r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4582
Expires: Mon, 28 Nov 2022 01:31:55 GMT
Date: Mon, 28 Nov 2022 00:15:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Last-Modified: Sun, 27 Nov 2022 22:55:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3400
Expires: Mon, 28 Nov 2022 01:12:14 GMT
Date: Mon, 28 Nov 2022 00:15:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bkXZ3Dz4hBMoUQB0CDXM1paxyz8WFaEUefptOdW7Z7Jhc+1Qp40wjEAyd/JLJC0XxOvuza3J1rBEXXdb4QQ0lQ==
x-amz-request-id: 6C3SZXEM27BYYM6D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 23:41:50 GMT
age: 2024
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 23:19:26 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3368
alt-svc: clear
X-Firefox-Spdy: h2
labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
170.130.73.3200 OK 4.4 kB URL HTTP/1.1 labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 129b5a3682a227e73c64f00f526b111b
1eb1925ed9cf32b41546494609feac6b21267fd8
f6c0e672ff0f3b8d62e12079770294cf1706a9ad21cf642dab43503cf2db5fbf
GET /oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 00:15:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
labucarimini.net/jquery.20.min.js
170.130.73.3301 Moved Permanently 178 B URL HTTP/1.1 labucarimini.net/jquery.20.min.js
IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET /jquery.20.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/jquery.20.min.js
labucarimini.net/css/bootstrap.css
170.130.73.3200 OK 3.5 kB URL HTTP/1.1 labucarimini.net/css/bootstrap.css
IP 170.130.73.3:0
File type ASCII text, with very long lines (3962)
Hash bf0ec8e162db340d09f3b366135fde0c
63fa206313de9cf4e4edc0a10968a286090f2e03
49eee5e19b883b882561978e3f9645c6f3dbb97f5e2431c7397c767d6bbfc0ed
GET /css/bootstrap.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 00:08:54 GMT
cache-control: public,max-age=3600
age: 400
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
labucarimini.net/css/library.css
170.130.73.3200 OK 5.8 kB URL HTTP/1.1 labucarimini.net/css/library.css
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (19533)
Hash b6a969c731c2ab92988a9034d82de20e
584a93a7b719848f652fff69c2b5ace560c25bbb
8c49124d2757a1ecc4138f0d5d35a8d3b80b62cc7760abfe837ee16701f51184
GET /css/library.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/css/common.css
170.130.73.3200 OK 3.3 kB URL HTTP/1.1 labucarimini.net/css/common.css
IP 170.130.73.3:0
Hash 35b7b92ed86848bbb3e3519eed066106
e03ffe489b62bd93ab84f732cec6cbee4b9ebb5d
1009a0f513f3faea332e284e44a869cb156663b5887127b37629cd0b8549585b
GET /css/common.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/css/animate.css
170.130.73.3200 OK 4.9 kB URL HTTP/1.1 labucarimini.net/css/animate.css
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (374)
Hash 31bb8f5a129d737017c57f0883451e4e
f4a82d4327c9727fd410c8a6135b6275bcd5771e
c4b35dbaf58287de79b0f1edf9bb04257c966a2be5972d0b9373a7cb4a8326dd
GET /css/animate.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/css/inpage.css
170.130.73.3200 OK 10 kB URL HTTP/1.1 labucarimini.net/css/inpage.css
IP 170.130.73.3:0
Hash 863be087a3b1b23dd5ff3cd2adf4da4e
6950591973e24b66227471db979a775be47ba67e
05f9a8967df7627714f9063d60ccf2d1a1304b715684c58a13c9836f31c2593d
GET /css/inpage.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
labucarimini.net/css/Template.css
170.130.73.3200 OK 26 kB URL HTTP/1.1 labucarimini.net/css/Template.css
IP 170.130.73.3:0
Hash fea8a974b6cbabc481cb6de957e99f35
c0fd92e678fa604f43deed5c3b064ef9186c9f2c
f9431019150c8099a5c56728e051bcf0ec266e931bc332b5a7cc24ab94366b4e
GET /css/Template.css HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/js/jquery.min.js
170.130.73.3200 OK 33 kB URL HTTP/1.1 labucarimini.net/js/jquery.min.js
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (32110), with CRLF, LF line terminators
Hash 8fba43c4fe4b577c8fd78a00002af8a4
6d56c6b9990899e07cb14e1ef0d757fe537ff315
e893fd52b114286f0d54b1d057952bf3926819e78869c4a858adf93c7530a8a9
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/js/Common.js
170.130.73.3200 OK 727 B URL HTTP/1.1 labucarimini.net/js/Common.js
IP 170.130.73.3:0
Hash 1d159cf586449822da5d8f5df339ced4
dcf604e60dca79e921faede366ae772d50d98003
46acb1ba8123e8730de60a53d267964f18ab183c23357433124a80d19edd15e7
Analyzer Verdict Alert fortinet Malware
GET /js/Common.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/js/Template.js
170.130.73.3200 OK 2.4 kB URL HTTP/1.1 labucarimini.net/js/Template.js
IP 170.130.73.3:0
Hash 92a5e871bd183ae792a091956224fe98
2e1242f6b8da648511355ece5dd5a151b1927483
a711e4a5e79f472b5c8a2870898308314b6a2002e1a6e07b5c88a9d2c11c0360
Analyzer Verdict Alert fortinet Malware
GET /js/Template.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 23
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:34 GMT
Last-Modified: Mon, 28 Nov 2022 00:15:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
labucarimini.net/js/Inpage.js
170.130.73.3200 OK 287 B URL HTTP/1.1 labucarimini.net/js/Inpage.js
IP 170.130.73.3:0
Hash 185871bb2383f8ec6aa4eeb943768160
f4ea8c20d4e04f37aaf64f8d39482205a6267bd6
7699b1d13712cd255ec307b8bebe19a9a9df73b1827efd2d4f340d4d3f1b13bd
Analyzer Verdict Alert fortinet Malware
GET /js/Inpage.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/js/wow.js
170.130.73.3200 OK 3.0 kB URL HTTP/1.1 labucarimini.net/js/wow.js
IP 170.130.73.3:0
File type ASCII text, with very long lines (881)
Hash 20450d3b0e27927de67fc226b7fddc97
06bdceb4477a23ef4f0315d79478776c1f69b320
d52b6ae544caf31260b6d8b9c8ec4916206af686921a14854c09f7bd1a2753e7
Analyzer Verdict Alert fortinet Malware
GET /js/wow.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
labucarimini.net/jquery.la.min.js
170.130.73.3301 Moved Permanently 178 B URL HTTP/1.1 labucarimini.net/jquery.la.min.js
IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET /jquery.la.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/jquery.la.min.js
labucarimini.net/js/library.min.js
170.130.73.3200 OK 43 kB URL HTTP/1.1 labucarimini.net/js/library.min.js
IP 170.130.73.3:0
File type ASCII text, with very long lines (65515)
Hash 9f7fbfcea2f8cabe6e7d3d8870e8cc59
fb91f6929592aebf0353933c76ce696bfdfdca53
34bd01d83ec2f5e6df9f3ab9dd40ca6d0bb931fd38c19b092b6887aef441fea2
Analyzer Verdict Alert fortinet Malware
GET /js/library.min.js HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:32 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/jquery.20.min.js
170.130.73.3200 OK 241 B URL HTTP/1.1 www.labucarimini.net/jquery.20.min.js
IP 170.130.73.3:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 8ee22e7b5f638e1c510c03b268ad07c2
0f745dda31bacb16227df9000405e90f50af518a
381d7708f7edb83ad2f1080a2e363c59d3324a86afcc0e51a18e2479532f2342
Analyzer Verdict Alert fortinet Malware
GET /jquery.20.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript
Content-Length: 241
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-f1"
Expires: Mon, 28 Nov 2022 01:15:33 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
push.services.mozilla.com/
52.41.91.37101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.91.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 287m+nBMaBQyupNSZ9x7yw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XPi/olHVaeftAzpCH0XUBzr2cmQ=
www.labucarimini.net/jquery.la.min.js
170.130.73.3200 OK 252 B URL HTTP/1.1 www.labucarimini.net/jquery.la.min.js
IP 170.130.73.3:0
Hash ff276604916c787c6284e03c519f61aa
b9febf0f50b160107521612f4d232debddbd4de6
6da2cc4f106bd991bf12d41658c24281f80e1263e4554d1ab05982183a53204d
Analyzer Verdict Alert fortinet Malware
GET /jquery.la.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: application/javascript
Content-Length: 252
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-fc"
Expires: Mon, 28 Nov 2022 01:15:33 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
labucarimini.net/images/Common/tel-icon01.png
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/images/Common/tel-icon01.png
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/Common/tel-icon01.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/tel-icon01.png
labucarimini.net/upload/images/2021/8/9d490897b0e3c48.jpg
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/upload/images/2021/8/9d490897b0e3c48.jpg
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upload/images/2021/8/9d490897b0e3c48.jpg HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg
labucarimini.net/images/Common/ft-tel.png
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/images/Common/ft-tel.png
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/Common/ft-tel.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-tel.png
labucarimini.net/images/Template/err_img.png
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/images/Template/err_img.png
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/Template/err_img.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Template/err_img.png
labucarimini.net/upload/images/2021/8/426fe7b8e20b127b.png
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/upload/images/2021/8/426fe7b8e20b127b.png
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upload/images/2021/8/426fe7b8e20b127b.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 1929a64acc0d8780ab0ffa44d0447505
980622b4c9709e5a8a3d9870ba5bfc4cd93488a2
f544b2cc99e344165b1187874cdfe49abd3fba7e0c0ddb72b9336373c2ecc657
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sun, 27 Nov 2022 23:58:06 GMT
last-modified: Sun, 27 Nov 2022 04:40:29 GMT
expires: Sun, 04 Dec 2022 04:40:28 GMT
etag: "980622b4c9709e5a8a3d9870ba5bfc4cd93488a2"
cache-control: max-age=599419,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 770ecf561b2cbbcd-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1669593486
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache4.se1[22,22,200-0,H], cache3.se1[24,0], cache3.se1[25,0]
age: 1049
x-cache: HIT TCP_REFRESH_HIT dirn:11:391152799
x-swift-savetime: Mon, 28 Nov 2022 00:15:35 GMT
x-swift-cachetime: 751
timing-allow-origin: *, *
eagleid: 2ff62c9716695945357593570e, 2ff62c9716695945357593570e
www.myyilufa888.com/ff/pp.js
50.3.187.107200 OK 1.9 kB URL HTTP/1.1 www.myyilufa888.com/ff/pp.js
IP 50.3.187.107:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (559), with CRLF line terminators
Hash beecb20cae1291abfba2955779241436
0dc6a362525b453b482751f49b760b2834729e09
8dc965875ffd38f509982bb12a700f245ff348416b4c805ead19250bfb686ef8
GET /ff/pp.js HTTP/1.1
Host: www.myyilufa888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:35 GMT
Content-Type: application/javascript
Last-Modified: Sat, 29 Oct 2022 02:48:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"635c948d-1a24"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2
216.58.207.195200 OK 51 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 51172, version 1.0\012- data
Hash 75aae0890f79934cdf127df082092d06
d78451f74c35c249191e01a4576e6701202b8fd9
7c2ad54cada10eb0bb005b3b03372e1db84417f694bddaf5303bdae885a60b90
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.119.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:57:46 GMT
expires: Fri, 24 Nov 2023 16:57:46 GMT
cache-control: public, max-age=31536000
age: 285470
last-modified: Mon, 09 May 2022 18:43:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 35432, version 1.0\012- data
Hash 33ea7981ed83df0988d30f5950254044
2b74c0b566dc7c369fe7c17bc7f1e06e455de219
91d4622d15f2beedeeb092f084a1c8baa4047ecca6780257af5f6deb9f3450c4
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.116.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 20:14:36 GMT
expires: Wed, 22 Nov 2023 20:14:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:33:26 GMT
content-type: font/woff2
age: 446460
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2
216.58.207.195200 OK 40 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 40196, version 1.0\012- data
Hash e17430e8025b952561befbbbd86e232a
a45ad271c6c4d3b5441af02b173739773856113f
c4c6e86520e138b2a9aa10d0e7e3dfd88bd4a0007823b4ae6a53896f7065fa8b
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.112.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:15:05 GMT
expires: Wed, 22 Nov 2023 14:15:05 GMT
cache-control: public, max-age=31536000
age: 468031
last-modified: Mon, 09 May 2022 18:43:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2
216.58.207.195200 OK 44 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 43824, version 1.0\012- data
Hash 6c469f8666ba65ed35c390abce79ce3c
c701d3c734b07332d86bede063a2b7e88bff0879
1cc025dde3309bbdd14d3502a4711d38f64c79f097e2a0376bcfea77dfc671f7
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.108.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:32:13 GMT
expires: Wed, 22 Nov 2023 14:32:13 GMT
cache-control: public, max-age=31536000
age: 467003
last-modified: Mon, 09 May 2022 18:43:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2
216.58.207.195200 OK 43 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42844, version 1.0\012- data
Hash 1dfa491ede83e52869af1e6ea03c1a98
274b41476ebcf4e4be7d6f1520aee03e02fb9b4d
d405c1540e10462230fc7cfb8d0aaeef190af7b4f5ea62f062e1e66200e10bee
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.111.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 16:14:16 GMT
expires: Thu, 23 Nov 2023 16:14:16 GMT
cache-control: public, max-age=31536000
age: 374480
last-modified: Mon, 09 May 2022 18:43:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2
216.58.207.195200 OK 42 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42056, version 1.0\012- data
Hash 732fe7f1aa387cd4bc1496192d6a3519
a41760e709aefaaeba1082ee65c34988f4ea94c3
72f1cd4df1b14de23121cf998e774729996c9c72680bd8fdde9cdff819789552
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.109.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:27:25 GMT
expires: Fri, 24 Nov 2023 21:27:25 GMT
cache-control: public, max-age=31536000
age: 269291
last-modified: Mon, 09 May 2022 18:36:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2
216.58.207.195200 OK 43 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42732, version 1.0\012- data
Hash 9af28973f2a275f279583b252f0faa6c
76a632d90bf9da03d3fd2f42679c97deb0df2fe1
aaa004162c9ae0677ddb6cfc1f957c2a3a18699be3374cc4687d00e3acc14042
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.104.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42732
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 15:20:20 GMT
expires: Wed, 22 Nov 2023 15:20:20 GMT
cache-control: public, max-age=31536000
age: 464116
last-modified: Mon, 09 May 2022 18:36:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2
216.58.207.195200 OK 43 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 43144, version 1.0\012- data
Hash a59c00e04c9b601c9c35d8e8681f3315
f14bb358240a463bd7fc36c221c3cbc708b9b7a4
fe6e22e1c0cb89514a8f818b39047d5ed59e4fee0a802f0137f6c208b07d598c
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.102.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:40:23 GMT
expires: Wed, 22 Nov 2023 14:40:23 GMT
cache-control: public, max-age=31536000
age: 466513
last-modified: Mon, 09 May 2022 18:36:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2
216.58.207.195200 OK 44 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 43564, version 1.0\012- data
Hash c416ae3797ebc5d7dc183ba9077109d7
8ca3d2787ad6665b1759d75e7ce03729facbac6a
2749889c3e7435d56290a41bdf3a6e513892bf4b585b4c1fe399e2c607adb9ba
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.106.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:32:59 GMT
expires: Thu, 23 Nov 2023 08:32:59 GMT
cache-control: public, max-age=31536000
age: 402157
last-modified: Mon, 09 May 2022 18:42:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 00:15:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2
216.58.207.195200 OK 43 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42956, version 1.0\012- data
Hash 4c7d34df91a6f48fad0adc92175b5a50
8b94ecf2ecf06385f41923929b02f8bd5d2dd410
d838f78456381239e69ea1726a29b13ff68686b79038bca420769126bd338803
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.105.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:30:42 GMT
expires: Wed, 22 Nov 2023 14:30:42 GMT
cache-control: public, max-age=31536000
age: 467094
last-modified: Mon, 09 May 2022 18:36:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2
216.58.207.195200 OK 44 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 44152, version 1.0\012- data
Hash a156849828ee908aabf9e3dcaf00f9b2
024890e2c8d616b95e1be5336fb18ac7e90ba4e3
ce88bd279a8b8495b918ca3eb7144dd4b75db9ea4084b30f52b453414c197a49
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.25.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44152
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 16:00:34 GMT
expires: Wed, 22 Nov 2023 16:00:34 GMT
cache-control: public, max-age=31536000
age: 461702
last-modified: Mon, 09 May 2022 18:34:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2
216.58.207.195200 OK 42 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42364, version 1.0\012- data
Hash dad64580dba7f4b9d9aeabd6a6a64ca0
179116dd354e66b175bf0efc5a3ea2c252140f84
bae3c5b51b6907ff27836682bcf1b78c86e6f05131b3f9d5d9bce8c7535edc5b
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.110.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42364
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:24:55 GMT
expires: Wed, 22 Nov 2023 14:24:55 GMT
cache-control: public, max-age=31536000
age: 467441
last-modified: Mon, 09 May 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2
216.58.207.195200 OK 43 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 42824, version 1.0\012- data
Hash 217232a39ce817083b9b2ce355224706
df3e3967fb815b382309a6aa2d49af0e907fe140
51d0f26d34dd524e7f2a6bc02dff8fa1346cb0a37dc26ec55ee2fcd28390b556
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.107.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 01:36:18 GMT
expires: Wed, 22 Nov 2023 01:36:18 GMT
cache-control: public, max-age=31536000
age: 513558
last-modified: Mon, 09 May 2022 18:36:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 34792, version 1.0\012- data
Hash 33f14346b534356301c366aba9e0d383
ed94b354d1848bf588fe968d867501819038be87
07929b93fd502ebe1a01b0a5f2733aa9f6e803b624c7af9e5574f038f793eac5
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.117.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34792
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:35:06 GMT
expires: Fri, 24 Nov 2023 21:35:06 GMT
cache-control: public, max-age=31536000
age: 268830
last-modified: Mon, 09 May 2022 18:42:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2
216.58.207.195200 OK 37 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 37184, version 1.0\012- data
Hash 43ffd6eace791e530dfb05bb1ecb17d8
608665b528f293eb9dc7b7301f8b4dbfcd508cc6
ede6260d23cb484721ede99e32d01c88bd19b7ace8f0baa66f2d92ad9044290c
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.115.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:20:41 GMT
expires: Wed, 22 Nov 2023 14:20:41 GMT
cache-control: public, max-age=31536000
age: 467695
last-modified: Mon, 09 May 2022 18:43:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2
216.58.207.195200 OK 39 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 39084, version 1.0\012- data
Hash fbce8b7897f94f2d10e7539fb101478b
93400c89dd410bc2e0d7c5faea4cb75a5f3646e8
93757a8850e24bf2cd2d4bf312edf58980628a4388793e28946f6140939dced1
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.114.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39084
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 08:22:17 GMT
expires: Wed, 22 Nov 2023 08:22:17 GMT
cache-control: public, max-age=31536000
age: 489199
last-modified: Mon, 09 May 2022 18:42:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2
216.58.207.195200 OK 40 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 40296, version 1.0\012- data
Hash e1b51631af4bbd5df1c92a9fe45e2b4d
f403284b49e5bbb090a84f6aaced7c601e307b14
35af288de50220eaced947a50555b1ba1d4ff2fa039e4572bb738710d4e2310d
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.113.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40296
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:12:58 GMT
expires: Fri, 24 Nov 2023 21:12:58 GMT
cache-control: public, max-age=31536000
age: 270158
last-modified: Mon, 09 May 2022 18:36:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2
216.58.207.195200 OK 30 kB URL HTTP/2 fonts.gstatic.com/s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), CFF, length 30540, version 1.0\012- data
Hash 89d1655f5820a9fc94c71d16cda71610
674594197aa010352f80e3ca3236f7d611424e9d
ae9ef4a00da21386b56f615753db5f8717d261439b20b26941d401e582e4b06d
GET /s/notosanssc/v26/k3kXo84MPvpLmixcA63oeALhLOCT-xWNm8Hqd37g1OkDRZe7lR4sg1IzSy-MNbE9VH8V.118.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://labucarimini.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30540
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 04:03:21 GMT
expires: Wed, 22 Nov 2023 04:03:21 GMT
cache-control: public, max-age=31536000
age: 504735
last-modified: Mon, 09 May 2022 18:42:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
labucarimini.net/images/Common/ft-bg.jpg
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/images/Common/ft-bg.jpg
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/Common/ft-bg.jpg HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/common.css
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-bg.jpg
labucarimini.net/images/Common/ft-icon.png
170.130.73.3302 Moved Temporarily 0 B URL HTTP/1.1 labucarimini.net/images/Common/ft-icon.png
IP 170.130.73.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/Common/ft-icon.png HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/common.css
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://www.gddyxn.com/images/Common/ft-icon.png
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7545
Expires: Mon, 28 Nov 2022 02:21:21 GMT
Date: Mon, 28 Nov 2022 00:15:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 71251bd4e19aa0d2be6336e7366f15ff
5c8be4aa5190dc7ae89674a26945bfc9ff240175
fb15afbdd12ab04b3bb2785fb3ebf1f2d82f243b47f1b8c2c8788f7653f8059b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff33742-bcf4-48a8-b6fb-80eca56e49e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6003
x-amzn-requestid: 55485f7d-70d3-4f00-90fa-6384e53c990a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR79tEt8oAMF8vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9f1-7b8a266209a1648724c5ca9d;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3edUH9nvxAHeFtJk-vye1QpLXAgSYPo62odg3mPQwE-u-npXeDDdVg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:16:28 GMT
age: 7148
etag: "5c8be4aa5190dc7ae89674a26945bfc9ff240175"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A5n6y1-hpgr4vynnRXkEZNvCvjlNGH6brl7eYMsdN1MST7YoD2BPgA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:13 GMT
age: 8663
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 8030
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 577b69fd08ad8368ea5a94fe41476c1c
9442f111d329f721ddc55100cd246586d8204048
bdafc5068032dcf5e207cf2685a1b9350dbe8d990ba181520ff47889524532f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8517
x-amzn-requestid: 12456791-0e7f-45d7-97ae-d663c8fa841d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMozvHHLoAMFVqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb4a-54ed1ec101789247052c9ec8;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:07:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UzzTPZIBjoow9PK-oM9rfGh5HkrivyPDofbTXy-I-9e4_baQnyKVhQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 05:55:42 GMT
age: 65994
etag: "9442f111d329f721ddc55100cd246586d8204048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e240caa3153ea25c34d07185b47f8a5
602e8ba5c6671ff947acfda757577ddc8ecec6ec
c2b37bf1ef003ceffaaf4612f2001b6f7998d5b95cd55b32c79fefcb24ccad7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11255
x-amzn-requestid: ce06e0cc-3874-4a3d-a6c5-5cc1cb342138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7w8EEOIAMF_6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99f-5ca652aa369ee1690b0d08cc;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6qKDE2jlIb8D2Mhg-OcsfU1haVtyGYfcMcs1NJT_HPlTv-O26tR60w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:34 GMT
age: 8462
etag: "602e8ba5c6671ff947acfda757577ddc8ecec6ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 10:15:53 GMT
age: 50383
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Noto+Sans+SC:400
142.250.74.10200 OK 51 kB URL HTTP/2 fonts.googleapis.com/css?family=Noto+Sans+SC:400
IP 142.250.74.10:0
Hash 5067b18c4983ec38f95651e7d0517dd0
007f5ef65432215ebcb42f232caf649cc7a3d5f0
bd3b9312de99a6014e685ce39bfbd2ad852e3fefe69770e043164bcea92e8a0a
GET /css?family=Noto+Sans+SC:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 00:15:34 GMT
date: Mon, 28 Nov 2022 00:15:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a6401550726420e886a5149e0002df15
f154e9ad355d9445e46c502c99e7bc57a861e767
777951b0f25762c98e11e33ad12c33f7cf16751137a0f1530e3e6454ab17571a
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sun, 27 Nov 2022 23:58:12 GMT
last-modified: Thu, 24 Nov 2022 19:27:57 GMT
expires: Thu, 01 Dec 2022 19:27:56 GMT
etag: "f154e9ad355d9445e46c502c99e7bc57a861e767"
cache-control: max-age=601347,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 770ecf7aed6f6957-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1669593492
via: cache12.l2de2[0,0,304-0,H], cache19.l2de2[1,0], cache1.se1[82,82,200-0,H], cache3.se1[84,0], cache3.se1[85,0]
age: 1044
x-cache: HIT TCP_REFRESH_HIT dirn:4:88708306
x-swift-savetime: Mon, 28 Nov 2022 00:15:36 GMT
x-swift-cachetime: 756
timing-allow-origin: *, *
eagleid: 2ff62c9716695945363743946e, 2ff62c9716695945363743946e
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 8458771cfb25d5da942c3d6141d2f773
12310142bb209b549ee8d160ea1cc179452f8453
e6e53b9a2b4d1ee0a9c1ad44c8f89293d07675ef2d09eae1370733938addb51f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 01 Dec 2022 22:53:15 GMT
ETag: "12310142bb209b549ee8d160ea1cc179452f8453"
Last-Modified: Sun, 27 Nov 2022 22:53:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2163
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770ee8fd1f3cb50f-OSL
www.mylf888.com/dan/indexyl.html
50.3.187.42200 OK 1.4 kB URL HTTP/1.1 www.mylf888.com/dan/indexyl.html
IP 50.3.187.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 96da02cd75325f687714bbb5641f9f5d
558c4783ef2f6d4487c3a26fb8af88de6ded67fc
94da0be59f18bc63e1328dbe83758dd1d31635a2b654a20186f93c127aae84f9
GET /dan/indexyl.html HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/html
Last-Modified: Sat, 29 Oct 2022 02:39:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"635c9252-186b"
Content-Encoding: gzip
labucarimini.net/iconfont/iconfont.woff
170.130.73.3200 OK 33 kB URL HTTP/1.1 labucarimini.net/iconfont/iconfont.woff
IP 170.130.73.3:0
File type Web Open Font Format, TrueType, length 33120, version 1.0\012- data
Hash 8c59c1b9407ffcb7fed0e4dd784269d9
5e156775d4a8cd75e2e66e93eab6bea35a1d3edd
52b80074402c5ad17eab1f27644a28ed719110b4f8ef282bff1c76bbc160c335
Analyzer Verdict Alert fortinet Malware
GET /iconfont/iconfont.woff HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://labucarimini.net/css/library.css
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
www.mylf888.com/dan/js/zhongguomeng.js
50.3.187.42200 OK 990 B URL HTTP/1.1 www.mylf888.com/dan/js/zhongguomeng.js
IP 50.3.187.42:0
File type ASCII text, with CRLF line terminators
Hash d5b31971437609ec3a08d25605525bb1
2b9f2aaf5a5d61abb692d026bbf42884493a448b
f7bb6448475d0a3c54ac43644d74941f700fdac565cb1f35b3596890245fd8e9
GET /dan/js/zhongguomeng.js HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: application/javascript
Content-Length: 990
Last-Modified: Sat, 26 Nov 2022 07:27:18 GMT
Connection: keep-alive
ETag: "6381bfd6-3de"
Accept-Ranges: bytes
www.gddyxn.com/images/Common/tel-icon01.png
120.79.183.204200 OK 1.3 kB URL HTTP/1.1 www.gddyxn.com/images/Common/tel-icon01.png
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash 97b825d09d95a7cba13606ef7c9b31bd
fc66fee9e6d89468f1aae842c6982d4d6b76bdb8
6ae6111d94745600f1eb3b3a2f5bd584d34095d741bebb0946ea649d8ec84cc6
GET /images/Common/tel-icon01.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 13 Aug 2021 01:51:58 GMT
Accept-Ranges: bytes
ETag: "0f3facce58fd71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1342
www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png
120.79.183.204200 OK 6.1 kB URL HTTP/1.1 www.gddyxn.com/upload/images/2021/8/426fe7b8e20b127b.png
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 168 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d2a7b0d0322f4bd0af6a5b4e956b91e
5368f90b60cd2e5d5e72045650bc544508851a99
68673d2410d3e05dcd6de842beff16f8aab82e9917ba3e87d37808c3a24150df
GET /upload/images/2021/8/426fe7b8e20b127b.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 08:54:24 GMT
Accept-Ranges: bytes
ETag: "060c9fae990d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 6117
www.mylf888.com/dan/index.css
50.3.187.42200 OK 505 B URL HTTP/1.1 www.mylf888.com/dan/index.css
IP 50.3.187.42:0
Hash 64264c1ffc415ab97cc63ea904ff0304
a5ad17b604051533e9bf9cd0b50e52fba75f943c
d8859eafd3778ea6403a584689b6511243cb0e39b51f182b7d7b09c21ce28e5e
GET /dan/index.css HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/css
Last-Modified: Tue, 11 May 2021 11:00:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"609a63c6-453"
Content-Encoding: gzip
www.gddyxn.com/images/Common/ft-tel.png
120.79.183.204200 OK 1.3 kB URL HTTP/1.1 www.gddyxn.com/images/Common/ft-tel.png
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash d7417452fef231d562f9110040771ed8
2cd9370ccc9ffa114a28916ce904d83236b99dad
6ae398da677f521022a61bee3739b764dff6e7520cc725b48f4a8794622e97a6
GET /images/Common/ft-tel.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 07:24:20 GMT
Accept-Ranges: bytes
ETag: "06ac065dd90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1324
labucarimini.net/iconfont/iconfont.ttf
170.130.73.3200 OK 34 kB URL HTTP/1.1 labucarimini.net/iconfont/iconfont.ttf
IP 170.130.73.3:0
File type TrueType Font data, 11 tables, 1st "GSUB", 2817 names, language 0x110, type 273 string\012- data
Hash 3b0bdd1b3b8f7ff082dc26567c44731c
878f5233b5f01665745911612ce7941b4d7a4592
6b04f07526fcd66f4b089694d8070d658f1e194878f841252bc52bc2154dd45b
Analyzer Verdict Alert fortinet Malware
GET /iconfont/iconfont.ttf HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/css/library.css
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:34 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.mylf888.com/jquery.la.min.js
50.3.187.42404 Not Found 162 B URL HTTP/1.1 www.mylf888.com/jquery.la.min.js
IP 50.3.187.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 70461da8b94c6ca5d2fda3260c5a8c3b
994bc667720c21257500e29038c1a5f61e25da1e
f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
GET /jquery.la.min.js HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
www.gddyxn.com/images/Template/err_img.png
120.79.183.204200 OK 11 kB URL HTTP/1.1 www.gddyxn.com/images/Template/err_img.png
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 416 x 160, 8-bit/color RGBA, non-interlaced\012- data
Hash 2dc3ef7acf2ca2a276b5e1a79eb0a89b
599f4df928692bac9709cc60af30926551fd4772
b3a95ba926625ea738f84c8ee66776dc7126f8a45c54f08f2b6568d54c8019c6
GET /images/Template/err_img.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 11 Dec 2020 06:38:30 GMT
Accept-Ranges: bytes
ETag: "03713d88cfd61:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 10770
www.gddyxn.com/images/Common/ft-icon.png
120.79.183.204200 OK 1.0 kB URL HTTP/1.1 www.gddyxn.com/images/Common/ft-icon.png
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 1 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 0f11f9c11e95261fd090201b0c582d50
60cc220e8f02f075e8b94ad22590c02b5ec69383
66807d957420213ebf4a71eb591fffb29f065b6fe8eee38dbdcade8a2c095867
GET /images/Common/ft-icon.png HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://labucarimini.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 14 Aug 2021 07:18:04 GMT
Accept-Ranges: bytes
ETag: "05ea385dc90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 1026
www.mylf888.com/dan/img/bwin1000.gif
50.3.187.42200 OK 57 kB URL HTTP/1.1 www.mylf888.com/dan/img/bwin1000.gif
IP 50.3.187.42:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x100, components 3\012- data
Hash 2e599e6d4d3d33ff4de9f6729899c960
ba96b8f555d5907c0b67c723aaeba8250098e61c
3bba9661f9ad5b20934c5a85fdb31b01006948f2dcb27ff7f81cbd958b2c4fb5
GET /dan/img/bwin1000.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 57413
Last-Modified: Mon, 23 May 2022 07:41:45 GMT
Connection: keep-alive
ETag: "628b3ab9-e045"
Accept-Ranges: bytes
hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?2de0aeba5b7775abb16b92601cff3525
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (617)
Hash efb9c29f812daf6ff501a84e531b96cf
c713c078a69cb868ad7b6e5d13f217d8d959732b
5eecfd8275341d6aecf4085eb0c61985e4a9bd3a62330348b2641a017bbad5c7
GET /hm.js?2de0aeba5b7775abb16b92601cff3525 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Mon, 28 Nov 2022 00:15:36 GMT
Etag: 6328735757d79ece1c89920c25249b74
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=FE4A359727184C48; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg
120.79.183.204200 OK 23 kB URL HTTP/1.1 www.gddyxn.com/upload/images/2021/8/9d490897b0e3c48.jpg
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2021-08-16T14:49:48+08:00], baseline, precision 8, 200x200, components 3\012- data
Hash a834f769f65fc2b19d36eaf37c5f3d42
7c334ad92dad1d640d08a9024bdc0e340a05a83b
c946209116c7359dbcd64b16163f976835a36ecdd937eab0d1dd557b1d0a0ac8
GET /upload/images/2021/8/9d490897b0e3c48.jpg HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 16 Aug 2021 06:50:12 GMT
Accept-Ranges: bytes
ETag: "0eadff56a92d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 22753
www.mylf888.com/dan/img/yongli21.gif
50.3.187.42200 OK 135 kB URL HTTP/1.1 www.mylf888.com/dan/img/yongli21.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 300\012- data
Size 135 kB (134753 bytes)
Hash 499ca03c442b30fbed7b0e3086ac3cf0
7c080c0f949f4f03278e910d3c977d9df689f27c
b8adffdef819280ebb61a8ad47983e75248e13be82f4a2b1d19e779d39472943
GET /dan/img/yongli21.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 134753
Last-Modified: Thu, 08 Sep 2022 07:06:56 GMT
Connection: keep-alive
ETag: "63199490-20e61"
Accept-Ranges: bytes
www.mylf888.com/dan/img/blakimg.jpg
50.3.187.42200 OK 122 kB URL HTTP/1.1 www.mylf888.com/dan/img/blakimg.jpg
IP 50.3.187.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x1400, components 3\012- data
Size 122 kB (122095 bytes)
Hash 32a8354488a992361e0a9c29f87f0eeb
585df2d841f06ab2852e7f030b12cc2d40bb5c0e
46d8ee2ab6daa69ec6c8b1b99a6264e4879524cfe9e8b49bb05914d478fa4824
GET /dan/img/blakimg.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/jpeg
Content-Length: 122095
Last-Modified: Tue, 11 May 2021 10:59:22 GMT
Connection: keep-alive
ETag: "609a638a-1dcef"
Accept-Ranges: bytes
www.mylf888.com/dan/img/bet365365.jpg
50.3.187.42200 OK 118 kB URL HTTP/1.1 www.mylf888.com/dan/img/bet365365.jpg
IP 50.3.187.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x100, components 3\012- data
Size 118 kB (118484 bytes)
Hash b601a3aeeb918c401a7e6203a27129f5
314ab685c22cf0f4979e2468ce2de55c74a959de
a86e74c3ec52a8b51388c52bad6b510042b1faf95bf730f20a7d6b899c373969
GET /dan/img/bet365365.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 118484
Last-Modified: Mon, 26 Sep 2022 02:39:22 GMT
Connection: keep-alive
ETag: "633110da-1ced4"
Accept-Ranges: bytes
www.mylf888.com/dan/img/xintyc.gif
50.3.187.42200 OK 362 kB URL HTTP/1.1 www.mylf888.com/dan/img/xintyc.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1020 x 85\012- data
Size 362 kB (362518 bytes)
Hash bcbf48cc8ce9f196243aa50fb754f4cd
6a5efd0572153c8721f6a4e0a16db1d167d13592
06f6e6b9728c7d2ad9d0015202ff0d4cab15ec15ac50404964b301cf96fc8f07
GET /dan/img/xintyc.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/gif
Content-Length: 362518
Last-Modified: Wed, 02 Jun 2021 01:49:08 GMT
Connection: keep-alive
ETag: "60b6e394-58816"
Accept-Ranges: bytes
www.mylf888.com/dan/img/yaobo09.png
50.3.187.42200 OK 375 kB URL HTTP/1.1 www.mylf888.com/dan/img/yaobo09.png
IP 50.3.187.42:0
File type PNG image data, 1434 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size 375 kB (375070 bytes)
Hash 8246fea5d34a8158b32ca6c245ea16b6
ba9ad21b7780a9ea8a530f363c09d4448cac7b6e
12bb8811bdbadec42e092ff12b79bb52657f2cd971e188052610e6358e3c9813
GET /dan/img/yaobo09.png HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/png
Content-Length: 375070
Last-Modified: Fri, 29 Oct 2021 10:53:53 GMT
Connection: keep-alive
ETag: "617bd2c1-5b91e"
Accept-Ranges: bytes
www.mylf888.com/dan/img/wns111.gif
50.3.187.42200 OK 177 kB URL HTTP/1.1 www.mylf888.com/dan/img/wns111.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 177 kB (177253 bytes)
Hash 40c5a20c644663ccb411529e39250f18
1543e1b4f210a2f6e56e67d828672e54d4b38a7d
e3461a38cba8e8b063619522d87e8886ac75bec436bc12e0d2f9ca69bb987ff3
GET /dan/img/wns111.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 177253
Last-Modified: Tue, 11 May 2021 11:00:03 GMT
Connection: keep-alive
ETag: "609a63b3-2b465"
Accept-Ranges: bytes
www.mylf888.com/dan/img/1000x100.js.gif
50.3.187.42200 OK 244 kB URL HTTP/1.1 www.mylf888.com/dan/img/1000x100.js.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 244 kB (244005 bytes)
Hash 68fb65625bff58cfbfb43ad584b6b14d
02411259fcdd4faa799d66b3e1d0cb49948bc779
0c8c4923f415217e1b2a3348bcc0eba16466a27fca78181f44c1066377de11eb
GET /dan/img/1000x100.js.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 244005
Last-Modified: Tue, 11 May 2021 10:59:11 GMT
Connection: keep-alive
ETag: "609a637f-3b925"
Accept-Ranges: bytes
www.mylf888.com/dan/img/tyc111.gif
50.3.187.42200 OK 185 kB URL HTTP/1.1 www.mylf888.com/dan/img/tyc111.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 185 kB (184798 bytes)
Hash 3afa272c428b59f208c02e5af9760940
c1b78fe258f15c46a1494cbf3adea52d592126f3
60ba6d37b9eab566fad8dc32e8badeae198af00faf1a494ca9885f119dae32fb
GET /dan/img/tyc111.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 184798
Last-Modified: Mon, 26 Sep 2022 01:57:30 GMT
Connection: keep-alive
ETag: "6331070a-2d1de"
Accept-Ranges: bytes
www.mylf888.com/dan/img/amdc1000x100.gif
50.3.187.42200 OK 278 kB URL HTTP/1.1 www.mylf888.com/dan/img/amdc1000x100.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 278 kB (278305 bytes)
Hash 71c7927a8115608a38ef646fbe1d245e
62308a2b77fe5db7519349d56e8f9daf1230a5dc
94cf5d84e80dc1006762bb51fe0a2ae9cd9a9a608eb4d60f25bbfb4e9959dbf8
GET /dan/img/amdc1000x100.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 278305
Last-Modified: Fri, 24 Dec 2021 11:28:19 GMT
Connection: keep-alive
ETag: "61c5aed3-43f21"
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1354328118&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D&tt=%E6%BE%B3%E9%97%A8%E6%B0%B8%E5%88%A95335cc(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 28 Nov 2022 00:15:37 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A5AACD28961CE125; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.mylf888.com/dan/img/ld891.jpg
50.3.187.42200 OK 222 kB URL HTTP/1.1 www.mylf888.com/dan/img/ld891.jpg
IP 50.3.187.42:0
File type PNG image data, 2100 x 150, 8-bit colormap, non-interlaced\012- data
Size 222 kB (222004 bytes)
Hash c514cc26a8bbf5cb52abdf9ab9e68980
18199a677d4fbb0cf0a1c7f9af076c2ae76fb4cb
3a39dc076d1c0bfec10debd1c0f54249d89036049dad5f24255eb2e6b610b27d
GET /dan/img/ld891.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 222004
Last-Modified: Tue, 26 Jul 2022 08:11:41 GMT
Connection: keep-alive
ETag: "62dfa1bd-36334"
Accept-Ranges: bytes
www.mylf888.com/dan/img/manbetx10.gif
50.3.187.42200 OK 320 kB URL HTTP/1.1 www.mylf888.com/dan/img/manbetx10.gif
IP 50.3.187.42:0
File type PNG image data, 1240 x 151, 8-bit/color RGBA, non-interlaced\012- data
Size 320 kB (319786 bytes)
Hash a5676971e3a14edbb3c97a69ca17b820
a2bfd63cc4227018cb9be5f85ef207f6fbb4e836
fe87f00bd9fc4205dc44dfb35d63b7e8fd6980c8714149d3e0c5a74e8c28ef80
GET /dan/img/manbetx10.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 319786
Last-Modified: Fri, 20 May 2022 07:08:20 GMT
Connection: keep-alive
ETag: "62873e64-4e12a"
Accept-Ranges: bytes
www.mylf888.com/dan/img/kaiyun100.jpg
50.3.187.42200 OK 64 kB URL HTTP/1.1 www.mylf888.com/dan/img/kaiyun100.jpg
IP 50.3.187.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1090x141, components 3\012- data
Hash baba23b989f46d56bf7bccbcb684f8a9
efba0da806c3e339335d1b5716af81df13da42aa
d94177e2f5bb8337e610eb21f1a78380179d5d5e7703d85ae9f15e45f77d46fd
GET /dan/img/kaiyun100.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 63943
Last-Modified: Sat, 29 Oct 2022 03:38:51 GMT
Connection: keep-alive
ETag: "635ca04b-f9c7"
Accept-Ranges: bytes
www.mylf888.com/dan/img/xpj999.gif
50.3.187.42200 OK 649 kB URL HTTP/1.1 www.mylf888.com/dan/img/xpj999.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 200\012- data
Size 649 kB (649012 bytes)
Hash 4b2329aee1fcc97910223870de0a7ac3
f7a5bd1bee03223ee41d7a586569337aefb09ea2
ddff3a89b79326f02c8e2ba68f8534df4ad3196134e74ec0accb51800cd4de3d
GET /dan/img/xpj999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 649012
Last-Modified: Thu, 08 Sep 2022 06:45:06 GMT
Connection: keep-alive
ETag: "63198f72-9e734"
Accept-Ranges: bytes
www.mylf888.com/dan/img/xyl999.gif
50.3.187.42200 OK 477 kB URL HTTP/1.1 www.mylf888.com/dan/img/xyl999.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 477 kB (477348 bytes)
Hash 9e07a5cab4aa0dd2f4812fc347081ac8
b07f49e9cb7a8a678063ebede264aa7a60387348
38be687f0e62fcbf1b13a04003b15a3f9cef34bc2ab4332f33aa29e63e359765
GET /dan/img/xyl999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 477348
Last-Modified: Wed, 02 Jun 2021 01:49:09 GMT
Connection: keep-alive
ETag: "60b6e395-748a4"
Accept-Ranges: bytes
push.zhanzhang.baidu.com/push.js
182.61.201.93200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.93:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Mon, 28 Nov 2022 00:15:37 GMT
Etag: "4078521116"
Expires: Tue, 28 Nov 2023 00:15:37 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E90B452CE7A7508F416D77D56A2ACC29:FG=1; max-age=31536000; expires=Tue, 28-Nov-23 00:15:37 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
labucarimini.net/favicon.ico
170.130.73.3301 Moved Permanently 178 B URL HTTP/1.1 labucarimini.net/favicon.ico
IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /favicon.ico HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:35 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/favicon.ico
www.mylf888.com/dan/img/daohang.gif
50.3.187.42200 OK 3.2 kB URL HTTP/1.1 www.mylf888.com/dan/img/daohang.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 1000 x 50\012- data
Hash acd657d8df9241a153133cdbc926f4b0
3510be93a9e851aa533ad47cc70e6ec91c5c8be0
fcb2f2759f42d40e5176e005f15482e629e97a1ef6117e2bf25959440e3f7b3f
GET /dan/img/daohang.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 3181
Last-Modified: Mon, 14 Mar 2022 06:47:21 GMT
Connection: keep-alive
ETag: "622ee4f9-c6d"
Accept-Ranges: bytes
www.mylf888.com/dan/img/jinsha168.jpg
50.3.187.42200 OK 14 kB URL HTTP/1.1 www.mylf888.com/dan/img/jinsha168.jpg
IP 50.3.187.42:0
File type PNG image data, 333 x 79, 8-bit/color RGBA, non-interlaced\012- data
Hash 73c2658bd87f442dbe3688a4fe48352c
f5a31ed734b80202b74f6d296766ae2e8bbd7874
7156ba4542717f84d7acea3aef40754a8fb5d7ce99452ebf9c3a1d5b5f15e5ea
GET /dan/img/jinsha168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 14242
Last-Modified: Mon, 14 Mar 2022 06:47:18 GMT
Connection: keep-alive
ETag: "622ee4f6-37a2"
Accept-Ranges: bytes
www.mylf888.com/dan/img/wnsr168.gif
50.3.187.42200 OK 7.9 kB URL HTTP/1.1 www.mylf888.com/dan/img/wnsr168.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 333 x 81\012- data
Hash c5f1db8a552e95f0b0f6b0a9fc59b93e
7ddf31d81e285b78b0a2366546c69c10a66e3131
34684d52b7a18477268cf05f7560f4ba13d6a01b9948bfca2aa7040469f7ca8f
GET /dan/img/wnsr168.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 7889
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-1ed1"
Accept-Ranges: bytes
www.mylf888.com/dan/img/tyc168.jpg
50.3.187.42200 OK 9.9 kB URL HTTP/1.1 www.mylf888.com/dan/img/tyc168.jpg
IP 50.3.187.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Hash 6d9b3cb1918e3cf4c7142f38e1c6302e
3c8bd0b1ce1bb167d9bccadc063039d8530be739
0037804244cfbf6211c14a75c8b023ae900699b2539e2151537331956fe9a291
GET /dan/img/tyc168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 9866
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-268a"
Accept-Ranges: bytes
www.mylf888.com/dan/img/biwin999.gif
50.3.187.42200 OK 9.2 kB URL HTTP/1.1 www.mylf888.com/dan/img/biwin999.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 334 x 81\012- data
Hash d05fff7c08e48f787151cd283766a047
108d14a03d85fb2d7ecc7391ab48f71aff83a85f
eba6395900606e52a184b74fdbf2ee8990ca302d8778c02cd3e4921a6a9e411e
GET /dan/img/biwin999.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 9197
Last-Modified: Thu, 24 Mar 2022 01:50:13 GMT
Connection: keep-alive
ETag: "623bce55-23ed"
Accept-Ranges: bytes
www.gddyxn.com/images/Common/ft-bg.jpg
120.79.183.204200 OK 116 kB URL HTTP/1.1 www.gddyxn.com/images/Common/ft-bg.jpg
IP 120.79.183.204:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x605, components 3\012- data
Size 116 kB (116158 bytes)
Hash c75f0c4af083dbea42d9654fe7f4c9b9
86513e63ec8a6e0a679a67d08bb8f1d7b7b38f5c
99bcbd5e99765d18f6e17cb4ab36c7f53879b006a874f8ebc1e21d487ef3bab0
GET /images/Common/ft-bg.jpg HTTP/1.1
Host: www.gddyxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://labucarimini.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 14 Aug 2021 07:01:34 GMT
Accept-Ranges: bytes
ETag: "05b8d37da90d71:0"
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Length: 116158
www.mylf888.com/dan/img/aomendc999.jpg
50.3.187.42200 OK 22 kB URL HTTP/1.1 www.mylf888.com/dan/img/aomendc999.jpg
IP 50.3.187.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 333x79, components 3\012- data
Hash 7962dc0719483a5ec18c92b5fa935fca
fa676567caebf334f37b4cc057092d3345129ce8
c25bfbb9468cce8ace9f0f244f9ad809d7e57245fa99df623a4a3911a065875c
GET /dan/img/aomendc999.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 21563
Last-Modified: Mon, 14 Mar 2022 06:47:18 GMT
Connection: keep-alive
ETag: "622ee4f6-543b"
Accept-Ranges: bytes
www.mylf888.com/dan/img/xpj168.gif
50.3.187.42200 OK 6.8 kB URL HTTP/1.1 www.mylf888.com/dan/img/xpj168.gif
IP 50.3.187.42:0
File type GIF image data, version 89a, 333 x 81\012- data
Hash efc3d4f0d0c2d35c69557e477b2e4fc6
2e00fe60321983aa9793dfbb747037ac625e15eb
c2ef12c881a522f618cb850034fc17c2f4509ffe6a379247710777f2ada5d47d
GET /dan/img/xpj168.gif HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/gif
Content-Length: 6835
Last-Modified: Mon, 14 Mar 2022 06:47:19 GMT
Connection: keep-alive
ETag: "622ee4f7-1ab3"
Accept-Ranges: bytes
www.mylf888.com/dan/img/365bet168.jpg
50.3.187.42200 OK 9.9 kB URL HTTP/1.1 www.mylf888.com/dan/img/365bet168.jpg
IP 50.3.187.42:0
File type GIF image data, version 89a, 333 x 82\012- data
Hash 657b00ba324258d9733fb707b7e05e54
938a86193c65ecc9bd2c23bf21abdefe43a829e6
ca81437f9e67704918e9d9e493984c860b0627cc23f62e9dc26020d33b84d470
GET /dan/img/365bet168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 9891
Last-Modified: Mon, 14 Mar 2022 06:47:20 GMT
Connection: keep-alive
ETag: "622ee4f8-26a3"
Accept-Ranges: bytes
www.mylf888.com/dan/img/yongli168.jpg
50.3.187.42200 OK 10 kB URL HTTP/1.1 www.mylf888.com/dan/img/yongli168.jpg
IP 50.3.187.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Hash ceeeec4a37140a66fe39f401691022fe
121f8658403c8fe024c73083fc49301a726c431c
48cb853f4ffbac3c4c1d743e6dd50e35f488b841a4c63443f498642dd439840a
GET /dan/img/yongli168.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 10033
Last-Modified: Mon, 14 Mar 2022 06:47:20 GMT
Connection: keep-alive
ETag: "622ee4f8-2731"
Accept-Ranges: bytes
www.mylf888.com/dan/img/yabo999.jpg
50.3.187.42200 OK 10 kB URL HTTP/1.1 www.mylf888.com/dan/img/yabo999.jpg
IP 50.3.187.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 333x81, components 3\012- data
Hash 4a3ecd592f1716707fa98c9e748b6759
cc6c45369214748243e249096c7c61d02827ca09
9efe73ad6710d9a7d7600cbeeff9ff065953de78a01a833f85f8921b1030b80f
GET /dan/img/yabo999.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:38 GMT
Content-Type: image/jpeg
Content-Length: 10099
Last-Modified: Mon, 14 Mar 2022 06:47:17 GMT
Connection: keep-alive
ETag: "622ee4f5-2773"
Accept-Ranges: bytes
www.labucarimini.net/favicon.ico
170.130.73.3200 OK 9.7 kB URL HTTP/1.1 www.labucarimini.net/favicon.ico
IP 170.130.73.3:0
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 1af6c08eb07f675c862fa3cd50640511
bfc9fbddea831a3cae067a570bcb4450280c7f45
7fc7fdb7ea134949cefdbd00ac02724e091e0201c1cee06795f84db28a1586d4
GET /favicon.ico HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:36 GMT
Content-Type: image/x-icon
Content-Length: 9662
Last-Modified: Fri, 21 Oct 2022 04:33:23 GMT
Connection: keep-alive
ETag: "63522113-25be"
Accept-Ranges: bytes
api.share.baidu.com/s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
112.34.113.148200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
IP 112.34.113.148:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza= HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://labucarimini.net/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 28 Nov 2022 00:15:39 GMT
labucarimini.net/
170.130.73.3301 Moved Permanently 178 B IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.labucarimini.net/
www.labucarimini.net/
170.130.73.3200 OK 21 kB IP 170.130.73.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (447), with CRLF, LF line terminators
Hash 998db3a8e1fc9f2dfc180c93970b8a3c
11eb67a3f310f45e6d3ca4b160de3eb38d96a484
fd557af4c9f334558630e68093ebbcf6315cc98e6045e5f0822d314827d7b029
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://labucarimini.net/oi05?3fl=ytghaxuh8&azuxwju=arkhs%20l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw/%20njwlpqa%20wd10yczvvkbqpeza=
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/css/bootstrap.css
170.130.73.3200 OK 3.5 kB URL HTTP/1.1 www.labucarimini.net/css/bootstrap.css
IP 170.130.73.3:0
File type ASCII text, with very long lines (3962)
Hash bf0ec8e162db340d09f3b366135fde0c
63fa206313de9cf4e4edc0a10968a286090f2e03
49eee5e19b883b882561978e3f9645c6f3dbb97f5e2431c7397c767d6bbfc0ed
GET /css/bootstrap.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
hm.baidu.com/hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?hca=FE4A359727184C48&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&ep=5038%2C5038&et=3&ja=0&ln=en-us&lo=0&rnd=1260006096&si=2de0aeba5b7775abb16b92601cff3525&v=1.3.0&lv=1&sn=24877&r=0&ww=1280&u=http%3A%2F%2Flabucarimini.net%2Foi05%3F3fl%3Dytghaxuh8%26azuxwju%3Darkhs%2520l7dsrqhjbcqbwvw0j2fonxkh9bzfme7wbaw%2F%2520njwlpqa%2520wd10yczvvkbqpeza%3D HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://labucarimini.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 28 Nov 2022 00:15:42 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=43FB9D7BC0623E40; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.labucarimini.net/css/library.css
170.130.73.3200 OK 5.8 kB URL HTTP/1.1 www.labucarimini.net/css/library.css
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (19533)
Hash b6a969c731c2ab92988a9034d82de20e
584a93a7b719848f652fff69c2b5ace560c25bbb
8c49124d2757a1ecc4138f0d5d35a8d3b80b62cc7760abfe837ee16701f51184
GET /css/library.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/css/animate.css
170.130.73.3200 OK 4.9 kB URL HTTP/1.1 www.labucarimini.net/css/animate.css
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (374)
Hash 31bb8f5a129d737017c57f0883451e4e
f4a82d4327c9727fd410c8a6135b6275bcd5771e
c4b35dbaf58287de79b0f1edf9bb04257c966a2be5972d0b9373a7cb4a8326dd
GET /css/animate.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/css/Common.css
170.130.73.3200 OK 3.3 kB URL HTTP/1.1 www.labucarimini.net/css/Common.css
IP 170.130.73.3:0
Hash 35b7b92ed86848bbb3e3519eed066106
e03ffe489b62bd93ab84f732cec6cbee4b9ebb5d
1009a0f513f3faea332e284e44a869cb156663b5887127b37629cd0b8549585b
GET /css/Common.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/css/Index.css
170.130.73.3200 OK 5.6 kB URL HTTP/1.1 www.labucarimini.net/css/Index.css
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (345)
Hash 3ac01918de068562b2f991b96873c80a
a933e73ac8ce5e0ae8a1815cf6a2b126945270a7
b0a39fcd6ce7c55eea67c8aff43a4c5f7846fbfc85242a460d8de4c315fc0357
GET /css/Index.css HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/js/particles.js
170.130.73.3200 OK 4.4 kB URL HTTP/1.1 www.labucarimini.net/js/particles.js
IP 170.130.73.3:0
Hash 443cde99d93b77de08097b72e8246983
bee15d232857df727b2e6a0853ee8b68fc155fc2
da6a3f2e14f90921ef05358ea3c1efe6946ea2a8172c12215ef94a15c7d3e81c
Analyzer Verdict Alert fortinet Malware
GET /js/particles.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/js/jquery.min.js
170.130.73.3200 OK 33 kB URL HTTP/1.1 www.labucarimini.net/js/jquery.min.js
IP 170.130.73.3:0
File type Unicode text, UTF-8 text, with very long lines (32110), with CRLF, LF line terminators
Hash 8fba43c4fe4b577c8fd78a00002af8a4
6d56c6b9990899e07cb14e1ef0d757fe537ff315
e893fd52b114286f0d54b1d057952bf3926819e78869c4a858adf93c7530a8a9
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:40 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/js/wow.js
170.130.73.3200 OK 3.0 kB URL HTTP/1.1 www.labucarimini.net/js/wow.js
IP 170.130.73.3:0
File type ASCII text, with very long lines (881)
Hash 20450d3b0e27927de67fc226b7fddc97
06bdceb4477a23ef4f0315d79478776c1f69b320
d52b6ae544caf31260b6d8b9c8ec4916206af686921a14854c09f7bd1a2753e7
Analyzer Verdict Alert fortinet Malware
GET /js/wow.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/js/Common.js
170.130.73.3200 OK 727 B URL HTTP/1.1 www.labucarimini.net/js/Common.js
IP 170.130.73.3:0
Hash 1d159cf586449822da5d8f5df339ced4
dcf604e60dca79e921faede366ae772d50d98003
46acb1ba8123e8730de60a53d267964f18ab183c23357433124a80d19edd15e7
Analyzer Verdict Alert fortinet Malware
GET /js/Common.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.mylf888.com/dan/img/ftimg.jpg
50.3.187.42200 OK 0 B URL HTTP/1.1 www.mylf888.com/dan/img/ftimg.jpg
IP 50.3.187.42:0
GET /dan/img/ftimg.jpg HTTP/1.1
Host: www.mylf888.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mylf888.com/dan/indexyl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:37 GMT
Content-Type: image/jpeg
Content-Length: 108444
Last-Modified: Mon, 14 Mar 2022 10:33:19 GMT
Connection: keep-alive
ETag: "622f19ef-1a79c"
Accept-Ranges: bytes
www.labucarimini.net/js/particles2.js
170.130.73.3200 OK 0 B URL HTTP/1.1 www.labucarimini.net/js/particles2.js
IP 170.130.73.3:0
Analyzer Verdict Alert fortinet Malware
GET /js/particles2.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.labucarimini.net/js/library.min.js
170.130.73.3200 OK 0 B URL HTTP/1.1 www.labucarimini.net/js/library.min.js
IP 170.130.73.3:0
Analyzer Verdict Alert fortinet Malware
GET /js/library.min.js HTTP/1.1
Host: www.labucarimini.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.labucarimini.net/
Connection: keep-alive
Cookie: Hm_lvt_2de0aeba5b7775abb16b92601cff3525=1669594537; Hm_lpvt_2de0aeba5b7775abb16b92601cff3525=1669594537
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 00:15:41 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip