Overview

URL shivomentp.com/images/work/china/login.php
IP104.164.51.194
ASNEGIHOSTING
Location United States
Report completed2022-10-04 02:01:33 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-04 2 shivomentp.com/images/work/china/login.php Phishing
2022-10-04 2 www.shivomentp.com/images/work/china/login.php Phishing
2022-10-04 2 www.shivomentp.com/tj.js Phishing
2022-10-04 2 www.shivomentp.com/common.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (17)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-03 08:07:24 UTC 143.204.55.49
mnemonic passive DNS shivomentp.com (1) 0 2019-08-04 07:38:47 UTC 2022-09-11 03:42:53 UTC 104.164.51.194 Unknown ranking
mnemonic passive DNS www.shivomentp.com (4) 0 2019-08-04 07:38:49 UTC 2022-09-04 00:31:36 UTC 104.164.51.194 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-03 09:28:24 UTC 54.148.190.4
mnemonic passive DNS dvcasha2.ocsp-certum.com (1) 71753 2014-11-27 08:04:42 UTC 2022-10-03 13:58:10 UTC 23.36.79.17
mnemonic passive DNS cdn.dcloud.net.cn (1) 116868 2018-09-15 09:18:08 UTC 2022-10-03 15:11:48 UTC 47.110.249.1
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-03 17:23:50 UTC 143.204.55.36
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-03 20:32:42 UTC 93.184.220.29
mnemonic passive DNS api35.235nnys.com (5) 0 2022-07-23 16:43:53 UTC 2022-09-28 02:39:28 UTC 116.212.126.4 Unknown ranking
mnemonic passive DNS ia.51.la (1) 59607 2017-10-31 08:01:51 UTC 2022-10-03 09:28:50 UTC 103.143.19.103
mnemonic passive DNS aipiapia35.com (1) 0 2022-08-08 17:46:27 UTC 2022-10-03 14:11:22 UTC 119.47.84.89 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-10-03 07:33:36 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-03 09:28:24 UTC 34.117.237.239
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-10-03 09:28:50 UTC 151.101.86.133
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-10-03 14:02:45 UTC 34.120.237.76
mnemonic passive DNS hm.baidu.com (2) 8254 2012-05-26 08:38:45 UTC 2022-10-03 09:30:40 UTC 103.235.46.191
mnemonic passive DNS hmcdn.baidu.com (1) 87026 2018-01-31 13:54:02 UTC 2022-10-02 23:40:51 UTC 113.105.172.48


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.164.51.194

Date UQ / IDS / BL URL IP
2022-11-09 03:50:01 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-10-08 04:07:13 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-10-04 02:01:33 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-09-04 00:31:46 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-09-03 01:55:07 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194

Last 5 reports on ASN: EGIHOSTING

Date UQ / IDS / BL URL IP
2022-12-09 15:03:00 +0000
0 - 0 - 2 wuhanyuepai.com/ 107.187.97.27
2022-12-09 11:01:56 +0000
0 - 0 - 10 dugumhane.com/ 104.164.212.200
2022-12-09 11:01:23 +0000
0 - 0 - 12 hsegod.com/ 107.187.102.195
2022-12-09 08:51:54 +0000
0 - 0 - 18 insightsforchurch.com/ 107.164.165.24
2022-12-09 04:35:53 +0000
0 - 0 - 17 hsd-net.com/ 172.252.33.44

Last 5 reports on domain: shivomentp.com

Date UQ / IDS / BL URL IP
2022-11-09 03:50:01 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-10-08 04:07:13 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-10-04 02:01:33 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-09-04 00:31:46 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194
2022-09-03 01:55:07 +0000
0 - 0 - 4 shivomentp.com/images/work/china/login.php 104.164.51.194

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-04 07:40:16 +0000
0 - 0 - 3 www.ourlove3344.com/wp-content/themes/village (...) 107.164.244.245


JavaScript

Executed Scripts (10)


Executed Evals (1)

#1 JavaScript::Eval (size: 481, repeated: 1) - SHA256: 1c5b8afd5afd4609ae206a6ebd19c4c95486c20e21435ca7e3cd919c09fbe02a

                                        document.write('<title>aq��p�	Pl�</title><div id="showcloneshengxiaon" style="height: 100%; width: 100%; background-color: rgb(255, 255, 255); background-position: initial initial; background-repeat: initial initial;"><iframe scrolling="yes" marginheight=0 marginwidth=0  frameborder="0" width="100%" height="100%" src="https://api35.235nnys.com?time=1664848420"></iframe></div><style type="text/css">html{width:100%;height:100%;}body {width:100%;height:100%;}</style>');
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 462, repeated: 1) - SHA256: d6a76e0f59edcb79f4ba7c98e080861d28114bfc04634d92f5a59acf08bf9c10

                                        < title > aq�� p� Pl� < /title><div id="showcloneshengxiaon" style="height: 100%; width: 100%; background-color: rgb(255, 255, 255); background-position: initial initial; background-repeat: initial initial;"><iframe scrolling="yes" marginheight=0 marginwidth=0  frameborder="0" width="100%" height="100%" src="https:/ / api35.235 nnys.com ? time = 1664848420 "></iframe></div><style type="
text / css ">html{width:100%;height:100%;}body {width:100%;height:100%;}</style>
                                    

#2 JavaScript::Write (size: 148, repeated: 1) - SHA256: 9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8

                                        < meta name = "viewport"
content = "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, viewport-fit=cover" / >
                                    


HTTP Transactions (36)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB128AEC099DBF1919EE5D965221E904AD3A2162583683CEC44518640B505447"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4988
Expires: Tue, 04 Oct 2022 03:24:31 GMT
Date: Tue, 04 Oct 2022 02:01:23 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 01:33:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QGV2g36lC5zW0bVR3NZx0hZanEhJZXcI9clG7AjWHlfdDazKtWl98A==
Age: 1664


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VBdaBEHqPW0YeGDDVyx4xP9pDHIxvos0IM6xkqtx0pDi3_IB2QaADw==
age: 73976
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /images/work/china/login.php HTTP/1.1 
Host: shivomentp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.164.51.194
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:17 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.shivomentp.com/images/work/china/login.php


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 02:01:23 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 01:29:34 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 02:09:33 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xogH-NJ_kQltCYLOCKJ4jvcKN5MzmZWWvKMv1S9w93NluejsVEDIUg==
Age: 1910


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /images/work/china/login.php HTTP/1.1 
Host: www.shivomentp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.164.51.194
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:17 GMT
Content-Length: 787
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Size:   787
Md5:    44fc9a3297e3651c4276678a5155779c
Sha1:   c076f0f08277eef5ec89aa0f1f214361556435dc
Sha256: 83fadb8d2108a036a6a53f3120dca11788a300656c33afa8d37cb8ddcc674ff2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tj.js HTTP/1.1 
Host: www.shivomentp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.shivomentp.com/images/work/china/login.php

                                         
                                         104.164.51.194
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4898), with CRLF line terminators
Size:   2452
Md5:    96e73ff760d95961f22eebdd39a59b5d
Sha1:   d03678b288cd44fea33c19952db72fbcdb4485d4
Sha256: eb3d24944b46bdf60d3d1889aaebfd92fdec4e038de5933967324d91258a86b4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 525
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 02:01:23 GMT
Last-Modified: Tue, 04 Oct 2022 01:52:38 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /common.js HTTP/1.1 
Host: www.shivomentp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.shivomentp.com/images/work/china/login.php

                                         
                                         104.164.51.194
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (443), with CRLF line terminators
Size:   1422
Md5:    97f47d3a5f2c454241ecb6d74c2987be
Sha1:   2ae05edc26042faecd4fc21fe97393fe251750d6
Sha256: 3e7c8ddcd6f7880f4f7d017d163c8f2e2754e076948d50ee2c804e38fd52a9eb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QFnM5Cp+Ap/2hBEDAokIXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.148.190.4
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9JBCeaGaCDMFv/PkwRKrRH5gqm8=

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.shivomentp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.shivomentp.com/images/work/china/login.php
Cookie: __tins__20937019=%7B%22sid%22%3A%201664848883457%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201664850683457%7D; __51cke__=; __51laig__=1

                                         
                                         104.164.51.194
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:18 GMT
Content-Length: 4286
Last-Modified: Tue, 23 Mar 2021 10:57:44 GMT
Connection: keep-alive
ETag: "6059c9a8-10be"
Expires: Sun, 09 Oct 2022 02:01:18 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size:   4286
Md5:    59aac3a98dfc1de46ed082d4f4fc33cd
Sha1:   ef5407106fd01c2c1abc1d927461726c08b8011a
Sha256: 97b4040fb988d04fe048805baed52bf68b9810d96616adb168eaed80fadc9dd1
                                        
                                            GET /go1?id=20937019&rt=1664848883457&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1664848883457&tt=%25E8%25B1%25A1%25E5%25B1%25B1%25E7%25AA%2581%25E4%25B8%258B%25E8%25A3%2585%25E9%25A5%25B0%25E5%25B7%25A5%25E7%25A8%258B%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.shivomentp.com%252Fimages%252Fwork%252Fchina%252Flogin.php&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.shivomentp.com/

                                         
                                         103.143.19.103
HTTP/1.1 200
                                        
Server: CloudWAF
Date: Tue, 04 Oct 2022 02:01:24 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=b2e5937c940060e4efc; path=/ HWWAFSESTIME=1664848883140; path=/

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A482F150F6A2BA73333DA6459433EA8014161988350886CEDA50DC1AED761779"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 08:01:24 GMT
Date: Tue, 04 Oct 2022 02:01:24 GMT
Connection: keep-alive

                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         151.101.86.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 1432
Server: nginx
Expires: Fri, 07 Oct 2022 23:26:55 GMT
ETag: "0e60f5aafcc58a83295143efa6b8938d26de5a07"
Last-Modified: Mon, 03 Oct 2022 23:26:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 04 Oct 2022 02:01:24 GMT
Age: 2795
X-Served-By: cache-qpg1257-QPG, cache-bma1640-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 8
X-Timer: S1664848885.763533,VS0,VE0


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    d52948268e76c45469b53d0ff430a8f0
Sha1:   0e60f5aafcc58a83295143efa6b8938d26de5a07
Sha256: 4989aaa9e259801a9bb1a0e026f9c467ba52a8cac8aada218e97491d7a6bf2aa
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3749
Expires: Tue, 04 Oct 2022 03:03:54 GMT
Date: Tue, 04 Oct 2022 02:01:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3749
Expires: Tue, 04 Oct 2022 03:03:54 GMT
Date: Tue, 04 Oct 2022 02:01:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3749
Expires: Tue, 04 Oct 2022 03:03:54 GMT
Date: Tue, 04 Oct 2022 02:01:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3749
Expires: Tue, 04 Oct 2022 03:03:54 GMT
Date: Tue, 04 Oct 2022 02:01:25 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bec66cf-b911-4eb8-95d6-27e5f2afb6c7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8308
x-amzn-requestid: 3348b2e8-915a-492b-8241-89c13a21232c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqFlFyyoAMFz_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b56f0-2baf7ac2213c31fc384e8317;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y1H21zphqs9mIGVYHojfc-nvW35BS3nq4hunM_JmyT9mC100bXlgWw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 14739
etag: "4ac6c5691df804078d5da54233cf4d8e7012f9ca"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8308
Md5:    de29d0d95d22e4e246a90feed644baf0
Sha1:   4ac6c5691df804078d5da54233cf4d8e7012f9ca
Sha256: 8e34ad07e098df14f7001d1ee538479de11afa4c255006cb6e8e2207c0e50a47
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 14731
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9917
Md5:    d8c08f8066cc732de8befd6ccd629a95
Sha1:   22aab05208a01ae5def4d63dc145085630f57bcb
Sha256: f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 76714
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /common.php?val=niuniandaji&t=0.7588964974836104?v=03691488292522985 HTTP/1.1 
Host: aipiapia35.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.shivomentp.com
Connection: keep-alive
Referer: http://www.shivomentp.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         119.47.84.89
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 01:53:40 GMT
access-control-allow-origin: *
access-control-allow-methods: POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-Requested-with, Origin
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- data
Size:   4239
Md5:    b01800002acd6b14f316c4c305d99fb3
Sha1:   bd77c5191ec3b1978ebee9dd1ca1984241d0ad14
Sha256: 4c986a6757ba75b9b63a2e67e80258618130ff152aacb695db8cd3738ab1832a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8738
x-amzn-requestid: ede4db78-f2ab-4226-a855-dc7373978dfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTFrBoAMFR3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-2776543e774f0016329ddade;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c9bu34_KooZB6Z4d8xXGnsd9jZ7lPl3yIo9II1Dm_2YVId3l9-7n-w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 14739
etag: "d830b94bea3b5698e5192a7ea05f90b25b2f9cc9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8738
Md5:    d5745f8e3528f481ae2acf05b4abd3d0
Sha1:   d830b94bea3b5698e5192a7ea05f90b25b2f9cc9
Sha256: 313e11915f0869a608c830637b9dfd236ff28a8fb3354c3cc8748816b0ee18b0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bf68975-a099-4d4b-9abd-6e684653439d.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10878
x-amzn-requestid: a849d918-ec40-47d4-93cb-e938b010bd50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpJKGAPIAMFSiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556d-242a8d2208b6574c34063c1f;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 40cLnZvUr45pWmnT6qZgZu13Y1pyeycMEK-m9ALI1LVo2Wpysjt7Vw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:45:04 GMT
age: 15381
etag: "d893d8035379e06e53e365b9f47f5da40bff932b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10878
Md5:    f62719b24a32198c6f462a0a0412ac98
Sha1:   d893d8035379e06e53e365b9f47f5da40bff932b
Sha256: ca863affca1559e92e415a4de2e78e4b4c1ec4cf8e8549693499c6f79bd27975
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "178F3342A4B6F05B53264C320BA4DFB7E9B8C37E6102EF6A24D62BA802B86243"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 08:01:25 GMT
Date: Tue, 04 Oct 2022 02:01:25 GMT
Connection: keep-alive

                                        
                                            GET /?time=1664848420 HTTP/1.1 
Host: api35.235nnys.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.shivomentp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         116.212.126.4
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Tue, 04 Oct 2022 01:56:13 GMT
content-length: 786
last-modified: Thu, 25 Aug 2022 06:51:46 GMT
etag: "63071c02-312"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (500)
Size:   786
Md5:    1326f1cad417814e6efa07ea96ad4190
Sha1:   22f5b9df58c9eac3f2c3314e82625dabb55611a5
Sha256: d164c8920828c159c61440d7362b4447952c90aea19c2e4707231e11187c4e2a
                                        
                                            GET /hm.js?8dd815ed8a74dfcd3b2b500a05515950 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11343
Date: Tue, 04 Oct 2022 02:01:28 GMT
Etag: ab0dcda33f7d3a7ae6e400379d578203
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=6BA391CAF41BFC5B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (630)
Size:   11343
Md5:    4e6c6efc7f3a505d4abf057ce6357a34
Sha1:   c543cf672d3075a7bbe8244cf1dd26a28f8bf9ca
Sha256: 90c82cee8123e6fcb17899bdb2edda39a7c99fddb588157096bbb6054f0a4ad3
                                        
                                            GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2024584311&si=8dd815ed8a74dfcd3b2b500a05515950&su=http%3A%2F%2Fwww.shivomentp.com%2F&v=1.2.97&lv=1&sn=63284&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fapi35.235nnys.com%2F%3Ftime%3D1664848420%23%2F&tt=%E7%89%9B%E7%89%9B%E5%BD%B1%E8%A7%86 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Tue, 04 Oct 2022 02:01:29 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=264CFB061F9CFFCE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST / HTTP/1.1 
Host: dvcasha2.ocsp-certum.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.79.17
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Tue, 04 Oct 2022 02:01:30 GMT
Connection: keep-alive
X-N: S


--- Additional Info ---
Magic:  data
Size:   1599
Md5:    b106c21abcda448e8f4a330bbf0f663a
Sha1:   d680bf2997eb9e6f252f552377f88b33ca9d39c3
Sha256: 7c440845a003886702ef9f7e1b3bdc5f241092738393f48afab9262acb110e72
                                        
                                            GET /img/shadow-grey.png HTTP/1.1 
Host: cdn.dcloud.net.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         47.110.249.1
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Tue, 04 Oct 2022 02:01:30 GMT
Content-Length: 136
Last-Modified: Thu, 06 Jun 2019 06:42:07 GMT
Connection: close
ETag: "5cf8b5bf-88"
Expires: Tue, 04 Oct 2022 04:01:30 GMT
Cache-Control: max-age=7200
Set-Cookie: __uni__uid=CgEB82M7k/pGvUF99xo1Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 1 x 6, 4-bit colormap, non-interlaced\012- data
Size:   136
Md5:    5a962adf74d92ae702467b3f47976547
Sha1:   36f74049375584e3fa69b5ef87e9572336ff9e7a
Sha256: ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
                                        
                                            GET /static/js/chunk-vendors.12b1e228.js HTTP/1.1 
Host: api35.235nnys.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/?time=1664848420
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         116.212.126.4
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 04 Oct 2022 01:56:14 GMT
last-modified: Thu, 25 Aug 2022 06:51:46 GMT
vary: Accept-Encoding
etag: W/"63071c02-7b545"
expires: Tue, 04 Oct 2022 13:56:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/index.beb959a6.js HTTP/1.1 
Host: api35.235nnys.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/?time=1664848420
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         116.212.126.4
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 04 Oct 2022 01:56:14 GMT
last-modified: Thu, 25 Aug 2022 06:51:46 GMT
vary: Accept-Encoding
etag: W/"63071c02-18d84"
expires: Tue, 04 Oct 2022 13:56:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/pages-detail-art~pages-detail-vod~pages-index-index~pages-play-play~pages-search-search~pages-type-a~3bdb0e93.58a882e6.js HTTP/1.1 
Host: api35.235nnys.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/?time=1664848420
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         116.212.126.4
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 04 Oct 2022 01:56:15 GMT
last-modified: Thu, 25 Aug 2022 06:51:46 GMT
vary: Accept-Encoding
etag: W/"63071c02-a12e"
expires: Tue, 04 Oct 2022 13:56:15 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/tongji/plugins/UrlChangeTracker.js HTTP/1.1 
Host: hmcdn.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         113.105.172.48
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: JSP3/2.0.14
date: Tue, 04 Oct 2022 02:01:31 GMT
last-modified: Tue, 20 Oct 2020 09:42:15 GMT
etag: "5f8eb0f7-4b3c"
content-encoding: br
age: 476027
accept-ranges: bytes
tracecode: 28646116690586387210083121
vary: Accept-Encoding
timing-allow-origin: *
ohc-cache-hit: dg3ct59 [2], fzctcache59 [2]
ohc-response-time: 1 0 0 0 0 0
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/index.2772579d.css HTTP/1.1 
Host: api35.235nnys.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api35.235nnys.com/?time=1664848420
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         116.212.126.4
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 04 Oct 2022 01:56:14 GMT
last-modified: Thu, 25 Aug 2022 06:51:46 GMT
vary: Accept-Encoding
etag: W/"63071c02-17031"
expires: Tue, 04 Oct 2022 13:56:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---