w.a8cg2v.cyou/Qatarairxws/tb.php?wd=yd1675098338781
188.114.96.1200 OK 561 B URL HTTP/1.1 w.a8cg2v.cyou/Qatarairxws/tb.php?wd=yd1675098338781
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (556), with CRLF line terminators
Hash b0654b32093f5df95c440a68a11c7a30
22f7494aeeb517d2887b6bf7857c17983f6a3aaf
7eb58422e97324c555e91298a95def3ab5ea7fac1223637ee2a6c4f1720fd492
GET /Qatarairxws/tb.php?wd=yd1675098338781 HTTP/1.1
Host: w.a8cg2v.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmQumYq%2F%2B9Wn7g7uOtYShfvuQAAU80OoIvDebcy6K7xjLFTHDPjNJaV29HATRgRjIib4uTtkREBzaY%2F%2BgyAtmV%2BjgUMI7sSHnigAozSTXeLvXix9qzVnRQr4PwhbOvlW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791c46e53b4eb511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3292
Expires: Mon, 30 Jan 2023 19:24:59 GMT
Date: Mon, 30 Jan 2023 18:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18418
Expires: Mon, 30 Jan 2023 23:37:05 GMT
Date: Mon, 30 Jan 2023 18:30:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 17:43:12 GMT
content-type: application/json
age: 2815
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3960
Expires: Mon, 30 Jan 2023 19:36:07 GMT
Date: Mon, 30 Jan 2023 18:30:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9sOiE7BhlcYzwjQO2OuYzjGdrw2WiKGLSPMbxPEqwp0rNaueRPVyjM8AzZXIylBp1xTze7BGnXw=
x-amz-request-id: 5XE9SA5QMKVFN6F7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 17:50:49 GMT
age: 2358
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 18:30:07 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
w.a8cg2v.cyou/favicon.ico
188.114.96.1200 OK 455 B URL HTTP/1.1 w.a8cg2v.cyou/favicon.ico
IP 188.114.96.1:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: w.a8cg2v.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://w.a8cg2v.cyou/Qatarairxws/tb.php?wd=yd1675098338781
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:07 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 587
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9Tq9XxL1jpXcEnU2lPxyQcu2%2Fq%2F%2FvNexYRhJWg4UxflZJ9mB%2FioHkPSDaUPwNCnOnhiJpU6kTNXzxqwEAcNUp56cRdjE0pRFgF1adeTYcNjG8uDscADz8XanXiVNJf3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791c46e80804b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
w.a8cg2v.cyou/j/og2.js?_t=1675103420614
188.114.96.1200 OK 942 B URL HTTP/1.1 w.a8cg2v.cyou/j/og2.js?_t=1675103420614
IP 188.114.96.1:0
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
Analyzer Verdict Alert fortinet Phishing
GET /j/og2.js?_t=1675103420614 HTTP/1.1
Host: w.a8cg2v.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://w.a8cg2v.cyou/Qatarairxws/tb.php?wd=yd1675098338781
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Tue, 31 Jan 2023 06:30:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHsZv8ssJfPMy7NgKSC5%2FIg%2FsoDo9qbVuKJEto1oU54a0BWnpcV3WFMzWz%2BCCNgafaUU5ShWLW9AWNoQ1AG9k7E5WYAPHFo1U35Fk0C3mJTXdOrQMyE5pWDYTiz0p2Li"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791c46e8a908b511-OSL
alt-svc: h2=":443"; ma=60
w.a8cg2v.cyou/j/og2.php?_t=1675103420718
188.114.96.1200 OK 101 B URL HTTP/1.1 w.a8cg2v.cyou/j/og2.php?_t=1675103420718
IP 188.114.96.1:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c941366f3b61c6a3c498d799f2ceb74
16cadf140b11530f68986848bb7ff73eed0002a8
ab95e4132076e9abe083917ad9a39484b39cda7fe073e9ed3b56fb4b7adb57f6
POST /j/og2.php?_t=1675103420718 HTTP/1.1
Host: w.a8cg2v.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 49
Origin: http://w.a8cg2v.cyou
Connection: keep-alive
Referer: http://w.a8cg2v.cyou/Qatarairxws/tb.php?wd=yd1675098338781
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNAZhUhSueYbTMYIGeyITl5BIrCcR39uJShlszT5eqfaWwHw8g2KrTl6KSuSxASknl4qJ7Egny0Zqf8YuPm%2BQi2lA7S8frSZJ2kw6vLODE8oyQwf2CibfJTVICnzKngs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791c46e94a05b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 17:41:41 GMT
age: 2906
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645022e08f8000cfc3c420b0907dffce
fa209a808e83bae8908f444b897e2696bedfdece
59a1cb3004d0aae0f1349229b6980e491dac8d8c4d40b0996ace3b13acb595ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "59A1CB3004D0AAE0F1349229B6980E491DAC8D8C4D40B0996ACE3B13ACB595AB"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1958
Expires: Mon, 30 Jan 2023 19:02:45 GMT
Date: Mon, 30 Jan 2023 18:30:07 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645022e08f8000cfc3c420b0907dffce
fa209a808e83bae8908f444b897e2696bedfdece
59a1cb3004d0aae0f1349229b6980e491dac8d8c4d40b0996ace3b13acb595ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "59A1CB3004D0AAE0F1349229B6980E491DAC8D8C4D40B0996ACE3B13ACB595AB"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1958
Expires: Mon, 30 Jan 2023 19:02:45 GMT
Date: Mon, 30 Jan 2023 18:30:07 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
151.101.65.229200 OK 2.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
IP 151.101.65.229:0
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /npm/select2@4.1.0-rc.0/dist/css/select2.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.1.0-rc.0
x-jsd-version-type: version
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 18:30:08 GMT
age: 26523913
x-served-by: cache-fra19146-FRA, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2162
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
151.101.65.229200 OK 21 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
IP 151.101.65.229:0
File type ASCII text, with very long lines (65317)
Hash b5ae87c0e4dd241b533e67053b0b719d
6b7b568694a95d81a94dea9ef7a85d1317d448dc
5bae5997fbca925ac6e52be8163ca897e751fcc9331552e0f77a22dd35b64521
GET /npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 6.1.1
x-jsd-version-type: version
etag: W/"189ae-CRAs/GDvtDCiXul87ppqNd9t/Fk"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 18:30:08 GMT
age: 7759521
x-served-by: cache-fra-eddf8230116-FRA, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20556
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13160
Expires: Mon, 30 Jan 2023 22:09:28 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 74367587e8cf3e863e1aeaea593bb768
e84649ca5db485c8a54ce32b0bf1b11d5c6312db
0a95715157d3d45b968163601766e6e473ea5f6cecb88410bd5bd12e4bc84302
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:08 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "CB73AB4366346A1AFA97BE41849984A7DE9A3699"
Expires: Tue, 31 Jan 2023 05:00:00 GMT
Last-Modified: Mon, 30 Jan 2023 17:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2405
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791c46ec9b230b65-OSL
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
142.250.74.40200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP 142.250.74.40:0
File type ASCII text, with very long lines (19467)
Hash 98b4fc89f4364d6bc9325a20e1cc41ca
4704a9941c18c1e9961678a9594032db8eb39391
d0887463ae37b8cd560a026882be10701ce49234e56325fa2c043bc08e32bbb7
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 18:30:08 GMT
expires: Mon, 30 Jan 2023 18:30:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77225
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
142.250.74.40200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP 142.250.74.40:0
File type ASCII text, with very long lines (19467)
Hash 617a9361a4427665866c0ac52f4ddbc2
fccdb79f6c2fd082280ec89f8b70fa9f933f5a34
f57d2d090ac383b53ee5129e024d67ecff05802637fb26caf911c7173c866a7b
GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 18:30:08 GMT
expires: Mon, 30 Jan 2023 18:30:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77224
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 316ee2d146b2f63cdd0d215a3a42ad03
55a32bd94554387b8c843d195d57c812c677e500
2624c12a292bdebecbe2df173c84204748622e76f5e44739d811e9ba21b997bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2624C12A292BDEBECBE2DF173C84204748622E76F5E44739D811E9BA21B997BC"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=180
Expires: Mon, 30 Jan 2023 18:33:08 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07dcea82ca0677d77347c58bcd943425
b0882a71b171ddf5c333f71151db2dd4a80e4c39
b6005a8ac35ada7bfc816a964f9af962c0835b041e63466b0a18a42696786b57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 85ba32d40423f063f2de6d43daa58a91
69766ae7408fa215ec8d2e5c52bdd520e525bdc1
cf8b546f1431c16b1c8b9613fc060488cefa4ad1e136487451a116dc5745fa56
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "CF8B546F1431C16B1C8B9613FC060488CEFA4AD1E136487451A116DC5745FA56"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10547
Expires: Mon, 30 Jan 2023 21:25:55 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
142.250.74.129200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP 142.250.74.129:0
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Mon, 30 Jan 2023 15:04:34 GMT
expires: Fri, 27 Jan 2023 22:59:37 GMT
cache-control: public, max-age=86400, no-transform
age: 12334
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
172.64.164.21200 OK 20 kB URL HTTP/2 cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP 172.64.164.21:0
File type ASCII text, with very long lines (48058), with CRLF line terminators
Hash 345b360918fc23bd00cf6e934f8e5003
1ab8d1f9c494e308cf428500ad58fd62af2dc873
136dcc35096348d92e59bc3bb48cf7d3aa202b99ab4becf13ef4b4e31015210a
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdtEi86mIADHQx0-Tw3Js-aisdL1bu5HdnObfPOJR-JODbwuU8Dh4go8RIl-0rhgjH4sKU6FrNPd2I-NyGdX-_jHzA5D73Bc
expires: Mon, 30 Jan 2023 18:14:01 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3231
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jp8M4YJfBIxNVE8ytKy7DcwGMysZqh8lFbDtGnYHjf4Rt1jS2D84cnricRPZet%2FUVGNxu4lpLkSXTmdKlPpE1oZqfxH60FZVLWa%2FixIkP%2BzV4Qf0ELpTldw2MAk8ooJgGmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec98748865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/sahidsa.jpg
172.64.104.2200 OK 16 kB URL HTTP/2 263cdn.com/upload/sahidsa.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:32:01+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash 1c855fe2a73fcb05df007badda3614ae
a97647a2918c0ba2e387d80a3aafd06f0e7b3e31
93853caee63c1e3811f7788192e0ed09e5dfe41df684e296f65d913648f0b515
GET /upload/sahidsa.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 16125
x-guploader-uploadid: ADPycdvvbiNmBPDvtUFRl6pki9p9MIKqoxZTQjh93wsldYMQg-6Sh3R7C2E1DB0mSWZ3LFXwdaGSa3IACUiZY5lQ5c9SOQ
x-goog-generation: 1655330413834608
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 16125
x-goog-hash: crc32c=0Eo9jQ==, md5=HIVf4qc/ywXfAHut2jYUrg==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 17:58:11 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:13 GMT
etag: "1c855fe2a73fcb05df007badda3614ae"
cf-cache-status: HIT
age: 2776
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bjxk0xGQE5kc5xZuakvi18PnMXsjAjDJUa3XnzjVtzvkcdF7SnSuLLRv31o58DEwzxOeXMdsWbOpYfe8HT%2FAF8iFJ9gCLOeuepebOxo1wxfW%2FsF5TDrqMzam5Eqa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee28807413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/cc7.jpg
172.64.104.2200 OK 16 kB URL HTTP/2 263cdn.com/upload/cc7.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 09cc0e9e23ec5e018a82cf14fa768d8f
945d851609761902c4d402685614a294a84646ba
dc538cd54d80a1357aa31de2adc8b47fa96870d4186223062bbed00089474630
GET /upload/cc7.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 15608
x-guploader-uploadid: ADPycdtu6heY6BBVIjXjHIYqirc9XvPhFR55pDbiJqJ_SOAxvxIpFziGjidYvbbxCtSFva5_ZJ4yXZmZf8ZXnw8A4CjWAQ
expires: Mon, 30 Jan 2023 18:31:20 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:50 GMT
etag: "09cc0e9e23ec5e018a82cf14fa768d8f"
x-goog-generation: 1655329850449082
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 15608
x-goog-hash: crc32c=Cfjjkw==, md5=CcwOniPsXgGKgs8U+naNjw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZKJIWKtm%2B2phmk2pYkIxLwIoToL4Dvw2hHXzR3KhSrH7ONSmqysttJm%2FH0H3%2FYHckkoA4S4lIEmQSbJtNTYWUjkqib%2BrV3KnZgcmCmMSKguqVmJof0OBXN0Z9v3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee287d7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07dcea82ca0677d77347c58bcd943425
b0882a71b171ddf5c333f71151db2dd4a80e4c39
b6005a8ac35ada7bfc816a964f9af962c0835b041e63466b0a18a42696786b57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/sahisq.jpg
172.64.104.2200 OK 14 kB URL HTTP/2 263cdn.com/upload/sahisq.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:32:25+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash c38ebe8b3cd8336314c1d38111a0dc8d
88ef16f464cd48db642b027898a557ab3deacba4
4631cd8d42f202bb855cfd8ec2d4ddc3582c29141953e677879e76f46e549718
GET /upload/sahisq.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 14078
x-guploader-uploadid: ADPycdsPui9ebdCXXGDCDdcMDRgWSPgZ3mkwtPPEOIL8thFwTZqp6vgtoxq-EHeNMwuilsf_2XmgpsBQfXga35uQ1O8DTg
x-goog-generation: 1655330413898852
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14078
x-goog-hash: crc32c=Gi+OKQ==, md5=w46+izzYM2MUwdOBEaDcjQ==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:25:28 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:13 GMT
etag: "c38ebe8b3cd8336314c1d38111a0dc8d"
cf-cache-status: HIT
age: 1088
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81csZoKMO1GcSleD8nxU63lcl0i73nY09bNcuQX%2FsV6LVBpWgMggquOKuqY8Ocmo%2BbCdu%2BrAirnOeZnlUbyUtLeFiGAKXw1C7yfX3haR1Jz5ZwA1ev73917gjZBG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee28787413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 85ba32d40423f063f2de6d43daa58a91
69766ae7408fa215ec8d2e5c52bdd520e525bdc1
cf8b546f1431c16b1c8b9613fc060488cefa4ad1e136487451a116dc5745fa56
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "CF8B546F1431C16B1C8B9613FC060488CEFA4AD1E136487451A116DC5745FA56"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10547
Expires: Mon, 30 Jan 2023 21:25:55 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
142.250.74.129200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP 142.250.74.129:0
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Mon, 30 Jan 2023 15:04:34 GMT
expires: Mon, 23 Jan 2023 07:16:14 GMT
cache-control: public, max-age=86400, no-transform
age: 12334
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
263cdn.com/upload/sahiww.jpg
172.64.104.2200 OK 13 kB URL HTTP/2 263cdn.com/upload/sahiww.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:33:11+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash 534a40917ade708a5d7f03f7b9dfe884
777045b194608f174bead2cd8cb82cd71ebdfee9
4405ed6047519506c9bf86aba369f099254939d83468cb7b3a94f533d51e2a99
GET /upload/sahiww.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 13267
x-guploader-uploadid: ADPycdtF7QzX7V2-FUbJxua25f9Xij39fieqhxN-nHc4Z8xwqaFULXOa0olKJQv5cG8Ty3_X0HOGrKwTMEU_MGHBs27euS7Yob09
x-goog-generation: 1655330414202800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13267
x-goog-hash: crc32c=NHSdiw==, md5=U0pAkXrecIpdfwP3ud/ohA==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:25:04 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:14 GMT
etag: "534a40917ade708a5d7f03f7b9dfe884"
cf-cache-status: HIT
age: 2532
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqYfHRjw4CNsDkaxNWvRpOI2p22CCDJxLBwHVJburchDOo3Y8pNDB8CZsHELYooyvF9ahZprAv%2BT6LIhW9eqKJjvSDXdBN8%2FB1MHPqgX%2BL2ApjnuXUNucER9vT%2F8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee287e7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/sahiss.jpg
172.64.104.2200 OK 12 kB URL HTTP/2 263cdn.com/upload/sahiss.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:32:17+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash 784879bb053d3b127e586b48514caa3b
d7c9a407ca3bcd276a3f96ec4ef6cd173e8ac31d
a68ec42ecf85ba034cab4ac361c3c6ac938793ca9348f4c2b797f992a5319da7
GET /upload/sahiss.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 12399
x-guploader-uploadid: ADPycdsVJq2ojdGda3Fc407WJpA2SzxWqWpQQ0EOAlWc1DokQYI6M0szFHiAMqC8aYgrDw9ScCdVrsFsU5FuxnPhGosSV1Um98VP
x-goog-generation: 1655330413911496
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 12399
x-goog-hash: crc32c=meo1rQ==, md5=eEh5uwU9OxJ+WGtIUUyqOw==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 17:58:53 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:13 GMT
etag: "784879bb053d3b127e586b48514caa3b"
cf-cache-status: HIT
age: 2674
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoNDHGBJ8Ec5%2BQLqujLxlmDDWAA%2Brxj5uDdWnyZbgndAuXPJ1bi3hF82PixssMNax23vdSWZE6b2R3t6UBeWi8UCBw7DS7IWy7mYyby4FuMkHs2Rp28vBbK3I7dp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee287b7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/ssahi.jpg
172.64.104.2200 OK 14 kB URL HTTP/2 263cdn.com/upload/ssahi.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:33:24+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash 05dcf4d7a56a4e97952d399bdc41a613
690ecaa17f2ca85283b21f3fd52c8ed86396cf21
bb7411f266efb13b38de107f88abb864f73a2261a5ee9f9309ea4b33f4ae0096
GET /upload/ssahi.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 14354
x-guploader-uploadid: ADPycdvwS5Dd3sn11sqCNwU_IX9YzDfyVMCgTekRBEbEOd1Um8oYILA5maMDRQYK6890kan09Rz84udEpzW8vgxFsAIo
expires: Mon, 30 Jan 2023 18:29:20 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:01:02 GMT
etag: "05dcf4d7a56a4e97952d399bdc41a613"
x-goog-generation: 1655330462217985
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14354
x-goog-hash: crc32c=nMUbJg==, md5=Bdz016VqTpeVLTmb3EGmEw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2532
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qNBrhPIpUFmlU5JAU5oPKoPkwmoaiODbpFW1ShZctOdXFWUT5z2euSFHSrcsqaawL3aFghcsLl3kdkohLr6k6NMBPqjfzPTYRUE%2FJH4yFlepF0z2F%2B8aYERwcd9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee287f7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/saud.jpg
172.64.104.2200 OK 11 kB URL HTTP/2 263cdn.com/upload/saud.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:40:08+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash a7218dcb5ada5379c1251838363f9cad
4970a7c9d766ef0c58a29ed9b73653f1abbcc9b9
de5f8fc4741fbe3de9864cc3f3d420bedcb6071de0355957a90fc8076ebe357a
GET /upload/saud.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 11103
x-guploader-uploadid: ADPycdtKsyk7BkLinye2TiSY0Qn7p8N8lM-p986HaLRXAdVqO1LXC-IBxkqihAurL6LJ17OPtjDQj1UkcwhWyKHqHZQesGw9sHnK
x-goog-generation: 1655330423744722
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11103
x-goog-hash: crc32c=9aj0Tw==, md5=pyGNy1raU3nBJRg4Nj+crQ==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:16:40 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:23 GMT
etag: "a7218dcb5ada5379c1251838363f9cad"
cf-cache-status: HIT
age: 2984
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EODDvgatidRe8aBJm3yDjjrW0dn5Q8qc5Zp1v%2FGPBJUZVgwKir1ZsuIMkYdJcXLGUfF%2FDaQMwBtksMz%2Fo6ODPyhcCPymdsAdQ0Kppqhoh7AOIKHeWcDQ%2FgnLQduT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee388b7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.218.164.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.164.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kaFSP4LFJwn0PNkp8l8amw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uRw78+UqY8tMcyDQKtPJbIBhguc=
263cdn.com/upload/sahi.jpg
172.64.104.2200 OK 14 kB URL HTTP/2 263cdn.com/upload/sahi.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:31:31+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash e823b9c5774342e24637d23d93815263
79997618efc82afceaf5f557ee2f2633bfb0664e
8bc6e572a1b2f6796189bd9dee859ac1e3f1352880c130f2b5c4ad1d2ae26f44
GET /upload/sahi.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 13537
x-guploader-uploadid: ADPycdsfhACWPrUxigH6BlmKx8sFdu0J7ilQJ8EbljY0OSKpkQBvUdKT14brapWrDtJRPKNIoNkX-yWyPwC_wtToeP4hz8KGrm2C
x-goog-generation: 1655330413698492
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13537
x-goog-hash: crc32c=iN6wjg==, md5=6CO5xXdDQuJGN9I9k4FSYw==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:46:23 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:13 GMT
etag: "e823b9c5774342e24637d23d93815263"
cf-cache-status: HIT
age: 610
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1NoHG8mbfmv9CAukmNsw8Sz%2Fr627IAFUNcjhTeIbf616rqTRucbO4ljl1pYiL5ryZ8gUyWUNdCvN6lhjwaUhJSDLqtlOcyVzH4j%2Bcr5DYPBCUr2XwZD3NDsc5C0M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee68ce7413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a07e841896595cd26ebb34a82a55afd
c6e48c6805a2ac1c8e6f1c38072d7cacbb659136
54bd57b285e583ce2d4c306bc80252cf46d7e5c88422f1fcd56b12ac2ad21229
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "54BD57B285E583CE2D4C306BC80252CF46D7E5C88422F1FCD56B12AC2AD21229"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15431
Expires: Mon, 30 Jan 2023 22:47:19 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
263cdn.com/upload/sahiwee.jpg
14 kB URL 263cdn.com/upload/sahiwee.jpg
IP :0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:32:41+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash 233ccb40e5ded78ca7086b6d9e5aa781
216705df0428b8ae9b7afdae05f315a2ce915bc6
bf930fa7b823069fd2a1c8d6022ef76ff1fbb3e5d0ca2d7fdd0d088214b50176
GET /upload/sahiwee.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
263cdn.com/upload/sahids.jpg
172.64.104.2200 OK 13 kB URL HTTP/2 263cdn.com/upload/sahids.jpg
IP 172.64.104.2:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop 21.2 (Windows), datetime=2022-02-19T17:31:45+08:00], progressive, precision 8, 150x150, components 3\012- data
Hash ba1f526e50a9999d92d9c39dd23677d6
5963114628648c18c410d632f16cfee723773697
27d9a239ac0563ed6bf9800a4bcb4c7d2c81dad151cd697caff3803cc2be51d0
GET /upload/sahids.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/jpeg
content-length: 13215
x-guploader-uploadid: ADPycdta91Hu5LGY7f4EXu7kNekwVLBJkNu63z67tM5fiz2b4VZLxa1O4ggkSb2RvCZClBoE-yI9QgwBfDVRML2fj8lM391S5VwT
expires: Mon, 30 Jan 2023 17:46:58 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 22:00:13 GMT
etag: "ba1f526e50a9999d92d9c39dd23677d6"
x-goog-generation: 1655330413708214
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13215
x-goog-hash: crc32c=+Nj3Qg==, md5=uh9SblCpmZ2S2cOd0jZ31g==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3000
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fUhhC%2FW0Cr52vxlhbqnIpfo4RcL5gARUEDacLFPHKyyv7zMvyKqqbSy%2FFGwW5OOcY0wrKrmbo%2FEys0VQ0LRzmeTcO%2FzdJGI08MW2ZHNhDWx8tarC%2FPEADuifGL6p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ee99057413-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a07e841896595cd26ebb34a82a55afd
c6e48c6805a2ac1c8e6f1c38072d7cacbb659136
54bd57b285e583ce2d4c306bc80252cf46d7e5c88422f1fcd56b12ac2ad21229
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "54BD57B285E583CE2D4C306BC80252CF46D7E5C88422F1FCD56B12AC2AD21229"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15463
Expires: Mon, 30 Jan 2023 22:47:51 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
cdnkey.net/upload/Qatarair.box2.png
188.114.97.1200 OK 3.8 kB URL HTTP/2 cdnkey.net/upload/Qatarair.box2.png
IP 188.114.97.1:0
File type PNG image data, 400 x 285, 8-bit/color RGBA, non-interlaced\012- data
Hash 00e618fa289fddcd33693bd79915a4a7
ef8313257cfb66d5862472771ce028a2bf6fbfe5
e2d34bb3748a91525b1d9d604d81976bdfd09142e82513cf27c0c2e02bf21b54
GET /upload/Qatarair.box2.png HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/png
content-length: 3835
x-guploader-uploadid: ADPycdtkf2oDmTyceDtV8wwKf_RNU0yVZRKhU1ck3sUs2BcSgjFN6MppRQUzaJeE6IqQ61Y03ciDxhRmsdNW18dYDB0apw
x-goog-generation: 1662579930696177
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3835
x-goog-hash: crc32c=oa584g==, md5=AOYY+iif3c0zaTvXmRWkpw==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:30:29 GMT
cache-control: public, max-age=14400
last-modified: Wed, 07 Sep 2022 19:45:30 GMT
etag: "00e618fa289fddcd33693bd79915a4a7"
cf-cache-status: HIT
age: 649
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ceBygi%2BCSEKRWpUO528ZAq6wBi6FFK5Nc4n2JRFaWAP%2FGESdFapyqu%2B43IF6QrpqhpVCrMe4Omu%2BwVXWxQuSIAtVdy2qN5cfSlzrj3wf3PJ2bLIFPMzwWzXJq07b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46eedac1b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/Qatarair.middle1.png
188.114.97.1200 OK 43 kB URL HTTP/2 cdnkey.net/upload/Qatarair.middle1.png
IP 188.114.97.1:0
File type PNG image data, 500 x 165, 8-bit/color RGBA, non-interlaced\012- data
Hash 81468648f8e918a5bc596d44c401d58a
c447fddaff35129d1e913f2dab8cc271d926f53a
c79a86e3b1c6728900df99e227f6eeda11203b01e0267ac7f592dd4c6b4ef02e
GET /upload/Qatarair.middle1.png HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/png
content-length: 42714
x-guploader-uploadid: ADPycduc_b-byBWwNEwRxkbNf2Wgv-9hUYArA8xKGmr8jCvsB8hRPhoX22u_mSn9hhw1ada4GkGcwNyqLwa9ILPzvU7gAA
x-goog-generation: 1662581074749215
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 42714
x-goog-hash: crc32c=Lh3PzA==, md5=gUaGSPjpGKW8WW1ExAHVig==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 18:02:21 GMT
cache-control: public, max-age=14400
last-modified: Wed, 07 Sep 2022 20:04:34 GMT
etag: "81468648f8e918a5bc596d44c401d58a"
cf-cache-status: HIT
age: 2523
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6qnGoNHzSaeDasfLzUGebQyGdFmbQQq16uZrmh1sZYoA2wVmmV4ENFFg6EFXD9H8ze0yvClHTAYWZqCl%2Fohp%2Fv5nS%2Fc6KCGlXOanjbY9FAxiiXxeWYEhX1nSeFe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46eecabab50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jzupsq.cyou/TX3BUeLc/Qatarairxws/?_t=1675103420786
172.64.130.19200 OK 52 kB URL HTTP/2 jzupsq.cyou/TX3BUeLc/Qatarairxws/?_t=1675103420786
IP 172.64.130.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (454), with CRLF line terminators
Hash 2f802dc2af85bb332e0e077163591d6c
5a79033f9bab4fb8923519f15030ac73f657f08b
2f6f010a95f32bfbba0964ff59768428fac45e032c6c69b0f9e9648564bb5cde
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /TX3BUeLc/Qatarairxws/?_t=1675103420786 HTTP/1.1
Host: jzupsq.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://w.a8cg2v.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pType=mo; expires=Mon, 30-Jan-2023 18:42:07 GMT; Max-Age=720; path=/; domain=jzupsq.cyou
Qatarairxws-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.jzupsq.cyou
Qatarairxws-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.jzupsq.cyou
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QghwyRLEiUdx4uDo95YYtCC9nxnawnTWO7jtvncUqAy3LxNkvzQjAGsE%2Bz2jqR2iT6h5pKaWfW8%2FEC%2BwV%2BsMuT3Ebm4U05boQh0xaaFkTlbuRCNszna6xBZSyfjlUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791c46eb180b8924-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07dcea82ca0677d77347c58bcd943425
b0882a71b171ddf5c333f71151db2dd4a80e4c39
b6005a8ac35ada7bfc816a964f9af962c0835b041e63466b0a18a42696786b57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 18:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnkey.net/upload/Qatarair.box3.png
188.114.97.1200 OK 49 kB URL HTTP/2 cdnkey.net/upload/Qatarair.box3.png
IP 188.114.97.1:0
File type PNG image data, 400 x 285, 8-bit/color RGBA, non-interlaced\012- data
Hash e076fa99c6559cf87ef96c48159a8b0d
a5ce54c02f50125638bd3072175e9512e92ed986
a8c6e501d9b5cff46fd84e9a1f3fed337d8b6e513f8e197814451002497fe982
GET /upload/Qatarair.box3.png HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/png
content-length: 49281
x-guploader-uploadid: ADPycdtDlaZlwdf5Y8FVTm2Glqavu_FHOEV4nw4tAL0cUR6a_N6BhtmMMXxvywx2ci5AaU3veFjQ8N3HuC7j2gmFzFFBqxxl5kJK
expires: Mon, 30 Jan 2023 18:24:08 GMT
cache-control: public, max-age=14400
last-modified: Wed, 07 Sep 2022 19:45:30 GMT
etag: "e076fa99c6559cf87ef96c48159a8b0d"
x-goog-generation: 1662579930896370
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 49281
x-goog-hash: crc32c=f5LIQg==, md5=4Hb6mcZVnPh++WxIFZqLDQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 649
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BNCoy%2BKDzwMZN078XxLMVWIfpfyCRMvdqCT2fmke9gCnxK2TFBrilsYILYMU4AUZagijGfiF%2F0Xd6TYlEawc05B5%2B4ZRkXnKyjb4upzMoodSDPBIQkSs7P1pbrZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46eeeb0ab50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 85ba32d40423f063f2de6d43daa58a91
69766ae7408fa215ec8d2e5c52bdd520e525bdc1
cf8b546f1431c16b1c8b9613fc060488cefa4ad1e136487451a116dc5745fa56
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "CF8B546F1431C16B1C8B9613FC060488CEFA4AD1E136487451A116DC5745FA56"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10547
Expires: Mon, 30 Jan 2023 21:25:55 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
cdnkey.net/upload/Qatarair.box1.png
188.114.97.1200 OK 45 kB URL HTTP/2 cdnkey.net/upload/Qatarair.box1.png
IP 188.114.97.1:0
File type PNG image data, 400 x 285, 8-bit/color RGBA, non-interlaced\012- data
Hash d3a9f93d1ada6c8ab8bb5cb2e5b1882a
0345a73ae775fa3e7c5cda56f4774b7cb09d85e1
79df98ea3a3f6ff8859be13a48af35fa8add9f1625b933b2cd93048f91e1c0d0
GET /upload/Qatarair.box1.png HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: image/png
content-length: 44677
x-guploader-uploadid: ADPycdtL7fsUDT3OqNp9C8auSwoEE2P85UsyP_TsthMn4LICBvQkEgWL4GfEjU3rS-zW-bhvZH6_aPsevcEFNG4Rj-Tiww
expires: Mon, 30 Jan 2023 17:46:04 GMT
cache-control: public, max-age=14400
last-modified: Wed, 07 Sep 2022 19:45:29 GMT
etag: "d3a9f93d1ada6c8ab8bb5cb2e5b1882a"
x-goog-generation: 1662579929701424
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 44677
x-goog-hash: crc32c=Y8AASg==, md5=06n5PRrabIq4u1yy5bGIKg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2523
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRhVrm%2FcDmkNMtDD1DTR4dHxBFXVX3U%2FjljUQNMqtjt8Zn4Q10bB0ckvtjBsW6g%2FpRdqESJo2UOeWTq0rED280EKhqGdfaXGr0VAn9OKCw9dfonYSQMAkVV2Seyh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ef0b30b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a07e841896595cd26ebb34a82a55afd
c6e48c6805a2ac1c8e6f1c38072d7cacbb659136
54bd57b285e583ce2d4c306bc80252cf46d7e5c88422f1fcd56b12ac2ad21229
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "54BD57B285E583CE2D4C306BC80252CF46D7E5C88422F1FCD56B12AC2AD21229"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6949
Expires: Mon, 30 Jan 2023 20:25:57 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a07e841896595cd26ebb34a82a55afd
c6e48c6805a2ac1c8e6f1c38072d7cacbb659136
54bd57b285e583ce2d4c306bc80252cf46d7e5c88422f1fcd56b12ac2ad21229
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "54BD57B285E583CE2D4C306BC80252CF46D7E5C88422F1FCD56B12AC2AD21229"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6949
Expires: Mon, 30 Jan 2023 20:25:57 GMT
Date: Mon, 30 Jan 2023 18:30:08 GMT
Connection: keep-alive
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
172.64.164.21200 OK 8.0 kB URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 172.64.164.21:0
File type ASCII text, with very long lines (21060), with CRLF line terminators
Hash aef286dca8ac3680d3b1c5a9f35eed8c
40518be4fc222397b064a46bfc0567c328eb42eb
919c360f1a38156826bfc131c4324f9121e519f4a77006ebbcea3109b3f56484
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdvlE_DLoVV9BUo5AxOAhNxOSaLc0DTEnR_RrnAhqI2xSKui-ObXzfrmbzVJmlvWpzcQ9A8YUPlODUqcZtb8ik2WclFgR_Ik
expires: Mon, 30 Jan 2023 19:06:28 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 589
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZ6NyTXBPqFZ6jRAsYvaaLfIdBiU4f6uNg1uSij1eZ9Ri%2F0w1DGAmzOHpJPQJlG%2B7wuNYFMmJJRSUqmJuQeeUTqEeQZsystPmP%2Bv17mg%2FtCeFw73c89CflQA%2BSsEFCR%2Ft6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec88348865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/Qatarair.left.png
188.114.97.1404 Not Found 105 B URL HTTP/2 cdnkey.net/upload/Qatarair.left.png
IP 188.114.97.1:0
File type XML 1.0 document text\012- XML document, ASCII text, with no line terminators
Hash 628524e8275b38443c3ea2ba5763c5dd
c971c83d35f7e20b1f2a47e3fb2252a6c54a4b4f
3d20dd9283de65a01a04de57efed9790cdbde418798da56cf18a3ef40548012a
GET /upload/Qatarair.left.png HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: application/xml; charset=UTF-8
x-guploader-uploadid: ADPycdunJSXbD9iGxt6AjrYen6cFTSg3FijvnK6AFZNo4EjZjwTDFkRZ3nCnlZXuTSiW0gTtq17upGpDL69fce0KBpqNO-ediw7m
expires: Mon, 30 Jan 2023 18:30:08 GMT
cache-control: private, max-age=0
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fanvD6OBQxkUnnwNKNCEK9ackg2er6Gn7tcpkn2rSSwDK4OxtisNq8L7qWoEODZEoXqQUSHNSN5HogpMva12tNlQhDiatUKja4QT3CpwSm2x2YMRbFZHkb7LZIZQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ef3bcbb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oe1p0&_p=1292842075&cid=1784390804.1675103422&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675103421&sct=1&seg=0&dl=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786&dr=http%3A%2F%2Fw.a8cg2v.cyou%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oe1p0&_p=1292842075&cid=1784390804.1675103422&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675103421&sct=1&seg=0&dl=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786&dr=http%3A%2F%2Fw.a8cg2v.cyou%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LW7434MYMN>m=2oe1p0&_p=1292842075&cid=1784390804.1675103422&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675103421&sct=1&seg=0&dl=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786&dr=http%3A%2F%2Fw.a8cg2v.cyou%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jzupsq.cyou
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://jzupsq.cyou
date: Mon, 30 Jan 2023 18:30:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 6cf70eef6e0de2e6085c64ea302f729c
8bf3d6b4411009f29aa053eae7509ae6db480add
d788c6acbdcd0859897a15a2557b25c9aa06628709ebeb524996841009ca1701
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 03 Feb 2023 14:45:33 GMT
ETag: "8bf3d6b4411009f29aa053eae7509ae6db480add"
Last-Modified: Mon, 30 Jan 2023 14:45:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2869
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791c46f41c370b65-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 6cf70eef6e0de2e6085c64ea302f729c
8bf3d6b4411009f29aa053eae7509ae6db480add
d788c6acbdcd0859897a15a2557b25c9aa06628709ebeb524996841009ca1701
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 03 Feb 2023 14:45:33 GMT
ETag: "8bf3d6b4411009f29aa053eae7509ae6db480add"
Last-Modified: Mon, 30 Jan 2023 14:45:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2869
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791c46f419e3b4f1-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 6cf70eef6e0de2e6085c64ea302f729c
8bf3d6b4411009f29aa053eae7509ae6db480add
d788c6acbdcd0859897a15a2557b25c9aa06628709ebeb524996841009ca1701
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 18:30:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 03 Feb 2023 14:45:33 GMT
ETag: "8bf3d6b4411009f29aa053eae7509ae6db480add"
Last-Modified: Mon, 30 Jan 2023 14:45:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2869
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791c46f41a35b505-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 18:30:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 18:30:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 18:30:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 18:30:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 74327
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:19:57 GMT
age: 72612
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 05:47:49 GMT
age: 45740
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 8bec493a-9c81-4cfd-b6e9-66f4f3d55cb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOOJQEZSoAMFb1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2a3b-5f0c9f3e4cac1ba26c802050;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 00:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PHd9IMeVMHy0TgXRqXyBCg6CZkOtT1WAOyq8zu8ERfIzoaB-7pLc2A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 15:48:30 GMT
age: 9699
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 73272
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:27 GMT
age: 73842
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 6308a794a9416dbd5921ddbdf979a35f
2d062687a7daf3bdb8ad97f86921c955ba87362f
4186db15deb45eaae446fc4770e4f0e0588812a124563363eb8ea6e0e6ce9707
GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11267
Content-Type: application/javascript
Date: Mon, 30 Jan 2023 18:30:09 GMT
Etag: 2f85c0a2062208e3e72b16384e318e9d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7318523F19F17653; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 459da22d6c8249707f9bb4a47ff76e08
af92cb29702d810bb15965ffe2e632c4eaea7461
8417987924c76fe636a87e1e2c404d5c8ed0278be26586be892909b1dbd6cc91
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Mon, 30 Jan 2023 18:30:09 GMT
Etag: c55fefe34043ebb06c8d7a7656873d6c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=FE654F852DFD8B17; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?03f7fc2df8687cfa6c5f423f560ddb29
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?03f7fc2df8687cfa6c5f423f560ddb29
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (628)
Hash dba09aeb116719866b95e32715ea8d96
e4511c90639c9e9feb3ee7f0e2a9d39c238c5f5e
b59025383e1beb05711361d310f469002d9f6ce8f46dc4fcd70c90af5af6cc69
GET /hm.js?03f7fc2df8687cfa6c5f423f560ddb29 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11266
Content-Type: application/javascript
Date: Mon, 30 Jan 2023 18:30:09 GMT
Etag: 67bd7a3e49d563aa777b43e4fbbea257
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=524E4A3958C835B0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?901dba69439e0089a64c1c1c49eaed2f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?901dba69439e0089a64c1c1c49eaed2f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (666)
Hash cabf6ade15264a51d465f2652447fc13
d19332ea8c50e21537b901c4208eaeb87b26ebf3
0887c345e4ffb4fb284eb62f9d3c6a9097fa256c7f81fdb87da1115a44a0e54e
GET /hm.js?901dba69439e0089a64c1c1c49eaed2f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11304
Content-Type: application/javascript
Date: Mon, 30 Jan 2023 18:30:09 GMT
Etag: 48d37fe980aa7e89bcc0b1c67f4b22c0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=17E636581C5B5E30; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1305451740&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28823&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1305451740&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28823&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1305451740&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28823&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 30 Jan 2023 18:30:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4E8EDE8E50060A7C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=478483642&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=478483642&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=478483642&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 30 Jan 2023 18:30:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=75898B1165714B0E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1904221246&si=03f7fc2df8687cfa6c5f423f560ddb29&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1904221246&si=03f7fc2df8687cfa6c5f423f560ddb29&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1904221246&si=03f7fc2df8687cfa6c5f423f560ddb29&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 30 Jan 2023 18:30:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=13164638FA452CC9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1813001812&si=901dba69439e0089a64c1c1c49eaed2f&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1813001812&si=901dba69439e0089a64c1c1c49eaed2f&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1813001812&si=901dba69439e0089a64c1c1c49eaed2f&su=http%3A%2F%2Fw.a8cg2v.cyou%2F&v=1.3.0&lv=1&sn=28824&r=0&ww=1280&u=https%3A%2F%2Fjzupsq.cyou%2FTX3BUeLc%2FQatarairxws%2F%3F_t%3D1675103420786%231675103422137 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 30 Jan 2023 18:30:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2131D6F3869414DC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29fc9e858be917b78295930815e28308
05ef7c3be99218a5c246dbb41724e95e2cef3e1b
5078959d6b4ca5bff16dad8537b7b9b7ea000c286708b11e3a617f7542ddad00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5078959D6B4CA5BFF16DAD8537B7B9B7EA000C286708B11E3A617F7542DDAD00"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4333
Expires: Mon, 30 Jan 2023 19:42:24 GMT
Date: Mon, 30 Jan 2023 18:30:11 GMT
Connection: keep-alive
bonepa.com/4fe48aebd6/4f59451604/?placementName=Adver&is_first=true&randomA=0_4723&maxw=0
185.66.201.42200 OK 9.9 kB URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Adver&is_first=true&randomA=0_4723&maxw=0
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14072)
Hash 78c71ee4f4a92eaf9427d0ad17d9b7f6
95940be9cc4be48612081ec307cbb8f01a44ae5e
135faa5f9357f074eb7dfbaad9f2aa1917c9a8a2215002c517f8540515e4af6c
GET /4fe48aebd6/4f59451604/?placementName=Adver&is_first=true&randomA=0_4723&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 18:30:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Tue, 31-Jan-2023 18:30:10 GMT; Max-Age=86400; secure; SameSite=None
used_ad2823101=1; expires=Tue, 31-Jan-2023 04:59:59 GMT; Max-Age=37789; path=/; secure; SameSite=None
total_impressions=1; expires=Tue, 31-Jan-2023 04:59:59 GMT; Max-Age=37789; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
jzupsq.cyou/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.64.130.19200 OK 0 B URL HTTP/2 jzupsq.cyou/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.64.130.19:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: jzupsq.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/TX3BUeLc/Qatarairxws/?_t=1675103420786
Cookie: pType=mo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2FcLI1ueLBRthP%2F%2F%2BK8mGL196mEJMnPsSmRAFc%2FuJEvcnVfHx48qqCsAXXK6dWPwTRIRW7pc4CfH1bTfRfgPbWcMpi3O6aBRMAEN7FJQ%2B9L%2FM8JwbRgNU08VY2bsjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ebf9b88924-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 01 Feb 2023 18:30:08 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
172.64.164.21200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP 172.64.164.21:0
GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycduIPxBxn9HV1RvlxQW5n8gWMNt2gH6LJACR5zSppFALBLzrzJxa_8ctHWVRnxFIChP9qRRTmrjDnfJ9VGLfuaiuefHrtsZR
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Mon, 30 Jan 2023 19:01:57 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
age: 232
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWW%2FzJD6g9vuNyjkieVThMpE5fuV8kaSX2yMuG35OgEfkbut6OSyTjeuSuf%2FugejXt9OCxlhOUfDff6JCerFi870hX1IShv3n5Ssla4f%2FGMDGr3Eh7SGkdyR7SUjpClIVV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec782e8865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bonepa.com/js/responsive.js
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/js/responsive.js
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
Analyzer Verdict Alert fortinet Phishing
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: application/javascript
expires: Mon, 30 Jan 2023 18:30:08 GMT
last-modified: Mon, 30 Jan 2023 18:30:08 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
172.64.164.21200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 172.64.164.21:0
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/css
x-guploader-uploadid: ADPycdu5uAaRno4bHNFLFgygxni3jHAOMBdIMq69dQqYugLweM0yAoXPFzYzE9PblykdtUtsSDtg_NQM52w3GQIMgh0-cxhtrVO3
expires: Mon, 30 Jan 2023 18:54:49 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 975
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKxefkMKy0fPkIxrvY8w%2BS1Vhr09t%2BDUSA63lR%2FesvpSQhmj41CvLtqtcpKzJfWmRW9sofAx0V%2B0Lv866yy6vOo4cmq8vmi3sEfGiAmD1%2BbtX0O20JfzCQH4EMsRZx7PZEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec78308865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
172.64.164.21200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP 172.64.164.21:0
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdsf3tzwudZfkPS2DQ_oOQj0OKcbfGJswraNIZcM1hyXfZh87zci_6ainLgL0N_3wk_VzjbaWR9jSWBbFY1nGttIvPpZHBsd
expires: Mon, 30 Jan 2023 19:04:27 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1388
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wf4vj%2FhC7zQmtIuHaYngp2KnaQ0xF95A1Nsu%2BOsnpTf2dmacUAyFlL4BGr7S%2BqBR12a75re04MwXinySqOwDYfoc%2BEAV%2BO4ZvKzAbTxVtHj2EiSLpFDI%2Bjcwi3MihNVdE%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec883e8865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167510340865724&xtt=6346753
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167510340865724&xtt=6346753
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167510340865724&xtt=6346753 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 30 Jan 2023 18:30:08 GMT
last-modified: Mon, 30 Jan 2023 18:30:08 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
172.64.164.21200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP 172.64.164.21:0
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jzupsq.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:30:08 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdu1uLyqvDmhguSZuTbI1iQCXdFSsjn9qfpazj_rw9BTzdDYAlrjdbWX5xLwqRvP4JuzcRyzK0e7bN4Tq1Un0CU
expires: Mon, 30 Jan 2023 17:54:46 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3037
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uU2OPG0rSTmZZlp6RCIMQ3w97db7b9NCU%2F%2B8xJBYw5cvlLOYeiNLxeqEYo73%2Bbx%2BKGKAenYz%2BU%2Bjh9VsZtekjp1SuKZzM0j15nVS0NmK8qgzQxwutMdGxifw94yGDunFPvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c46ec98678865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2