
72337b48ac80604e2338c6889fc2ffd9560062931e228fe1abc422e3312d9be9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130423
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637f82de-117"
Expires: Sat, 26 Nov 2022 14:42:38 GMT
Last-Modified: Thu, 24 Nov 2022 14:42:38 GMT
Server: nginx
Content-Length: 279
kvhsss.top/f67b410855efed07dc1783436baaa5f7.gif
172.67.213.234200 OK 29 kB URL HTTP/2 kvhsss.top/f67b410855efed07dc1783436baaa5f7.gif
IP 172.67.213.234:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash a763cce2c7bc3f7bfaa94981d8d9ff47
085da887b67947c8b1e486137be2300dfabf4a69
9e3924fe2017f9c46663dba4707736be8be378ed41e761587eb7513ae69ab1dc
GET /f67b410855efed07dc1783436baaa5f7.gif HTTP/1.1
Host: kvhsss.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:55 GMT
content-type: image/gif
content-length: 29082
last-modified: Mon, 11 Apr 2022 15:08:57 GMT
etag: "62544489-719a"
expires: Fri, 23 Dec 2022 11:43:50 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 139505
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GZ0eiox8yaNoVLV6%2F6JlX04wHtO1KV%2FbrlICUPz7fy0f0L3uzASWEp1uPG3JaUCVHJpk9PZ0DCT6hfpNqE3urUUNbfi%2FUsW25jQO8nHSULMJtiaJRrPlWxcN9QQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f429efadb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a13e9cb16219249bd1d3aa144301c103
40a50d1b7a445c42f24842821450f325f1a87f39
9007128b2be4008dd26d5b8be098a4ee745e03b13a2ab546120c573614b8f02c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:55 GMT
Etag: "637d01af-117"
Server: ECS (amb/6BA9)
Content-Length: 278
nvhbbb.top/cf4287991556df0490caf209d0ed91fe.gif
172.67.170.188200 OK 318 kB URL HTTP/2 nvhbbb.top/cf4287991556df0490caf209d0ed91fe.gif
IP 172.67.170.188:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 318 kB (317903 bytes)
Hash fb3f1f47e7cd3c017411f4a08cb222b7
9ef0eebfa48d7d3c66398066ad781c2e4c5c2fce
864310898b7de94e28b82e0e318d801e6537365a75078d2f94b98a25c81e98a9
GET /cf4287991556df0490caf209d0ed91fe.gif HTTP/1.1
Host: nvhbbb.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:56 GMT
content-type: image/gif
content-length: 317903
last-modified: Sat, 13 Aug 2022 11:03:31 GMT
etag: "62f78503-4d9cf"
expires: Sat, 24 Dec 2022 18:27:11 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 28905
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6wU6zmYpcHASdi4ND2srDuhy4aptoYTOhdrhr4d01oNOGaSFr8jvP%2BSkNF%2Bqg67towVUmGn5eT85HuplC0igcyg7a7uOHKphvWpugeHX7kHJXPx0nh0srDiMwl9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f42a0febb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.35200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.35:0
Hash f78dd336434b861c0409e1d35202bd56
9592c244156b4dedc5de0244d1acb512df4c32b9
8bac37f5fa6a493ca6cbf1e62d950d16664efe11dc70d4f5191b6955ffa1ba0d
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kvhsss.top/8d62ac139591ff0c5f17d4c5f1ff3cf6.gif
172.67.213.234200 OK 566 kB URL HTTP/2 kvhsss.top/8d62ac139591ff0c5f17d4c5f1ff3cf6.gif
IP 172.67.213.234:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 566 kB (565615 bytes)
Hash 6a2c609ad0c46bb1b8d9cd39eacde625
45de0f50f86b45dd6fd4a1c764d47e2640126bf3
8eb8f61188f2555f5f7f0a934ebbae9e9ab703a3dc0b23191bdc7c147eb12140
GET /8d62ac139591ff0c5f17d4c5f1ff3cf6.gif HTTP/1.1
Host: kvhsss.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 02:28:56 GMT
content-type: image/gif
content-length: 565615
last-modified: Mon, 10 Oct 2022 13:11:33 GMT
etag: "63441a05-8a16f"
expires: Wed, 21 Dec 2022 16:44:37 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 294259
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlUzSUkk3biDg4YYL4evVtMcBYCZnW1gSFaIZoaovaTWbqRRvWIuSSBkixwKYyAMgDzwjmAjRbhZ79e3iLABzvba9kvmrh59V789FWuuktB5U3lrrxL0zE1jcREz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f6f42a1fbab51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a13e9cb16219249bd1d3aa144301c103
40a50d1b7a445c42f24842821450f325f1a87f39
9007128b2be4008dd26d5b8be098a4ee745e03b13a2ab546120c573614b8f02c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:56 GMT
Etag: "637d01af-117"
Last-Modified: Fri, 25 Nov 2022 02:28:56 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
986338dsd.com/c7e76b5d47a34d0587cb6f546e29359c.gif
45.61.212.59200 OK 426 kB URL HTTP/1.1 986338dsd.com/c7e76b5d47a34d0587cb6f546e29359c.gif
IP 45.61.212.59:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 426 kB (425642 bytes)
Hash 05224c1ad7b782f551cbccdcf9f27fa5
c6ee7c8a6a149c7bd96c9e25ac1784fdbca84eb0
0b24fd89f9a5bbd8278bccf94b310be958f495b91597c0bf0c8faa7980ab5897
Analyzer Verdict Alert quad9 Sinkholed
GET /c7e76b5d47a34d0587cb6f546e29359c.gif HTTP/1.1
Host: 986338dsd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6377443c-67eaa"
Date: Sat, 19 Nov 2022 06:56:11 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:37:16 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-29
Content-Length: 425642
js.users.51.la/21038913.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21038913.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash de122beb15d75dbfceb39987a34fa1cb
c11c8ee5fa34f31a07909196a068362f0e7cc736
356aad4374691c9925d951afda2c7b30e54446f061ec9560166fb22f2ab0dd96
GET /21038913.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=b7773328bc9ca29138d; path=/
HWWAFSESTIME=1669343334039; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2aee78ed2e3d7de1b2a7a2b23d097360
782463d3db74bbe0439feaf7c1fe18aa6f20aef7
72337b48ac80604e2338c6889fc2ffd9560062931e228fe1abc422e3312d9be9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5619
Cache-Control: max-age=136041
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:28:56 GMT
Etag: "637f82de-117"
Expires: Sat, 26 Nov 2022 16:16:17 GMT
Last-Modified: Thu, 24 Nov 2022 14:42:38 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
p.qlogo.cn/qqmail_head/PiajxSqBRaEJ9B4UlyASnW3oH3MPQFqEtXG2iaiak1YbXXGG6NXuTKLQqz8Mo6C2CJ3MbwcCrQRmHw/0
43.154.254.32200 OK 331 kB URL HTTP/2 p.qlogo.cn/qqmail_head/PiajxSqBRaEJ9B4UlyASnW3oH3MPQFqEtXG2iaiak1YbXXGG6NXuTKLQqz8Mo6C2CJ3MbwcCrQRmHw/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /qqmail_head/PiajxSqBRaEJ9B4UlyASnW3oH3MPQFqEtXG2iaiak1YbXXGG6NXuTKLQqz8Mo6C2CJ3MbwcCrQRmHw/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 25 Nov 2022 02:28:54 GMT
content-type: image/gif
content-length: 331043
vary: Accept,Origin
last-modified: Sat, 12 Nov 2022 13:28:23 GMT
cache-control: max-age=2592000
x-delay: 50773 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 331043
chid: 0
fid: 0
x-nws-log-uuid: d25967a3-06ed-4abd-b991-5fe803230b2d
X-Firefox-Spdy: h2
sszhan.oss-cn-shenzhen.aliyuncs.com/sz20.gif
120.77.166.119200 OK 117 kB URL HTTP/1.1 sszhan.oss-cn-shenzhen.aliyuncs.com/sz20.gif
IP 120.77.166.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 120 x 120\012- data
Size 117 kB (116940 bytes)
Hash d81eefc98adc4601e81b037d4a4ecf84
24f1efff27075362707263092c190cb72c8f90ab
f0fd614df1a80a187d9d1ec747b6b5745905b7755113bce261ffdbf0d2a65ff0
GET /sz20.gif HTTP/1.1
Host: sszhan.oss-cn-shenzhen.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Content-Length: 116940
Connection: keep-alive
x-oss-request-id: 638028679B92023933ED68F6
Accept-Ranges: bytes
ETag: "D81EEFC98ADC4601E81B037D4A4ECF84"
Last-Modified: Sat, 15 Oct 2022 10:24:17 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8991706160939897550
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 2B7vyYrcRgHoGwN9Sk7PhA==
x-oss-server-time: 1
u1033.com/e0dfdc2ccf2e4423b73e8685cc955bde.gif
103.189.109.78200 OK 410 kB URL HTTP/2 u1033.com/e0dfdc2ccf2e4423b73e8685cc955bde.gif
IP 103.189.109.78:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 410 kB (410376 bytes)
Hash 252024a9012d1d0f83a322d14e716acf
ec9ad2ce7bcc69a66f1a71cd08f4b085e5d8e5be
2a70782d0c3bc5b56f96e9393a9c212fdd55282dd0adb21eb10c39cc5e8be52a
GET /e0dfdc2ccf2e4423b73e8685cc955bde.gif HTTP/1.1
Host: u1033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a19ca-64308"
server: nginx
date: Wed, 23 Nov 2022 14:41:20 GMT
content-type: image/gif
last-modified: Tue, 08 Nov 2022 08:56:42 GMT
accept-ranges: bytes
x-cache: HIT from ty8-cdn109-068
content-length: 410376
X-Firefox-Spdy: h2
vns86.oss-cn-hongkong.aliyuncs.com/sstu/st.gif
47.75.19.163200 OK 532 kB URL HTTP/1.1 vns86.oss-cn-hongkong.aliyuncs.com/sstu/st.gif
IP 47.75.19.163:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 532 kB (531945 bytes)
Hash 904c4f51a02c9f03f27ac2593d4c061e
faa7b399e3dc1e36e450636f0fafcaaca901f59e
107d811d56db4017059b2c99a4829faa9e20ce7fa395b3182bdb456ff93fbee6
GET /sstu/st.gif HTTP/1.1
Host: vns86.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Content-Length: 531945
Connection: keep-alive
x-oss-request-id: 6380286622C82A353193E8FA
Accept-Ranges: bytes
ETag: "904C4F51A02C9F03F27AC2593D4C061E"
Last-Modified: Sun, 20 Nov 2022 05:06:16 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9035815038154931791
x-oss-storage-class: Standard
x-oss-version-id: CAEQPxiBgIC4ltzNpBgiIDdlODc5YmI4ZDVjNjQ3ZDk5OTI1NWRlZmIwMjk2Zjc5
Content-MD5: kExPUaAsnwPyesJZPUwGHg==
x-oss-server-time: 3
u1033.com/70338b026fcd4559831427cd99362e0f.gif
103.189.109.78200 OK 528 kB URL HTTP/2 u1033.com/70338b026fcd4559831427cd99362e0f.gif
IP 103.189.109.78:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 528 kB (528107 bytes)
Hash b835921ae97148cb73e491e4288ae077
392c16f2ee23667d7956bc601ee2f5927c16160d
acbe56eb9498265786e993eebf99780215d02e1cb27ea3a755f43a6134f10a55
GET /70338b026fcd4559831427cd99362e0f.gif HTTP/1.1
Host: u1033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "636a194b-80eeb"
server: nginx
date: Wed, 23 Nov 2022 14:41:20 GMT
content-type: image/gif
last-modified: Tue, 08 Nov 2022 08:54:35 GMT
accept-ranges: bytes
x-cache: HIT from ty8-cdn109-068
content-length: 528107
X-Firefox-Spdy: h2
xk3.me/img/sWQr/os1ownH3f.gif
45.126.180.173200 OK 231 kB URL HTTP/1.1 xk3.me/img/sWQr/os1ownH3f.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 120\012- data
Size 231 kB (230618 bytes)
Hash 3c06a373f604896abee0294bebcf11ee
ead97eb2b6caf7fda24554e3b35c87e0a58ae834
a688b2381d8f69e0d237d4430741febad43d16ef1681babfb8a6aab33aa5dea7
GET /img/sWQr/os1ownH3f.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"241580-1664950919000"
Last-Modified: Wed, 05 Oct 2022 06:21:59 GMT
Expires: Sat, 10 Dec 2022 02:28:54 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
taiwtp1.com/img/500281.gif
220.128.218.220200 OK 209 kB URL HTTP/2 taiwtp1.com/img/500281.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 500 x 281\012- data
Size 209 kB (209247 bytes)
Hash 04217b850488d94f2e0643dc034ed78b
6f222b5bf6a31594dbdf2bb35e48c12a9ddeedf4
c597fda843f04c5d76cb49ed53951474b965b7a78db5e6ab0dc6608d1c9aa100
GET /img/500281.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:26:31 GMT
content-type: image/gif
content-length: 209247
last-modified: Thu, 18 Aug 2022 11:30:38 GMT
etag: "62fe22de-3315f"
expires: Sun, 25 Dec 2022 02:26:31 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X120.gif
47.75.19.34200 OK 212 kB URL HTTP/1.1 yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X120.gif
IP 47.75.19.34:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 960 x 120\012- data
Size 212 kB (212323 bytes)
Hash 1e7356e466a72b7c5d137501da414a9e
0ed2f34eabe2609bc15e05bf3e4a9d598519404e
f93680cd55fe1803408a139984dbe3e18ea2e9c6b184ab8ce353a68dc17878a7
GET /gg/960X120.gif HTTP/1.1
Host: yaoji666.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Content-Length: 212323
Connection: keep-alive
x-oss-request-id: 638028671F85633137945584
Accept-Ranges: bytes
ETag: "1E7356E466A72B7C5D137501DA414A9E"
Last-Modified: Sat, 17 Sep 2022 09:20:48 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14666006998441618956
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: HnNW5GanK3xdE3UB2kFKng==
x-oss-server-time: 1
8644aaw.com/294x130.jpg
60.244.96.178200 OK 43 kB IP 60.244.96.178:0
ASN #24154 Asia Pacific Broadband Fixed Lines Co., Ltd.
File type GIF image data, version 89a, 130 x 294\012- data
Hash 10ac555fb267a033dd7fbb1eeb645c74
056ccc6bb364e9111befff842806116dd2370bb0
081db1bdc7345a96537bd243975ea429a6603ff5686a411dc3ba37994af7f1e5
GET /294x130.jpg HTTP/1.1
Host: 8644aaw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:28:53 GMT
content-type: image/jpeg
content-length: 42744
last-modified: Thu, 07 Apr 2022 11:28:32 GMT
etag: "624ecae0-a6f8"
expires: Sun, 25 Dec 2022 02:28:53 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
yaoji666.oss-cn-hongkong.aliyuncs.com/gg/500X281.gif
47.75.19.34200 OK 301 kB URL HTTP/1.1 yaoji666.oss-cn-hongkong.aliyuncs.com/gg/500X281.gif
IP 47.75.19.34:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 500 x 281\012- data
Size 301 kB (301367 bytes)
Hash 79411f72e54fe27baf645b5c97ca51a2
27b7b2edda9c1c0c3320cb2c78ae228ff576cda7
97f652ab7cdc529e5a2d29b2b603b1374d4160635c48854fbb42b2750ec415f7
GET /gg/500X281.gif HTTP/1.1
Host: yaoji666.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Content-Length: 301367
Connection: keep-alive
x-oss-request-id: 638028674C8B37343374E1B8
Accept-Ranges: bytes
ETag: "79411F72E54FE27BAF645B5C97CA51A2"
Last-Modified: Fri, 29 Jul 2022 10:40:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2039214089364561757
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: eUEfcuVP4nuvZFtcl8pRog==
x-oss-server-time: 2
xk3.me/img/sWQr/onusRhIGa.gif
45.126.180.173200 OK 101 kB URL HTTP/1.1 xk3.me/img/sWQr/onusRhIGa.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 60\012- data
Size 101 kB (101378 bytes)
Hash 7ee65d5fd569b773795d78e69c9259a5
912aa662437a126f1968fd227b2e3776c67e54cc
b17effd8c4f1d0f6ec366b792ede1b9729d57411f723d53cd57c7d971ffbc859
GET /img/sWQr/onusRhIGa.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:55 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"102652-1667570973000"
Last-Modified: Fri, 04 Nov 2022 14:09:33 GMT
Expires: Sat, 10 Dec 2022 02:28:55 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 531e107e1e43ae278e13b10fb8dc29d9
f33afcb61e2d289df2a3284bffc26d2ce135ff6f
f801ac193b6498a8594d109e58f9846405af157dcbb24f2cfddfb6ba01fee2ec
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:28:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 29 Nov 2022 00:07:55 GMT
ETag: "f33afcb61e2d289df2a3284bffc26d2ce135ff6f"
Last-Modified: Fri, 25 Nov 2022 00:07:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 673
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f6f42fe9b6b50b-OSL
8644aaw.com/a.gif
60.244.96.178200 OK 397 kB IP 60.244.96.178:0
ASN #24154 Asia Pacific Broadband Fixed Lines Co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Size 397 kB (397051 bytes)
Hash 5869cbd58ab3c66fb06e236b6b5dc421
e9d3274a485604f1077dff7b47968036e25b3ae3
62e972b383e9d0b0e5f7288e58935588610d0453b1b9fde60228328b1e2860d0
GET /a.gif HTTP/1.1
Host: 8644aaw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:28:53 GMT
content-type: image/gif
content-length: 397051
last-modified: Wed, 05 Oct 2022 08:47:42 GMT
etag: "633d44ae-60efb"
expires: Sun, 25 Dec 2022 02:28:53 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
8644aaw.com/b.gif
60.244.96.178200 OK 309 kB IP 60.244.96.178:0
ASN #24154 Asia Pacific Broadband Fixed Lines Co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Size 309 kB (308861 bytes)
Hash b1ed250ad01a3084ef68e09fd8cebad3
d39a0324ad74147485b3186451c7572c5499cc60
3aa36ee55a652c7e1cb3e97528762cf360525ff34d61f60ac088e059d9516a74
GET /b.gif HTTP/1.1
Host: 8644aaw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:28:53 GMT
content-type: image/gif
content-length: 308861
last-modified: Wed, 05 Oct 2022 09:06:32 GMT
etag: "633d4918-4b67d"
expires: Sun, 25 Dec 2022 02:28:53 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ia.51.la/go1?id=21038913&rt=1669343335613&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25EF%25BC%258C%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE%25EF%25BC%258C%25E6%25AC%25A2%25E8%25BF%258E%25E6%2594%25B6%25E8%2597%258F%25E6%259C%25AC%25E7%25AB%2599%25E9%2595%25BF%25E6%259C%259F%25E8%25A7%2582%25E7%259C%258B%25EF%25BC%2581&ing=1&ekc=&sid=1669343335613&tt=%25E4%25BA%259A%25E6%25B4%25B2-%25E5%2585%258D%25E8%25B4%25B9%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E5%25A4%25A7%25E5%2585%25A8&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fjklliu-nioink-vgfdxg-8997.com%252F&pu=http%253A%252F%252Fwww.cyjinlun.com%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21038913&rt=1669343335613&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25EF%25BC%258C%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE%25EF%25BC%258C%25E6%25AC%25A2%25E8%25BF%258E%25E6%2594%25B6%25E8%2597%258F%25E6%259C%25AC%25E7%25AB%2599%25E9%2595%25BF%25E6%259C%259F%25E8%25A7%2582%25E7%259C%258B%25EF%25BC%2581&ing=1&ekc=&sid=1669343335613&tt=%25E4%25BA%259A%25E6%25B4%25B2-%25E5%2585%258D%25E8%25B4%25B9%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E5%25A4%25A7%25E5%2585%25A8&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fjklliu-nioink-vgfdxg-8997.com%252F&pu=http%253A%252F%252Fwww.cyjinlun.com%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21038913&rt=1669343335613&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25EF%25BC%258C%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE%25EF%25BC%258C%25E6%25AC%25A2%25E8%25BF%258E%25E6%2594%25B6%25E8%2597%258F%25E6%259C%25AC%25E7%25AB%2599%25E9%2595%25BF%25E6%259C%259F%25E8%25A7%2582%25E7%259C%258B%25EF%25BC%2581&ing=1&ekc=&sid=1669343335613&tt=%25E4%25BA%259A%25E6%25B4%25B2-%25E5%2585%258D%25E8%25B4%25B9%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E5%25A4%25A7%25E5%2585%25A8&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fjklliu-nioink-vgfdxg-8997.com%252F&pu=http%253A%252F%252Fwww.cyjinlun.com%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Fri, 25 Nov 2022 02:28:58 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=452be8b61a83c3c2145; path=/
HWWAFSESTIME=1669343334596; path=/
xk3.me/img/sWQr/o4Un2Zft1.gif
45.126.180.173200 OK 1.6 MB URL HTTP/1.1 xk3.me/img/sWQr/o4Un2Zft1.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626231 bytes)
Hash e782c1d3cfe2f6fca83def848c1b5f68
e2449dfd600cb7abfb85fcefe5a5dc79893ac3bc
3e9d3b2ec5b2b825c70d4961a121da02dae5869ad42338799d42656b626c7a26
GET /img/sWQr/o4Un2Zft1.gif HTTP/1.1
Host: xk3.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 02:28:54 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"1626999-1669218436000"
Last-Modified: Wed, 23 Nov 2022 15:47:16 GMT
Expires: Sat, 10 Dec 2022 02:28:54 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
img.8717x.com/images/635243c85fe50f0585d3ef94.gif
91.199.87.220302 Found 0 B URL HTTP/2 img.8717x.com/images/635243c85fe50f0585d3ef94.gif
IP 91.199.87.220:0
GET /images/635243c85fe50f0585d3ef94.gif HTTP/1.1
Host: img.8717x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jklliu-nioink-vgfdxg-8997.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/43675272081b4e54affe1cd54bbf116d
cache-control: max-age=3600
X-Firefox-Spdy: h2
img.x955.xyz/images/63233dce0b32f69ab372426e.gif
91.199.87.220302 Found 0 B URL HTTP/2 img.x955.xyz/images/63233dce0b32f69ab372426e.gif
IP 91.199.87.220:0
GET /images/63233dce0b32f69ab372426e.gif HTTP/1.1
Host: img.x955.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/e454ac1f03aa4643ab3fb8bca7151253
cache-control: max-age=3600
X-Firefox-Spdy: h2