Report - labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=

Report Overview

Submitted URL
labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
IP
170.130.73.3
ASN
#62904 AS62904
Submitted
2022-11-28 00:22:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.9 kB	142.250.74.35
www.gddyxn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	161 kB	120.79.183.204
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
ocsp.trust-provider.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	692 B	3.0 kB	47.246.44.205
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.8 kB	756 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	52 kB	142.250.74.10
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.21.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
labucarimini.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	215 kB	170.130.73.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.41.91.37
www.myyilufa888.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	2.2 kB	50.3.187.107
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	429 B	114 B	112.34.113.148
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.labucarimini.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.4 kB	99 kB	170.130.73.3
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	286 B	750 B	182.61.201.93
www.mylf888.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	3.9 MB	50.3.187.42
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	13 kB	103.235.46.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	labucarimini.net/jquery.20.min.js	Malware
2022-11-28	medium	labucarimini.net/js/jquery.min.js	Malware
2022-11-28	medium	labucarimini.net/js/Common.js	Malware
2022-11-28	medium	labucarimini.net/js/Template.js	Malware
2022-11-28	medium	labucarimini.net/js/Inpage.js	Malware
2022-11-28	medium	labucarimini.net/js/wow.js	Malware
2022-11-28	medium	labucarimini.net/jquery.la.min.js	Malware
2022-11-28	medium	labucarimini.net/js/library.min.js	Malware
2022-11-28	medium	www.labucarimini.net/jquery.20.min.js	Malware
2022-11-28	medium	www.labucarimini.net/jquery.la.min.js	Malware
2022-11-28	medium	labucarimini.net/iconfont/iconfont.woff	Malware
2022-11-28	medium	labucarimini.net/iconfont/iconfont.ttf	Malware
2022-11-28	medium	labucarimini.net/	Malware
2022-11-28	medium	www.labucarimini.net/	Malware
2022-11-28	medium	www.labucarimini.net/js/particles.js	Malware
2022-11-28	medium	www.labucarimini.net/js/jquery.min.js	Malware
2022-11-28	medium	www.labucarimini.net/js/wow.js	Malware
2022-11-28	medium	www.labucarimini.net/js/Common.js	Malware
2022-11-28	medium	www.labucarimini.net/js/particles2.js	Malware
2022-11-28	medium	www.labucarimini.net/js/library.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	labucarimini.net/js/jquery.min.js	84 kB	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/jquery.min.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash b7789edd6302c887cfff2318b3fe007e 0614485a6bd88e74a75673adb47d8cc5af8b1433 b4a285f74f53590e50d2bd3ee652af8adb1f3f17fda83bdcbcbbf4cbeec8011a Loading...

	labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=	68 B	2023-03-11	2023-03-11
Pretty URL labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash e3cf66f1dfd93f009ee3013522bbc2f1 548b5b98624efbd729dcd302b1f775325a8f746b 0c39f32f2e99d06c9d57d7e42ed208f9cb04012a4c2f10e4726321e1588e709c Loading...

	www.mylf888.com/dan/indexyl.html	240 B	2023-03-07	2023-04-02
Pretty URL www.mylf888.com/dan/indexyl.html IP 50.3.187.42 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:22:42 Last Seen2023-04-02 21:34:23 Times Seen11 Hash 5ad9566e8ed8a45824b7b6b1d5ef259a f62830d9284a6d9f3b7286ceaec42c5308ddab25 fab108217f8addb0a734beadffb5959473d79247041566ff3e069f32f97407e2 Loading...

	labucarimini.net/js/library.min.js	141 kB	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/library.min.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash 7e2b903a0e28db746e4916b94f5ac9b6 d6cc33a410c969f966d2ac82eb7306a7b6e95826 52253b5f07930f27f96decb862388a9e8dfa25ed0155482eceed93f65fd2b602 Loading...

	www.myyilufa888.com/ff/pp.js	6.7 kB	2023-03-08	2023-03-14
Pretty URL www.myyilufa888.com/ff/pp.js IP 50.3.187.107 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:52 Last Seen2023-03-14 15:08:36 Times Seen1 Hash 755956a0e6d946872e0791a05dcc18e3 c088aae533bffd447cceca9406e5f199a47fdc41 b92eb9f4d6e6c1386ec74f42b20f82de819fedb109ecb014f0ac262b40e14e92 Loading...

	labucarimini.net/js/Inpage.js	879 B	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/Inpage.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash 310974de3d4a31d3d02cab409e9b47b1 df9790d2b6c3d8f3d588bef20e3153746ddf627e b482c4624b155ab8d3862e5e3bc054829c44b60fe9ac9245962fbeb21669ceba Loading...

	labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=	425 B	2023-03-11	2023-03-12
Pretty URL labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:33:06 Last Seen2023-03-12 18:31:34 Times Seen1 Hash 85d8d8c82515545ce1957be7f9e0b252 1f8680d7a5022bb21335bb70829dc48f9f70e1be b206a67d262872e1af54f6fd09d1aab84c9f685f7cb473ee4ee573197adf00f0 Loading...

	labucarimini.net/jquery.la.min.js	252 B	2023-03-07	2023-03-11
Pretty URL labucarimini.net/jquery.la.min.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:06:38 Last Seen2023-03-11 22:44:47 Times Seen1 Hash ff276604916c787c6284e03c519f61aa b9febf0f50b160107521612f4d232debddbd4de6 6da2cc4f106bd991bf12d41658c24281f80e1263e4554d1ab05982183a53204d Loading...

	www.mylf888.com/dan/js/zhongguomeng.js	990 B	2023-03-11	2023-03-11
Pretty URL www.mylf888.com/dan/js/zhongguomeng.js IP 50.3.187.42 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:37:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash d5b31971437609ec3a08d25605525bb1 2b9f2aaf5a5d61abb692d026bbf42884493a448b f7bb6448475d0a3c54ac43644d74941f700fdac565cb1f35b3596890245fd8e9 Loading...

	labucarimini.net/js/Template.js	9.0 kB	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/Template.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash c09853cdb4b18781bd9d288ba12219d3 00f21726a048e1d2f37508942f41ad20643d491a c5068e7b5317211cbf41c76362c88b1f2ec15b0f1735018ea5926ddfac5a29fe Loading...

	labucarimini.net/js/wow.js	9.5 kB	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/wow.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash 2a9a83ce3e81d213afcd81f8d4ee6273 a03508ca9d693b1eee3f622b7803dfb545c6ed14 a5c5f216c0b685ab9589c8d1a7b1a4f6b220511524fbe59e5c510907615e36f6 Loading...

	labucarimini.net/js/Common.js	1.7 kB	2023-03-11	2023-03-11
Pretty URL labucarimini.net/js/Common.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash f6eaa30b734204e85dd15e6811f8c096 c79bbea18d5e81fdd33e8fe0bc37ee18780bfdad 933189e0f2f6af2d02e641c77585d0faa64d186829049ebf980b8be87d2e9b6c Loading...

	hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525	30 kB	2023-03-11	2023-03-11
Pretty URL hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash 1de3463ebd7c5048ab70e857c6ead354 f5c9ddd395c0947461ea84b38d3aff1bf86a7bed c6bcd81aa2bd583cc14a91db9ca8a215767f4958f2cd2d5c0ce738447ef50a12 Loading...

	www.labucarimini.net/js/particles.js	18 kB	2023-03-11	2023-03-11
Pretty URL www.labucarimini.net/js/particles.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash f692e18fbcb76067577219eb94cf70c9 e4d104ef5a5d9457db2b3ad82e8f7cc5233ca89b 72c156428289cc0b9ea35f00d7006bac570da9ddc2fa85a8ff37678a686591d7 Loading...

	labucarimini.net/jquery.20.min.js	241 B	2023-03-07	2024-02-05
Pretty URL labucarimini.net/jquery.20.min.js IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:22:42 Last Seen2024-02-05 10:00:49 Times Seen41 Hash 8ee22e7b5f638e1c510c03b268ad07c2 0f745dda31bacb16227df9000405e90f50af518a 381d7708f7edb83ad2f1080a2e363c59d3324a86afcc0e51a18e2479532f2342 Loading...

	labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=	99 B	2023-03-11	2023-03-11
Pretty URL labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= IP 170.130.73.3 ASN #62904 AS62904 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:38:44 Last Seen2023-03-11 21:38:44 Times Seen1 Hash c996d08443c0c1b85a922280f559ea8e 3b0907a4e1fa453ef58328633fab7125b5afe145 ba4cafa95471d56c14f24e547c03b4ce52c22de743785b36ed2e33bf5f368374 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0be3b24a88d297fc6fc773a7accd46c5	121 B	2023-03-07	2024-02-05
Pretty Observations First Seen2023-03-07 12:22:42 Last Seen2024-02-05 10:00:49 Times Seen25 Hash 0be3b24a88d297fc6fc773a7accd46c5 cd76e97d5c0b45a5438f16041d210c94e16942a0 fdd91cd47d074453621f764034d8e6710df3411637b2abcac83dda84fd7f3966 Loading...

	#2 Write - c8a1c60a17a59165ae1fde336f13042b	185 B	2023-03-07	2024-05-01
Pretty Observations First Seen2023-03-07 01:19:11 Last Seen2024-05-01 19:12:10 Times Seen1074 Hash c8a1c60a17a59165ae1fde336f13042b b03c5e90dcd61e05fd5416417edfc76b49b42875 f57ad520d4c886dd0d5c383359823ae450923fd3e35085ca618b89143e0f0086 Loading...

HTTP Transactions (132)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4582
Expires: Mon, 28 Nov 2022 01:31:55 GMT
Date: Mon, 28 Nov 2022 00:15:33 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Last-Modified: Sun, 27 Nov 2022 22:55:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3400
Expires: Mon, 28 Nov 2022 01:12:14 GMT
Date: Mon, 28 Nov 2022 00:15:34 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bkXZ3Dz4hBMoUQB0CDXM1paxyz8WFaEUefptOdW7Z7Jhc+1Qp40wjEAyd/JLJC0XxOvuza3J1rBEXXdb4QQ0lQ==
x-amz-request-id: 6C3SZXEM27BYYM6D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 23:41:50 GMT
age: 2024
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 23:19:26 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3368
alt-svc: clear
X-Firefox-Spdy: h2

labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=

170.130.73.3

200 OK

4.4 kB

URL HTTP/1.1
labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
4.4 kB (4446 bytes)
Hash
129b5a3682a227e73c64f00f526b111b
1eb1925ed9cf32b41546494609feac6b21267fd8
f6c0e672ff0f3b8d62e12079770294cf1706a9ad21cf642dab43503cf2db5fbf

HTTP Headers

GET /oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 00:15:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

labucarimini.net/jquery.20.min.js

170.130.73.3

301 Moved Permanently

178 B

URL HTTP/1.1
labucarimini.net/jquery.20.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jquery.20.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/jquery.20.min.js

labucarimini.net/css/bootstrap.css

170.130.73.3

200 OK

3.5 kB

URL HTTP/1.1
labucarimini.net/css/bootstrap.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text, with very long lines (3962)
Size
3.5 kB (3458 bytes)
Hash
bf0ec8e162db340d09f3b366135fde0c
63fa206313de9cf4e4edc0a10968a286090f2e03
49eee5e19b883b882561978e3f9645c6f3dbb97f5e2431c7397c767d6bbfc0ed

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 00:08:54 GMT
cache-control: public,max-age=3600
age: 400
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

labucarimini.net/css/library.css

170.130.73.3

200 OK

5.8 kB

URL HTTP/1.1
labucarimini.net/css/library.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (19533)
Size
5.8 kB (5824 bytes)
Hash
b6a969c731c2ab92988a9034d82de20e
584a93a7b719848f652fff69c2b5ace560c25bbb
8c49124d2757a1ecc4138f0d5d35a8d3b80b62cc7760abfe837ee16701f51184

HTTP Headers

GET /css/library.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/css/common.css

170.130.73.3

200 OK

3.3 kB

URL HTTP/1.1
labucarimini.net/css/common.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
3.3 kB (3305 bytes)
Hash
35b7b92ed86848bbb3e3519eed066106
e03ffe489b62bd93ab84f732cec6cbee4b9ebb5d
1009a0f513f3faea332e284e44a869cb156663b5887127b37629cd0b8549585b

HTTP Headers

GET /css/common.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/css/animate.css

170.130.73.3

200 OK

4.9 kB

URL HTTP/1.1
labucarimini.net/css/animate.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (374)
Size
4.9 kB (4868 bytes)
Hash
31bb8f5a129d737017c57f0883451e4e
f4a82d4327c9727fd410c8a6135b6275bcd5771e
c4b35dbaf58287de79b0f1edf9bb04257c966a2be5972d0b9373a7cb4a8326dd

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/css/inpage.css

170.130.73.3

200 OK

10 kB

URL HTTP/1.1
labucarimini.net/css/inpage.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text
Size
10 kB (10295 bytes)
Hash
863be087a3b1b23dd5ff3cd2adf4da4e
6950591973e24b66227471db979a775be47ba67e
05f9a8967df7627714f9063d60ccf2d1a1304b715684c58a13c9836f31c2593d

HTTP Headers

GET /css/inpage.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

labucarimini.net/css/Template.css

170.130.73.3

200 OK

26 kB

URL HTTP/1.1
labucarimini.net/css/Template.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
26 kB (25946 bytes)
Hash
fea8a974b6cbabc481cb6de957e99f35
c0fd92e678fa604f43deed5c3b064ef9186c9f2c
f9431019150c8099a5c56728e051bcf0ec266e931bc332b5a7cc24ab94366b4e

HTTP Headers

GET /css/Template.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/js/jquery.min.js

170.130.73.3

200 OK

33 kB

URL HTTP/1.1
labucarimini.net/js/jquery.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (32110), with CRLF, LF line terminators
Size
33 kB (33040 bytes)
Hash
8fba43c4fe4b577c8fd78a00002af8a4
6d56c6b9990899e07cb14e1ef0d757fe537ff315
e893fd52b114286f0d54b1d057952bf3926819e78869c4a858adf93c7530a8a9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/js/Common.js

170.130.73.3

200 OK

727 B

URL HTTP/1.1
labucarimini.net/js/Common.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text
Size
727 B (727 bytes)
Hash
1d159cf586449822da5d8f5df339ced4
dcf604e60dca79e921faede366ae772d50d98003
46acb1ba8123e8730de60a53d267964f18ab183c23357433124a80d19edd15e7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/Common.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/js/Template.js

170.130.73.3

200 OK

2.4 kB

URL HTTP/1.1
labucarimini.net/js/Template.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text
Size
2.4 kB (2417 bytes)
Hash
92a5e871bd183ae792a091956224fe98
2e1242f6b8da648511355ece5dd5a151b1927483
a711e4a5e79f472b5c8a2870898308314b6a2002e1a6e07b5c88a9d2c11c0360

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/Template.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 23
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Last-Modified: Mon, 28 Nov 2022 00:15:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

labucarimini.net/js/Inpage.js

170.130.73.3

200 OK

287 B

URL HTTP/1.1
labucarimini.net/js/Inpage.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
287 B (287 bytes)
Hash
185871bb2383f8ec6aa4eeb943768160
f4ea8c20d4e04f37aaf64f8d39482205a6267bd6
7699b1d13712cd255ec307b8bebe19a9a9df73b1827efd2d4f340d4d3f1b13bd

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/Inpage.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/js/wow.js

170.130.73.3

200 OK

3.0 kB

URL HTTP/1.1
labucarimini.net/js/wow.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text, with very long lines (881)
Size
3.0 kB (3027 bytes)
Hash
20450d3b0e27927de67fc226b7fddc97
06bdceb4477a23ef4f0315d79478776c1f69b320
d52b6ae544caf31260b6d8b9c8ec4916206af686921a14854c09f7bd1a2753e7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/wow.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

labucarimini.net/jquery.la.min.js

170.130.73.3

301 Moved Permanently

178 B

URL HTTP/1.1
labucarimini.net/jquery.la.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jquery.la.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/jquery.la.min.js

labucarimini.net/js/library.min.js

170.130.73.3

200 OK

43 kB

URL HTTP/1.1
labucarimini.net/js/library.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text, with very long lines (65515)
Size
43 kB (43003 bytes)
Hash
9f7fbfcea2f8cabe6e7d3d8870e8cc59
fb91f6929592aebf0353933c76ce696bfdfdca53
34bd01d83ec2f5e6df9f3ab9dd40ca6d0bb931fd38c19b092b6887aef441fea2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/library.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/jquery.20.min.js

170.130.73.3

200 OK

241 B

URL HTTP/1.1
www.labucarimini.net/jquery.20.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document, ASCII text, with CRLF line terminators
Size
241 B (241 bytes)
Hash
8ee22e7b5f638e1c510c03b268ad07c2
0f745dda31bacb16227df9000405e90f50af518a
381d7708f7edb83ad2f1080a2e363c59d3324a86afcc0e51a18e2479532f2342

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jquery.20.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript
Content-Length: 241
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-f1"
Expires: Mon, 28 Nov 2022 01:15:33 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

push.services.mozilla.com/

52.41.91.37

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.91.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 287m+nBMaBQyupNSZ9x7yw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XPi/olHVaeftAzpCH0XUBzr2cmQ=

www.labucarimini.net/jquery.la.min.js

170.130.73.3

200 OK

252 B

URL HTTP/1.1
www.labucarimini.net/jquery.la.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
252 B (252 bytes)
Hash
ff276604916c787c6284e03c519f61aa
b9febf0f50b160107521612f4d232debddbd4de6
6da2cc4f106bd991bf12d41658c24281f80e1263e4554d1ab05982183a53204d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jquery.la.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript
Content-Length: 252
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-fc"
Expires: Mon, 28 Nov 2022 01:15:33 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

labucarimini.net/images/Common/tel-icon01.png

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/images/Common/tel-icon01.png
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/Common/tel-icon01.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/tel-icon01.png

labucarimini.net/upload/images/2021/8/9d490897b0e3c48.jpg

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/upload/images/2021/8/9d490897b0e3c48.jpg
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/images/2021/8/9d490897b0e3c48.jpg HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg

labucarimini.net/images/Common/ft-tel.png

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/images/Common/ft-tel.png
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/Common/ft-tel.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-tel.png

labucarimini.net/images/Template/err_img.png

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/images/Template/err_img.png
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/Template/err_img.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Template/err_img.png

labucarimini.net/upload/images/2021/8/426fe7b8e20b127b.png

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/upload/images/2021/8/426fe7b8e20b127b.png
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/images/2021/8/426fe7b8e20b127b.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png

ocsp.trust-provider.cn/

47.246.44.205

200 OK

600 B

URL HTTP/1.1
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
600 B (600 bytes)
Hash
1929a64acc0d8780ab0ffa44d0447505
980622b4c9709e5a8a3d9870ba5bfc4cd93488a2
f544b2cc99e344165b1187874cdfe49abd3fba7e0c0ddb72b9336373c2ecc657

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sun, 27 Nov 2022 23:58:06 GMT
last-modified: Sun, 27 Nov 2022 04:40:29 GMT
expires: Sun, 04 Dec 2022 04:40:28 GMT
etag: "980622b4c9709e5a8a3d9870ba5bfc4cd93488a2"
cache-control: max-age=599419,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 770ecf561b2cbbcd-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1669593486
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache4.se1[22,22,200-0,H], cache3.se1[24,0], cache3.se1[25,0]
age: 1049
x-cache: HIT TCP_REFRESH_HIT dirn:11:391152799
x-swift-savetime: Mon, 28 Nov 2022 00:15:35 GMT
x-swift-cachetime: 751
timing-allow-origin: *, *
eagleid: 2ff62c9716695945357593570e, 2ff62c9716695945357593570e

www.myyilufa888.com/ff/pp.js

50.3.187.107

200 OK

1.9 kB

URL HTTP/1.1
www.myyilufa888.com/ff/pp.js
IP
50.3.187.107:0
ASN
#62904 AS62904

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (559), with CRLF line terminators
Size
1.9 kB (1910 bytes)
Hash
beecb20cae1291abfba2955779241436
0dc6a362525b453b482751f49b760b2834729e09
8dc965875ffd38f509982bb12a700f245ff348416b4c805ead19250bfb686ef8

HTTP Headers

GET /ff/pp.js HTTP/1.1
Host: www.myyilufa888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:35 GMT
Content-Type: application/javascript
Last-Modified: Sat, 29 Oct 2022 02:48:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"635c948d-1a24"
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2

216.58.207.195

200 OK

51 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 51172, version 1.0\012- data
Size
51 kB (51172 bytes)
Hash
75aae0890f79934cdf127df082092d06
d78451f74c35c249191e01a4576e6701202b8fd9
7c2ad54cada10eb0bb005b3b03372e1db84417f694bddaf5303bdae885a60b90

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:57:46 GMT
expires: Fri, 24 Nov 2023 16:57:46 GMT
cache-control: public, max-age=31536000
age: 285470
last-modified: Mon, 09 May 2022 18:43:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2

216.58.207.195

200 OK

35 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 35432, version 1.0\012- data
Size
35 kB (35432 bytes)
Hash
33ea7981ed83df0988d30f5950254044
2b74c0b566dc7c369fe7c17bc7f1e06e455de219
91d4622d15f2beedeeb092f084a1c8baa4047ecca6780257af5f6deb9f3450c4

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 20:14:36 GMT
expires: Wed, 22 Nov 2023 20:14:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:33:26 GMT
content-type: font/woff2
age: 446460
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2

216.58.207.195

200 OK

40 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 40196, version 1.0\012- data
Size
40 kB (40196 bytes)
Hash
e17430e8025b952561befbbbd86e232a
a45ad271c6c4d3b5441af02b173739773856113f
c4c6e86520e138b2a9aa10d0e7e3dfd88bd4a0007823b4ae6a53896f7065fa8b

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:15:05 GMT
expires: Wed, 22 Nov 2023 14:15:05 GMT
cache-control: public, max-age=31536000
age: 468031
last-modified: Mon, 09 May 2022 18:43:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2

216.58.207.195

200 OK

44 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 43824, version 1.0\012- data
Size
44 kB (43824 bytes)
Hash
6c469f8666ba65ed35c390abce79ce3c
c701d3c734b07332d86bede063a2b7e88bff0879
1cc025dde3309bbdd14d3502a4711d38f64c79f097e2a0376bcfea77dfc671f7

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:32:13 GMT
expires: Wed, 22 Nov 2023 14:32:13 GMT
cache-control: public, max-age=31536000
age: 467003
last-modified: Mon, 09 May 2022 18:43:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2

216.58.207.195

200 OK

43 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42844, version 1.0\012- data
Size
43 kB (42844 bytes)
Hash
1dfa491ede83e52869af1e6ea03c1a98
274b41476ebcf4e4be7d6f1520aee03e02fb9b4d
d405c1540e10462230fc7cfb8d0aaeef190af7b4f5ea62f062e1e66200e10bee

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 16:14:16 GMT
expires: Thu, 23 Nov 2023 16:14:16 GMT
cache-control: public, max-age=31536000
age: 374480
last-modified: Mon, 09 May 2022 18:43:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2

216.58.207.195

200 OK

42 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42056, version 1.0\012- data
Size
42 kB (42056 bytes)
Hash
732fe7f1aa387cd4bc1496192d6a3519
a41760e709aefaaeba1082ee65c34988f4ea94c3
72f1cd4df1b14de23121cf998e774729996c9c72680bd8fdde9cdff819789552

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:27:25 GMT
expires: Fri, 24 Nov 2023 21:27:25 GMT
cache-control: public, max-age=31536000
age: 269291
last-modified: Mon, 09 May 2022 18:36:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2

216.58.207.195

200 OK

43 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42732, version 1.0\012- data
Size
43 kB (42732 bytes)
Hash
9af28973f2a275f279583b252f0faa6c
76a632d90bf9da03d3fd2f42679c97deb0df2fe1
aaa004162c9ae0677ddb6cfc1f957c2a3a18699be3374cc4687d00e3acc14042

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42732
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 15:20:20 GMT
expires: Wed, 22 Nov 2023 15:20:20 GMT
cache-control: public, max-age=31536000
age: 464116
last-modified: Mon, 09 May 2022 18:36:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2

216.58.207.195

200 OK

43 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 43144, version 1.0\012- data
Size
43 kB (43144 bytes)
Hash
a59c00e04c9b601c9c35d8e8681f3315
f14bb358240a463bd7fc36c221c3cbc708b9b7a4
fe6e22e1c0cb89514a8f818b39047d5ed59e4fee0a802f0137f6c208b07d598c

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:40:23 GMT
expires: Wed, 22 Nov 2023 14:40:23 GMT
cache-control: public, max-age=31536000
age: 466513
last-modified: Mon, 09 May 2022 18:36:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2

216.58.207.195

200 OK

44 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 43564, version 1.0\012- data
Size
44 kB (43564 bytes)
Hash
c416ae3797ebc5d7dc183ba9077109d7
8ca3d2787ad6665b1759d75e7ce03729facbac6a
2749889c3e7435d56290a41bdf3a6e513892bf4b585b4c1fe399e2c607adb9ba

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:32:59 GMT
expires: Thu, 23 Nov 2023 08:32:59 GMT
cache-control: public, max-age=31536000
age: 402157
last-modified: Mon, 09 May 2022 18:42:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2

216.58.207.195

200 OK

43 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42956, version 1.0\012- data
Size
43 kB (42956 bytes)
Hash
4c7d34df91a6f48fad0adc92175b5a50
8b94ecf2ecf06385f41923929b02f8bd5d2dd410
d838f78456381239e69ea1726a29b13ff68686b79038bca420769126bd338803

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:30:42 GMT
expires: Wed, 22 Nov 2023 14:30:42 GMT
cache-control: public, max-age=31536000
age: 467094
last-modified: Mon, 09 May 2022 18:36:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2

216.58.207.195

200 OK

44 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 44152, version 1.0\012- data
Size
44 kB (44152 bytes)
Hash
a156849828ee908aabf9e3dcaf00f9b2
024890e2c8d616b95e1be5336fb18ac7e90ba4e3
ce88bd279a8b8495b918ca3eb7144dd4b75db9ea4084b30f52b453414c197a49

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44152
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 16:00:34 GMT
expires: Wed, 22 Nov 2023 16:00:34 GMT
cache-control: public, max-age=31536000
age: 461702
last-modified: Mon, 09 May 2022 18:34:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2

216.58.207.195

200 OK

42 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42364, version 1.0\012- data
Size
42 kB (42364 bytes)
Hash
dad64580dba7f4b9d9aeabd6a6a64ca0
179116dd354e66b175bf0efc5a3ea2c252140f84
bae3c5b51b6907ff27836682bcf1b78c86e6f05131b3f9d5d9bce8c7535edc5b

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42364
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:24:55 GMT
expires: Wed, 22 Nov 2023 14:24:55 GMT
cache-control: public, max-age=31536000
age: 467441
last-modified: Mon, 09 May 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2

216.58.207.195

200 OK

43 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 42824, version 1.0\012- data
Size
43 kB (42824 bytes)
Hash
217232a39ce817083b9b2ce355224706
df3e3967fb815b382309a6aa2d49af0e907fe140
51d0f26d34dd524e7f2a6bc02dff8fa1346cb0a37dc26ec55ee2fcd28390b556

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 01:36:18 GMT
expires: Wed, 22 Nov 2023 01:36:18 GMT
cache-control: public, max-age=31536000
age: 513558
last-modified: Mon, 09 May 2022 18:36:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2

216.58.207.195

200 OK

35 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 34792, version 1.0\012- data
Size
35 kB (34792 bytes)
Hash
33f14346b534356301c366aba9e0d383
ed94b354d1848bf588fe968d867501819038be87
07929b93fd502ebe1a01b0a5f2733aa9f6e803b624c7af9e5574f038f793eac5

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34792
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:35:06 GMT
expires: Fri, 24 Nov 2023 21:35:06 GMT
cache-control: public, max-age=31536000
age: 268830
last-modified: Mon, 09 May 2022 18:42:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2

216.58.207.195

200 OK

37 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 37184, version 1.0\012- data
Size
37 kB (37184 bytes)
Hash
43ffd6eace791e530dfb05bb1ecb17d8
608665b528f293eb9dc7b7301f8b4dbfcd508cc6
ede6260d23cb484721ede99e32d01c88bd19b7ace8f0baa66f2d92ad9044290c

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:20:41 GMT
expires: Wed, 22 Nov 2023 14:20:41 GMT
cache-control: public, max-age=31536000
age: 467695
last-modified: Mon, 09 May 2022 18:43:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2

216.58.207.195

200 OK

39 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 39084, version 1.0\012- data
Size
39 kB (39084 bytes)
Hash
fbce8b7897f94f2d10e7539fb101478b
93400c89dd410bc2e0d7c5faea4cb75a5f3646e8
93757a8850e24bf2cd2d4bf312edf58980628a4388793e28946f6140939dced1

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39084
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 08:22:17 GMT
expires: Wed, 22 Nov 2023 08:22:17 GMT
cache-control: public, max-age=31536000
age: 489199
last-modified: Mon, 09 May 2022 18:42:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2

216.58.207.195

200 OK

40 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 40296, version 1.0\012- data
Size
40 kB (40296 bytes)
Hash
e1b51631af4bbd5df1c92a9fe45e2b4d
f403284b49e5bbb090a84f6aaced7c601e307b14
35af288de50220eaced947a50555b1ba1d4ff2fa039e4572bb738710d4e2310d

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40296
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:12:58 GMT
expires: Fri, 24 Nov 2023 21:12:58 GMT
cache-control: public, max-age=31536000
age: 270158
last-modified: Mon, 09 May 2022 18:36:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2

216.58.207.195

200 OK

30 kB

URL HTTP/2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), CFF, length 30540, version 1.0\012- data
Size
30 kB (30540 bytes)
Hash
89d1655f5820a9fc94c71d16cda71610
674594197aa010352f80e3ca3236f7d611424e9d
ae9ef4a00da21386b56f615753db5f8717d261439b20b26941d401e582e4b06d

HTTP Headers

GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30540
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 04:03:21 GMT
expires: Wed, 22 Nov 2023 04:03:21 GMT
cache-control: public, max-age=31536000
age: 504735
last-modified: Mon, 09 May 2022 18:42:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

labucarimini.net/images/Common/ft-bg.jpg

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/images/Common/ft-bg.jpg
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/Common/ft-bg.jpg HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/common.css

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-bg.jpg

labucarimini.net/images/Common/ft-icon.png

170.130.73.3

302 Moved Temporarily

0 B

URL HTTP/1.1
labucarimini.net/images/Common/ft-icon.png
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/Common/ft-icon.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/common.css

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-icon.png

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6003 bytes)
Hash
71251bd4e19aa0d2be6336e7366f15ff
5c8be4aa5190dc7ae89674a26945bfc9ff240175
fb15afbdd12ab04b3bb2785fb3ebf1f2d82f243b47f1b8c2c8788f7653f8059b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6003
x-amzn-requestid: 55485f7d-70d3-4f00-90fa-6384e53c990a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR79tEt8oAMF8vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9f1-7b8a266209a1648724c5ca9d;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3edUH9nvxAHeFtJk-vye1QpLXAgSYPo62odg3mPQwE-u-npXeDDdVg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:16:28 GMT
age: 7148
etag: "5c8be4aa5190dc7ae89674a26945bfc9ff240175"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5989 bytes)
Hash
fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A5n6y1-hpgr4vynnRXkEZNvCvjlNGH6brl7eYMsdN1MST7YoD2BPgA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:13 GMT
age: 8663
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9430 bytes)
Hash
1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 8030
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8517 bytes)
Hash
577b69fd08ad8368ea5a94fe41476c1c
9442f111d329f721ddc55100cd246586d8204048
bdafc5068032dcf5e207cf2685a1b9350dbe8d990ba181520ff47889524532f2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8517
x-amzn-requestid: 12456791-0e7f-45d7-97ae-d663c8fa841d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMozvHHLoAMFVqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb4a-54ed1ec101789247052c9ec8;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:07:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UzzTPZIBjoow9PK-oM9rfGh5HkrivyPDofbTXy-I-9e4_baQnyKVhQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 05:55:42 GMT
age: 65994
etag: "9442f111d329f721ddc55100cd246586d8204048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11255 bytes)
Hash
6e240caa3153ea25c34d07185b47f8a5
602e8ba5c6671ff947acfda757577ddc8ecec6ec
c2b37bf1ef003ceffaaf4612f2001b6f7998d5b95cd55b32c79fefcb24ccad7f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11255
x-amzn-requestid: ce06e0cc-3874-4a3d-a6c5-5cc1cb342138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7w8EEOIAMF_6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99f-5ca652aa369ee1690b0d08cc;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6qKDE2jlIb8D2Mhg-OcsfU1haVtyGYfcMcs1NJT_HPlTv-O26tR60w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:34 GMT
age: 8462
etag: "602e8ba5c6671ff947acfda757577ddc8ecec6ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 10:15:53 GMT
age: 50383
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Noto+Sans+SC:400

142.250.74.10

200 OK

51 kB

URL HTTP/2
fonts.googleapis.com/css?family=Noto+Sans+SC:400
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
51 kB (50937 bytes)
Hash
5067b18c4983ec38f95651e7d0517dd0
007f5ef65432215ebcb42f232caf649cc7a3d5f0
bd3b9312de99a6014e685ce39bfbd2ad852e3fefe69770e043164bcea92e8a0a

HTTP Headers

GET /css?family=Noto+Sans+SC:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 00:15:34 GMT
date: Mon, 28 Nov 2022 00:15:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.trust-provider.cn/

47.246.44.205

200 OK

600 B

URL HTTP/1.1
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
600 B (600 bytes)
Hash
a6401550726420e886a5149e0002df15
f154e9ad355d9445e46c502c99e7bc57a861e767
777951b0f25762c98e11e33ad12c33f7cf16751137a0f1530e3e6454ab17571a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sun, 27 Nov 2022 23:58:12 GMT
last-modified: Thu, 24 Nov 2022 19:27:57 GMT
expires: Thu, 01 Dec 2022 19:27:56 GMT
etag: "f154e9ad355d9445e46c502c99e7bc57a861e767"
cache-control: max-age=601347,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 770ecf7aed6f6957-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1669593492
via: cache12.l2de2[0,0,304-0,H], cache19.l2de2[1,0], cache1.se1[82,82,200-0,H], cache3.se1[84,0], cache3.se1[85,0]
age: 1044
x-cache: HIT TCP_REFRESH_HIT dirn:4:88708306
x-swift-savetime: Mon, 28 Nov 2022 00:15:36 GMT
x-swift-cachetime: 756
timing-allow-origin: *, *
eagleid: 2ff62c9716695945363743946e, 2ff62c9716695945363743946e

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
8458771cfb25d5da942c3d6141d2f773
12310142bb209b549ee8d160ea1cc179452f8453
e6e53b9a2b4d1ee0a9c1ad44c8f89293d07675ef2d09eae1370733938addb51f

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 01 Dec 2022 22:53:15 GMT
ETag: "12310142bb209b549ee8d160ea1cc179452f8453"
Last-Modified: Sun, 27 Nov 2022 22:53:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2163
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770ee8fd1f3cb50f-OSL

www.mylf888.com/dan/indexyl.html

50.3.187.42

200 OK

1.4 kB

URL HTTP/1.1
www.mylf888.com/dan/indexyl.html
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.4 kB (1355 bytes)
Hash
96da02cd75325f687714bbb5641f9f5d
558c4783ef2f6d4487c3a26fb8af88de6ded67fc
94da0be59f18bc63e1328dbe83758dd1d31635a2b654a20186f93c127aae84f9

HTTP Headers

GET /dan/indexyl.html HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/html
Last-Modified: Sat, 29 Oct 2022 02:39:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"635c9252-186b"
Content-Encoding: gzip

labucarimini.net/iconfont/iconfont.woff

170.130.73.3

200 OK

33 kB

URL HTTP/1.1
labucarimini.net/iconfont/iconfont.woff
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Web Open Font Format, TrueType, length 33120, version 1.0\012- data
Size
33 kB (32990 bytes)
Hash
8c59c1b9407ffcb7fed0e4dd784269d9
5e156775d4a8cd75e2e66e93eab6bea35a1d3edd
52b80074402c5ad17eab1f27644a28ed719110b4f8ef282bff1c76bbc160c335

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /iconfont/iconfont.woff HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://labucarimini.net/css/library.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41

www.mylf888.com/dan/js/zhongguomeng.js

50.3.187.42

200 OK

990 B

URL HTTP/1.1
www.mylf888.com/dan/js/zhongguomeng.js
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
ASCII text, with CRLF line terminators
Size
990 B (990 bytes)
Hash
d5b31971437609ec3a08d25605525bb1
2b9f2aaf5a5d61abb692d026bbf42884493a448b
f7bb6448475d0a3c54ac43644d74941f700fdac565cb1f35b3596890245fd8e9

HTTP Headers

GET /dan/js/zhongguomeng.js HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: application/javascript
Content-Length: 990
Last-Modified: Sat, 26 Nov 2022 07:27:18 GMT
Connection: keep-alive
ETag: "6381bfd6-3de"
Accept-Ranges: bytes

www.gddyxn.com/images/Common/tel-icon01.png

120.79.183.204

200 OK

1.3 kB

URL HTTP/1.1
www.gddyxn.com/images/Common/tel-icon01.png
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1342 bytes)
Hash
97b825d09d95a7cba13606ef7c9b31bd
fc66fee9e6d89468f1aae842c6982d4d6b76bdb8
6ae6111d94745600f1eb3b3a2f5bd584d34095d741bebb0946ea649d8ec84cc6

HTTP Headers

GET /images/Common/tel-icon01.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 13 Aug 2021 01:51:58 GMT
Accept-Ranges: bytes
ETag: "0f3facce58fd71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1342

www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png

120.79.183.204

200 OK

6.1 kB

URL HTTP/1.1
www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 168 x 51, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6117 bytes)
Hash
1d2a7b0d0322f4bd0af6a5b4e956b91e
5368f90b60cd2e5d5e72045650bc544508851a99
68673d2410d3e05dcd6de842beff16f8aab82e9917ba3e87d37808c3a24150df

HTTP Headers

GET /upload/images/2021/8/426fe7b8e20b127b.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 08:54:24 GMT
Accept-Ranges: bytes
ETag: "060c9fae990d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 6117

www.mylf888.com/dan/index.css

50.3.187.42

200 OK

505 B

URL HTTP/1.1
www.mylf888.com/dan/index.css
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
ASCII text
Size
505 B (505 bytes)
Hash
64264c1ffc415ab97cc63ea904ff0304
a5ad17b604051533e9bf9cd0b50e52fba75f943c
d8859eafd3778ea6403a584689b6511243cb0e39b51f182b7d7b09c21ce28e5e

HTTP Headers

GET /dan/index.css HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/css
Last-Modified: Tue, 11 May 2021 11:00:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"609a63c6-453"
Content-Encoding: gzip

www.gddyxn.com/images/Common/ft-tel.png

120.79.183.204

200 OK

1.3 kB

URL HTTP/1.1
www.gddyxn.com/images/Common/ft-tel.png
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1324 bytes)
Hash
d7417452fef231d562f9110040771ed8
2cd9370ccc9ffa114a28916ce904d83236b99dad
6ae398da677f521022a61bee3739b764dff6e7520cc725b48f4a8794622e97a6

HTTP Headers

GET /images/Common/ft-tel.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 07:24:20 GMT
Accept-Ranges: bytes
ETag: "06ac065dd90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1324

labucarimini.net/iconfont/iconfont.ttf

170.130.73.3

200 OK

34 kB

URL HTTP/1.1
labucarimini.net/iconfont/iconfont.ttf
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
TrueType Font data, 11 tables, 1st "GSUB", 2817 names, language 0x110, type 273 string\012- data
Size
34 kB (34281 bytes)
Hash
3b0bdd1b3b8f7ff082dc26567c44731c
878f5233b5f01665745911612ce7941b4d7a4592
6b04f07526fcd66f4b089694d8070d658f1e194878f841252bc52bc2154dd45b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /iconfont/iconfont.ttf HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/library.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.mylf888.com/jquery.la.min.js

50.3.187.42

404 Not Found

162 B

URL HTTP/1.1
www.mylf888.com/jquery.la.min.js
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
70461da8b94c6ca5d2fda3260c5a8c3b
994bc667720c21257500e29038c1a5f61e25da1e
f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee

HTTP Headers

GET /jquery.la.min.js HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

www.gddyxn.com/images/Template/err_img.png

120.79.183.204

200 OK

11 kB

URL HTTP/1.1
www.gddyxn.com/images/Template/err_img.png
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 416 x 160, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10770 bytes)
Hash
2dc3ef7acf2ca2a276b5e1a79eb0a89b
599f4df928692bac9709cc60af30926551fd4772
b3a95ba926625ea738f84c8ee66776dc7126f8a45c54f08f2b6568d54c8019c6

HTTP Headers

GET /images/Template/err_img.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 11 Dec 2020 06:38:30 GMT
Accept-Ranges: bytes
ETag: "03713d88cfd61:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 10770

www.gddyxn.com/images/Common/ft-icon.png

120.79.183.204

200 OK

1.0 kB

URL HTTP/1.1
www.gddyxn.com/images/Common/ft-icon.png
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 1 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1026 bytes)
Hash
0f11f9c11e95261fd090201b0c582d50
60cc220e8f02f075e8b94ad22590c02b5ec69383
66807d957420213ebf4a71eb591fffb29f065b6fe8eee38dbdcade8a2c095867

HTTP Headers

GET /images/Common/ft-icon.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://labucarimini.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 07:18:04 GMT
Accept-Ranges: bytes
ETag: "05ea385dc90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1026

www.mylf888.com/dan/img/bwin1000.gif

50.3.187.42

200 OK

57 kB

URL HTTP/1.1
www.mylf888.com/dan/img/bwin1000.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x100, components 3\012- data
Size
57 kB (57413 bytes)
Hash
2e599e6d4d3d33ff4de9f6729899c960
ba96b8f555d5907c0b67c723aaeba8250098e61c
3bba9661f9ad5b20934c5a85fdb31b01006948f2dcb27ff7f81cbd958b2c4fb5

HTTP Headers

GET /dan/img/bwin1000.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 57413
Last-Modified: Mon, 23 May 2022 07:41:45 GMT
Connection: keep-alive
ETag: "628b3ab9-e045"
Accept-Ranges: bytes

hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (617)
Size
11 kB (11255 bytes)
Hash
efb9c29f812daf6ff501a84e531b96cf
c713c078a69cb868ad7b6e5d13f217d8d959732b
5eecfd8275341d6aecf4085eb0c61985e4a9bd3a62330348b2641a017bbad5c7

HTTP Headers

GET /hm.js?2de0aeba5b7775abb16b92601cff3525 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Mon, 28 Nov 2022 00:15:36 GMT
Etag: 6328735757d79ece1c89920c25249b74
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=FE4A359727184C48; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg

120.79.183.204

200 OK

23 kB

URL HTTP/1.1
www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2021-08-16T14:49:48+08:00], baseline, precision 8, 200x200, components 3\012- data
Size
23 kB (22753 bytes)
Hash
a834f769f65fc2b19d36eaf37c5f3d42
7c334ad92dad1d640d08a9024bdc0e340a05a83b
c946209116c7359dbcd64b16163f976835a36ecdd937eab0d1dd557b1d0a0ac8

HTTP Headers

GET /upload/images/2021/8/9d490897b0e3c48.jpg HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 16 Aug 2021 06:50:12 GMT
Accept-Ranges: bytes
ETag: "0eadff56a92d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 22753

www.mylf888.com/dan/img/yongli21.gif

50.3.187.42

200 OK

135 kB

URL HTTP/1.1
www.mylf888.com/dan/img/yongli21.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 300\012- data
Size
135 kB (134753 bytes)
Hash
499ca03c442b30fbed7b0e3086ac3cf0
7c080c0f949f4f03278e910d3c977d9df689f27c
b8adffdef819280ebb61a8ad47983e75248e13be82f4a2b1d19e779d39472943

HTTP Headers

GET /dan/img/yongli21.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 134753
Last-Modified: Thu, 08 Sep 2022 07:06:56 GMT
Connection: keep-alive
ETag: "63199490-20e61"
Accept-Ranges: bytes

www.mylf888.com/dan/img/blakimg.jpg

50.3.187.42

200 OK

122 kB

URL HTTP/1.1
www.mylf888.com/dan/img/blakimg.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x1400, components 3\012- data
Size
122 kB (122095 bytes)
Hash
32a8354488a992361e0a9c29f87f0eeb
585df2d841f06ab2852e7f030b12cc2d40bb5c0e
46d8ee2ab6daa69ec6c8b1b99a6264e4879524cfe9e8b49bb05914d478fa4824

HTTP Headers

GET /dan/img/blakimg.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/jpeg
Content-Length: 122095
Last-Modified: Tue, 11 May 2021 10:59:22 GMT
Connection: keep-alive
ETag: "609a638a-1dcef"
Accept-Ranges: bytes

www.mylf888.com/dan/img/bet365365.jpg

50.3.187.42

200 OK

118 kB

URL HTTP/1.1
www.mylf888.com/dan/img/bet365365.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x100, components 3\012- data
Size
118 kB (118484 bytes)
Hash
b601a3aeeb918c401a7e6203a27129f5
314ab685c22cf0f4979e2468ce2de55c74a959de
a86e74c3ec52a8b51388c52bad6b510042b1faf95bf730f20a7d6b899c373969

HTTP Headers

GET /dan/img/bet365365.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 118484
Last-Modified: Mon, 26 Sep 2022 02:39:22 GMT
Connection: keep-alive
ETag: "633110da-1ced4"
Accept-Ranges: bytes

www.mylf888.com/dan/img/xintyc.gif

50.3.187.42

200 OK

362 kB

URL HTTP/1.1
www.mylf888.com/dan/img/xintyc.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1020 x 85\012- data
Size
362 kB (362518 bytes)
Hash
bcbf48cc8ce9f196243aa50fb754f4cd
6a5efd0572153c8721f6a4e0a16db1d167d13592
06f6e6b9728c7d2ad9d0015202ff0d4cab15ec15ac50404964b301cf96fc8f07

HTTP Headers

GET /dan/img/xintyc.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 362518
Last-Modified: Wed, 02 Jun 2021 01:49:08 GMT
Connection: keep-alive
ETag: "60b6e394-58816"
Accept-Ranges: bytes

www.mylf888.com/dan/img/yaobo09.png

50.3.187.42

200 OK

375 kB

URL HTTP/1.1
www.mylf888.com/dan/img/yaobo09.png
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
PNG image data, 1434 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size
375 kB (375070 bytes)
Hash
8246fea5d34a8158b32ca6c245ea16b6
ba9ad21b7780a9ea8a530f363c09d4448cac7b6e
12bb8811bdbadec42e092ff12b79bb52657f2cd971e188052610e6358e3c9813

HTTP Headers

GET /dan/img/yaobo09.png HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/png
Content-Length: 375070
Last-Modified: Fri, 29 Oct 2021 10:53:53 GMT
Connection: keep-alive
ETag: "617bd2c1-5b91e"
Accept-Ranges: bytes

www.mylf888.com/dan/img/wns111.gif

50.3.187.42

200 OK

177 kB

URL HTTP/1.1
www.mylf888.com/dan/img/wns111.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 960 x 80\012- data
Size
177 kB (177253 bytes)
Hash
40c5a20c644663ccb411529e39250f18
1543e1b4f210a2f6e56e67d828672e54d4b38a7d
e3461a38cba8e8b063619522d87e8886ac75bec436bc12e0d2f9ca69bb987ff3

HTTP Headers

GET /dan/img/wns111.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 177253
Last-Modified: Tue, 11 May 2021 11:00:03 GMT
Connection: keep-alive
ETag: "609a63b3-2b465"
Accept-Ranges: bytes

www.mylf888.com/dan/img/1000x100.js.gif

50.3.187.42

200 OK

244 kB

URL HTTP/1.1
www.mylf888.com/dan/img/1000x100.js.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 100\012- data
Size
244 kB (244005 bytes)
Hash
68fb65625bff58cfbfb43ad584b6b14d
02411259fcdd4faa799d66b3e1d0cb49948bc779
0c8c4923f415217e1b2a3348bcc0eba16466a27fca78181f44c1066377de11eb

HTTP Headers

GET /dan/img/1000x100.js.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 244005
Last-Modified: Tue, 11 May 2021 10:59:11 GMT
Connection: keep-alive
ETag: "609a637f-3b925"
Accept-Ranges: bytes

www.mylf888.com/dan/img/tyc111.gif

50.3.187.42

200 OK

185 kB

URL HTTP/1.1
www.mylf888.com/dan/img/tyc111.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 100\012- data
Size
185 kB (184798 bytes)
Hash
3afa272c428b59f208c02e5af9760940
c1b78fe258f15c46a1494cbf3adea52d592126f3
60ba6d37b9eab566fad8dc32e8badeae198af00faf1a494ca9885f119dae32fb

HTTP Headers

GET /dan/img/tyc111.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 184798
Last-Modified: Mon, 26 Sep 2022 01:57:30 GMT
Connection: keep-alive
ETag: "6331070a-2d1de"
Accept-Ranges: bytes

www.mylf888.com/dan/img/amdc1000x100.gif

50.3.187.42

200 OK

278 kB

URL HTTP/1.1
www.mylf888.com/dan/img/amdc1000x100.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 100\012- data
Size
278 kB (278305 bytes)
Hash
71c7927a8115608a38ef646fbe1d245e
62308a2b77fe5db7519349d56e8f9daf1230a5dc
94cf5d84e80dc1006762bb51fe0a2ae9cd9a9a608eb4d60f25bbfb4e9959dbf8

HTTP Headers

GET /dan/img/amdc1000x100.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 278305
Last-Modified: Fri, 24 Dec 2021 11:28:19 GMT
Connection: keep-alive
ETag: "61c5aed3-43f21"
Accept-Ranges: bytes

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 28 Nov 2022 00:15:37 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A5AACD28961CE125; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

www.mylf888.com/dan/img/ld891.jpg

50.3.187.42

200 OK

222 kB

URL HTTP/1.1
www.mylf888.com/dan/img/ld891.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
PNG image data, 2100 x 150, 8-bit colormap, non-interlaced\012- data
Size
222 kB (222004 bytes)
Hash
c514cc26a8bbf5cb52abdf9ab9e68980
18199a677d4fbb0cf0a1c7f9af076c2ae76fb4cb
3a39dc076d1c0bfec10debd1c0f54249d89036049dad5f24255eb2e6b610b27d

HTTP Headers

GET /dan/img/ld891.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 222004
Last-Modified: Tue, 26 Jul 2022 08:11:41 GMT
Connection: keep-alive
ETag: "62dfa1bd-36334"
Accept-Ranges: bytes

www.mylf888.com/dan/img/manbetx10.gif

50.3.187.42

200 OK

320 kB

URL HTTP/1.1
www.mylf888.com/dan/img/manbetx10.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
PNG image data, 1240 x 151, 8-bit/color RGBA, non-interlaced\012- data
Size
320 kB (319786 bytes)
Hash
a5676971e3a14edbb3c97a69ca17b820
a2bfd63cc4227018cb9be5f85ef207f6fbb4e836
fe87f00bd9fc4205dc44dfb35d63b7e8fd6980c8714149d3e0c5a74e8c28ef80

HTTP Headers

GET /dan/img/manbetx10.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 319786
Last-Modified: Fri, 20 May 2022 07:08:20 GMT
Connection: keep-alive
ETag: "62873e64-4e12a"
Accept-Ranges: bytes

www.mylf888.com/dan/img/kaiyun100.jpg

50.3.187.42

200 OK

64 kB

URL HTTP/1.1
www.mylf888.com/dan/img/kaiyun100.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1090x141, components 3\012- data
Size
64 kB (63943 bytes)
Hash
baba23b989f46d56bf7bccbcb684f8a9
efba0da806c3e339335d1b5716af81df13da42aa
d94177e2f5bb8337e610eb21f1a78380179d5d5e7703d85ae9f15e45f77d46fd

HTTP Headers

GET /dan/img/kaiyun100.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 63943
Last-Modified: Sat, 29 Oct 2022 03:38:51 GMT
Connection: keep-alive
ETag: "635ca04b-f9c7"
Accept-Ranges: bytes

www.mylf888.com/dan/img/xpj999.gif

50.3.187.42

200 OK

649 kB

URL HTTP/1.1
www.mylf888.com/dan/img/xpj999.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 200\012- data
Size
649 kB (649012 bytes)
Hash
4b2329aee1fcc97910223870de0a7ac3
f7a5bd1bee03223ee41d7a586569337aefb09ea2
ddff3a89b79326f02c8e2ba68f8534df4ad3196134e74ec0accb51800cd4de3d

HTTP Headers

GET /dan/img/xpj999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 649012
Last-Modified: Thu, 08 Sep 2022 06:45:06 GMT
Connection: keep-alive
ETag: "63198f72-9e734"
Accept-Ranges: bytes

www.mylf888.com/dan/img/xyl999.gif

50.3.187.42

200 OK

477 kB

URL HTTP/1.1
www.mylf888.com/dan/img/xyl999.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 100\012- data
Size
477 kB (477348 bytes)
Hash
9e07a5cab4aa0dd2f4812fc347081ac8
b07f49e9cb7a8a678063ebede264aa7a60387348
38be687f0e62fcbf1b13a04003b15a3f9cef34bc2ab4332f33aa29e63e359765

HTTP Headers

GET /dan/img/xyl999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 477348
Last-Modified: Wed, 02 Jun 2021 01:49:09 GMT
Connection: keep-alive
ETag: "60b6e395-748a4"
Accept-Ranges: bytes

push.zhanzhang.baidu.com/push.js

182.61.201.93

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Mon, 28 Nov 2022 00:15:37 GMT
Etag: "4078521116"
Expires: Tue, 28 Nov 2023 00:15:37 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E90B452CE7A7508F416D77D56A2ACC29:FG=1; max-age=31536000; expires=Tue, 28-Nov-23 00:15:37 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

labucarimini.net/favicon.ico

170.130.73.3

301 Moved Permanently

178 B

URL HTTP/1.1
labucarimini.net/favicon.ico
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:35 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/favicon.ico

www.mylf888.com/dan/img/daohang.gif

50.3.187.42

200 OK

3.2 kB

URL HTTP/1.1
www.mylf888.com/dan/img/daohang.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 1000 x 50\012- data
Size
3.2 kB (3181 bytes)
Hash
acd657d8df9241a153133cdbc926f4b0
3510be93a9e851aa533ad47cc70e6ec91c5c8be0
fcb2f2759f42d40e5176e005f15482e629e97a1ef6117e2bf25959440e3f7b3f

HTTP Headers

GET /dan/img/daohang.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 3181
Last-Modified: Mon, 14 Mar 2022 06:47:21 GMT
Connection: keep-alive
ETag: "622ee4f9-c6d"
Accept-Ranges: bytes

www.mylf888.com/dan/img/jinsha168.jpg

50.3.187.42

200 OK

14 kB

URL HTTP/1.1
www.mylf888.com/dan/img/jinsha168.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
PNG image data, 333 x 79, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14242 bytes)
Hash
73c2658bd87f442dbe3688a4fe48352c
f5a31ed734b80202b74f6d296766ae2e8bbd7874
7156ba4542717f84d7acea3aef40754a8fb5d7ce99452ebf9c3a1d5b5f15e5ea

HTTP Headers

GET /dan/img/jinsha168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 14242
Last-Modified: Mon, 14 Mar 2022 06:47:18 GMT
Connection: keep-alive
ETag: "622ee4f6-37a2"
Accept-Ranges: bytes

www.mylf888.com/dan/img/wnsr168.gif

50.3.187.42

200 OK

7.9 kB

URL HTTP/1.1
www.mylf888.com/dan/img/wnsr168.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 333 x 81\012- data
Size
7.9 kB (7889 bytes)
Hash
c5f1db8a552e95f0b0f6b0a9fc59b93e
7ddf31d81e285b78b0a2366546c69c10a66e3131
34684d52b7a18477268cf05f7560f4ba13d6a01b9948bfca2aa7040469f7ca8f

HTTP Headers

GET /dan/img/wnsr168.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 7889
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-1ed1"
Accept-Ranges: bytes

www.mylf888.com/dan/img/tyc168.jpg

50.3.187.42

200 OK

9.9 kB

URL HTTP/1.1
www.mylf888.com/dan/img/tyc168.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Size
9.9 kB (9866 bytes)
Hash
6d9b3cb1918e3cf4c7142f38e1c6302e
3c8bd0b1ce1bb167d9bccadc063039d8530be739
0037804244cfbf6211c14a75c8b023ae900699b2539e2151537331956fe9a291

HTTP Headers

GET /dan/img/tyc168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 9866
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-268a"
Accept-Ranges: bytes

www.mylf888.com/dan/img/biwin999.gif

50.3.187.42

200 OK

9.2 kB

URL HTTP/1.1
www.mylf888.com/dan/img/biwin999.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 334 x 81\012- data
Size
9.2 kB (9197 bytes)
Hash
d05fff7c08e48f787151cd283766a047
108d14a03d85fb2d7ecc7391ab48f71aff83a85f
eba6395900606e52a184b74fdbf2ee8990ca302d8778c02cd3e4921a6a9e411e

HTTP Headers

GET /dan/img/biwin999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 9197
Last-Modified: Thu, 24 Mar 2022 01:50:13 GMT
Connection: keep-alive
ETag: "623bce55-23ed"
Accept-Ranges: bytes

www.gddyxn.com/images/Common/ft-bg.jpg

120.79.183.204

200 OK

116 kB

URL HTTP/1.1
www.gddyxn.com/images/Common/ft-bg.jpg
IP
120.79.183.204:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x605, components 3\012- data
Size
116 kB (116158 bytes)
Hash
c75f0c4af083dbea42d9654fe7f4c9b9
86513e63ec8a6e0a679a67d08bb8f1d7b7b38f5c
99bcbd5e99765d18f6e17cb4ab36c7f53879b006a874f8ebc1e21d487ef3bab0

HTTP Headers

GET /images/Common/ft-bg.jpg HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://labucarimini.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 14 Aug 2021 07:01:34 GMT
Accept-Ranges: bytes
ETag: "05b8d37da90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 116158

www.mylf888.com/dan/img/aomendc999.jpg

50.3.187.42

200 OK

22 kB

URL HTTP/1.1
www.mylf888.com/dan/img/aomendc999.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 333x79, components 3\012- data
Size
22 kB (21563 bytes)
Hash
7962dc0719483a5ec18c92b5fa935fca
fa676567caebf334f37b4cc057092d3345129ce8
c25bfbb9468cce8ace9f0f244f9ad809d7e57245fa99df623a4a3911a065875c

HTTP Headers

GET /dan/img/aomendc999.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 21563
Last-Modified: Mon, 14 Mar 2022 06:47:18 GMT
Connection: keep-alive
ETag: "622ee4f6-543b"
Accept-Ranges: bytes

www.mylf888.com/dan/img/xpj168.gif

50.3.187.42

200 OK

6.8 kB

URL HTTP/1.1
www.mylf888.com/dan/img/xpj168.gif
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 333 x 81\012- data
Size
6.8 kB (6835 bytes)
Hash
efc3d4f0d0c2d35c69557e477b2e4fc6
2e00fe60321983aa9793dfbb747037ac625e15eb
c2ef12c881a522f618cb850034fc17c2f4509ffe6a379247710777f2ada5d47d

HTTP Headers

GET /dan/img/xpj168.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 6835
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-1ab3"
Accept-Ranges: bytes

www.mylf888.com/dan/img/365bet168.jpg

50.3.187.42

200 OK

9.9 kB

URL HTTP/1.1
www.mylf888.com/dan/img/365bet168.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
GIF image data, version 89a, 333 x 82\012- data
Size
9.9 kB (9891 bytes)
Hash
657b00ba324258d9733fb707b7e05e54
938a86193c65ecc9bd2c23bf21abdefe43a829e6
ca81437f9e67704918e9d9e493984c860b0627cc23f62e9dc26020d33b84d470

HTTP Headers

GET /dan/img/365bet168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 9891
Last-Modified: Mon, 14 Mar 2022 06:47:20 GMT
Connection: keep-alive
ETag: "622ee4f8-26a3"
Accept-Ranges: bytes

www.mylf888.com/dan/img/yongli168.jpg

50.3.187.42

200 OK

10 kB

URL HTTP/1.1
www.mylf888.com/dan/img/yongli168.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Size
10 kB (10033 bytes)
Hash
ceeeec4a37140a66fe39f401691022fe
121f8658403c8fe024c73083fc49301a726c431c
48cb853f4ffbac3c4c1d743e6dd50e35f488b841a4c63443f498642dd439840a

HTTP Headers

GET /dan/img/yongli168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 10033
Last-Modified: Mon, 14 Mar 2022 06:47:20 GMT
Connection: keep-alive
ETag: "622ee4f8-2731"
Accept-Ranges: bytes

www.mylf888.com/dan/img/yabo999.jpg

50.3.187.42

200 OK

10 kB

URL HTTP/1.1
www.mylf888.com/dan/img/yabo999.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Size
10 kB (10099 bytes)
Hash
4a3ecd592f1716707fa98c9e748b6759
cc6c45369214748243e249096c7c61d02827ca09
9efe73ad6710d9a7d7600cbeeff9ff065953de78a01a833f85f8921b1030b80f

HTTP Headers

GET /dan/img/yabo999.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:38 GMT
Content-Type: image/jpeg
Content-Length: 10099
Last-Modified: Mon, 14 Mar 2022 06:47:17 GMT
Connection: keep-alive
ETag: "622ee4f5-2773"
Accept-Ranges: bytes

www.labucarimini.net/favicon.ico

170.130.73.3

200 OK

9.7 kB

URL HTTP/1.1
www.labucarimini.net/favicon.ico
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Size
9.7 kB (9662 bytes)
Hash
1af6c08eb07f675c862fa3cd50640511
bfc9fbddea831a3cae067a570bcb4450280c7f45
7fc7fdb7ea134949cefdbd00ac02724e091e0201c1cee06795f84db28a1586d4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/x-icon
Content-Length: 9662
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-25be"
Accept-Ranges: bytes

api.share.baidu.com/s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=

112.34.113.148

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
IP
112.34.113.148:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 28 Nov 2022 00:15:39 GMT

labucarimini.net/

170.130.73.3

301 Moved Permanently

178 B

URL HTTP/1.1
labucarimini.net/
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/

www.labucarimini.net/

170.130.73.3

200 OK

21 kB

URL HTTP/1.1
www.labucarimini.net/
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (447), with CRLF, LF line terminators
Size
21 kB (20895 bytes)
Hash
998db3a8e1fc9f2dfc180c93970b8a3c
11eb67a3f310f45e6d3ca4b160de3eb38d96a484
fd557af4c9f334558630e68093ebbcf6315cc98e6045e5f0822d314827d7b029

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/css/bootstrap.css

170.130.73.3

200 OK

3.5 kB

URL HTTP/1.1
www.labucarimini.net/css/bootstrap.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text, with very long lines (3962)
Size
3.5 kB (3458 bytes)
Hash
bf0ec8e162db340d09f3b366135fde0c
63fa206313de9cf4e4edc0a10968a286090f2e03
49eee5e19b883b882561978e3f9645c6f3dbb97f5e2431c7397c767d6bbfc0ed

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

hm.baidu.com/hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 28 Nov 2022 00:15:42 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=43FB9D7BC0623E40; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

www.labucarimini.net/css/library.css

170.130.73.3

200 OK

5.8 kB

URL HTTP/1.1
www.labucarimini.net/css/library.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (19533)
Size
5.8 kB (5824 bytes)
Hash
b6a969c731c2ab92988a9034d82de20e
584a93a7b719848f652fff69c2b5ace560c25bbb
8c49124d2757a1ecc4138f0d5d35a8d3b80b62cc7760abfe837ee16701f51184

HTTP Headers

GET /css/library.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/css/animate.css

170.130.73.3

200 OK

4.9 kB

URL HTTP/1.1
www.labucarimini.net/css/animate.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (374)
Size
4.9 kB (4868 bytes)
Hash
31bb8f5a129d737017c57f0883451e4e
f4a82d4327c9727fd410c8a6135b6275bcd5771e
c4b35dbaf58287de79b0f1edf9bb04257c966a2be5972d0b9373a7cb4a8326dd

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/css/Common.css

170.130.73.3

200 OK

3.3 kB

URL HTTP/1.1
www.labucarimini.net/css/Common.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
3.3 kB (3305 bytes)
Hash
35b7b92ed86848bbb3e3519eed066106
e03ffe489b62bd93ab84f732cec6cbee4b9ebb5d
1009a0f513f3faea332e284e44a869cb156663b5887127b37629cd0b8549585b

HTTP Headers

GET /css/Common.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/css/Index.css

170.130.73.3

200 OK

5.6 kB

URL HTTP/1.1
www.labucarimini.net/css/Index.css
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (345)
Size
5.6 kB (5649 bytes)
Hash
3ac01918de068562b2f991b96873c80a
a933e73ac8ce5e0ae8a1815cf6a2b126945270a7
b0a39fcd6ce7c55eea67c8aff43a4c5f7846fbfc85242a460d8de4c315fc0357

HTTP Headers

GET /css/Index.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/js/particles.js

170.130.73.3

200 OK

4.4 kB

URL HTTP/1.1
www.labucarimini.net/js/particles.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text
Size
4.4 kB (4418 bytes)
Hash
443cde99d93b77de08097b72e8246983
bee15d232857df727b2e6a0853ee8b68fc155fc2
da6a3f2e14f90921ef05358ea3c1efe6946ea2a8172c12215ef94a15c7d3e81c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/particles.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/js/jquery.min.js

170.130.73.3

200 OK

33 kB

URL HTTP/1.1
www.labucarimini.net/js/jquery.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text, with very long lines (32110), with CRLF, LF line terminators
Size
33 kB (33040 bytes)
Hash
8fba43c4fe4b577c8fd78a00002af8a4
6d56c6b9990899e07cb14e1ef0d757fe537ff315
e893fd52b114286f0d54b1d057952bf3926819e78869c4a858adf93c7530a8a9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/js/wow.js

170.130.73.3

200 OK

3.0 kB

URL HTTP/1.1
www.labucarimini.net/js/wow.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
ASCII text, with very long lines (881)
Size
3.0 kB (3027 bytes)
Hash
20450d3b0e27927de67fc226b7fddc97
06bdceb4477a23ef4f0315d79478776c1f69b320
d52b6ae544caf31260b6d8b9c8ec4916206af686921a14854c09f7bd1a2753e7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/wow.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/js/Common.js

170.130.73.3

200 OK

727 B

URL HTTP/1.1
www.labucarimini.net/js/Common.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type
Unicode text, UTF-8 text
Size
727 B (727 bytes)
Hash
1d159cf586449822da5d8f5df339ced4
dcf604e60dca79e921faede366ae772d50d98003
46acb1ba8123e8730de60a53d267964f18ab183c23357433124a80d19edd15e7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/Common.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.mylf888.com/dan/img/ftimg.jpg

50.3.187.42

200 OK

0 B

URL HTTP/1.1
www.mylf888.com/dan/img/ftimg.jpg
IP
50.3.187.42:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dan/img/ftimg.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 108444
Last-Modified: Mon, 14 Mar 2022 10:33:19 GMT
Connection: keep-alive
ETag: "622f19ef-1a79c"
Accept-Ranges: bytes

www.labucarimini.net/js/particles2.js

170.130.73.3

200 OK

0 B

URL HTTP/1.1
www.labucarimini.net/js/particles2.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/particles2.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

www.labucarimini.net/js/library.min.js

170.130.73.3

200 OK

0 B

URL HTTP/1.1
www.labucarimini.net/js/library.min.js
IP
170.130.73.3:0
ASN
#62904 AS62904

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/library.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations