Report - welcometothevelvet.com/forums/member.php?217662-bypepoorned

Report Overview

Submitted URL
welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP
172.121.182.179
ASN
#18779 EGIHOSTING
Submitted
2022-11-30 02:36:15
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
yazi16.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	5.0 kB	104.233.156.153
www.wusong99.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	33 kB	118.107.24.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.1 kB	93.184.220.29
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	49 kB	103.235.46.191
aooacctp.vip	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	398 kB	172.67.161.53
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	714 B	1.4 kB	142.250.74.131
kvtfff.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	184 kB	104.21.233.215
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	11 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	114 B	112.34.113.148
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.39.94.191
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	296 B	750 B	180.101.212.103
welcometothevelvet.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	234 B	172.121.182.179
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.21.226
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.8 kB	23.36.76.226
www.tupkku.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	174 kB	104.21.51.97
200.benbenys.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	303 B	58 kB	23.224.61.222
kvhmm.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	403 B	422 B	137.175.13.78
img.1153555.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	182 B	185.239.226.87
www.wusong8.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	2.2 kB	118.107.24.227
www.welcometothevelvet.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.0 kB	172.121.182.179
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76
tupkku.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	138 kB	104.21.51.97
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	1.9 kB	104.18.21.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
dimg04.c-ctrip.com	139731	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	647 kB	104.110.17.24
tukudhgg.vip	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	514 kB	188.114.97.1
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	wusong8.top	Sinkholed
2022-11-30	medium	wusong8.top	Sinkholed
2022-11-30	medium	wusong8.top	Sinkholed
2022-11-30	medium	wusong8.top	Sinkholed

JavaScript (18)

	URL	Size	First Seen	Last Seen
	www.welcometothevelvet.com/forums/member.php?217662-bypepoorned	404 B	2023-03-07	2024-04-18
Pretty URL www.welcometothevelvet.com/forums/member.php?217662-bypepoorned IP 172.121.182.179 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-18 08:01:19 Times Seen2975 Hash 91862680df880ab56f799547b01a5900 bd184fe6e0e046873c1a606c89ce2d3eed4b689f 6520359b93c2e43efd5a58f422af308b43c718769a0989344a10f00b345ca0b2 Loading...

	www.welcometothevelvet.com/tj.js	520 B	2023-03-11	2023-03-11
Pretty URL www.welcometothevelvet.com/tj.js IP 172.121.182.179 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 3aef4da7eb22232152da35f514231819 a9da4484f548a56fe86f95d67cfd22bb22e2839f 3e454279165414309b656cafbf59471ced537220be9cd06f06311aed9e508a77 Loading...

	hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff	30 kB	2023-03-11	2023-03-11
Pretty URL hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 01caad7f8d7c0c541dccbdb6ee01605d baf0d0fc517af0090ee3c7e73bab8c07eeba67a4 298f7f264b642a2c03ba0f348110be9b608ffbb5db837bdb29dc7b331d5db639 Loading...

	hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f	30 kB	2023-03-11	2023-03-11
Pretty URL hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash b54ae86d8691d977257d017f38bb0894 3219bf562d32a4b5ff4c5c21cdf3f3eb5858911e 517afe440924d9f9de26e47f8efb15873d77ee3b83b8ac664b1ef3c6c2ec2d87 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-25
Pretty URL push.zhanzhang.baidu.com/push.js IP 180.101.212.103 ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-25 00:31:34 Times Seen18991 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18	30 kB	2023-03-11	2023-03-11
Pretty URL hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash b4d213609f859ae4559303e9b686c077 659674e2dd37c80a1fb3dfa2923739b7aa6b0d5e 5f7433d227e18973af90d1bb395afa76d2029042fc6ed1c2e4e63a95cc0ac908 Loading...

	www.wusong8.top/news/index.php	166 B	2023-03-07	2023-04-05
Pretty URL www.wusong8.top/news/index.php IP 118.107.24.227 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:15 Last Seen2023-04-05 02:05:15 Times Seen271 Hash 148c395b30fc62c19c4e96a387ce5080 aaad892b0553b427438079c39c45c04a4bd26683 3abae3dd940fa31948ccf4348d0b3dd0528808c33a99915e9ea06c6c9faf097c Loading...

	hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb	30 kB	2023-03-11	2023-03-11
Pretty URL hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 3a2e5b59c350a548eaa4b321527bdd01 6a24d9903c1432ec11606664d8ff38244bfaebf7 fd7d0436ed39d3e1821d24e0933e2705cb19384815b4fa5db7c20bb2b1058224 Loading...

	www.wusong8.top/news/list.php	266 B	2023-03-11	2023-03-11
Pretty URL www.wusong8.top/news/list.php IP 118.107.24.227 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 9e3bd36caec979f29244613c8848d46a f9ea64b3486fbbb0e6892cdb9fccc9c3ebc4025d 1fcbfa218afca01f3ac05c6f8b8e5022903453e3e68d521c5992f7d70ee4ac84 Loading...

	www.welcometothevelvet.com/forums/member.php?217662-bypepoorned	32 B	2023-03-11	2023-03-11
Pretty URL www.welcometothevelvet.com/forums/member.php?217662-bypepoorned IP 172.121.182.179 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 8c3bdac30f3e911cb248fd4f8a9b94d1 40411ebc270f578aa420fc5e20517033fbcb7d48 ce6bec0ae4e6fa163f9f2b661e924bb0075a1abe71aa910f916ced9474d9a703 Loading...

	www.wusong8.top/news/index.php	254 B	2023-03-08	2023-07-02
Pretty URL www.wusong8.top/news/index.php IP 118.107.24.227 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:31:22 Last Seen2023-07-02 10:39:18 Times Seen55 Hash d508f8c103e8483f7667a5ab9b8200d3 8e8d610b3ffee439e1b50d6701a4280aa92621c0 e8bc3332c7eae3a695b05a6a1fc732f3a3833972402a32b83537dcb98f9369d0 Loading...

	www.wusong99.top/	834 B	2023-03-08	2023-03-13
Pretty URL www.wusong99.top/ IP 118.107.24.226 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:19:56 Last Seen2023-03-13 16:53:33 Times Seen1 Hash 5361edc96b5048065973e23e0c342ac8 9208366fa0eaa9e4d058d1974df60fa7472bb1cc ae4862c24e1b1d8fc28c571d7cff7fc7a012a5ee857a573a85120ec0f0765d6f Loading...

	www.welcometothevelvet.com/common.js	1.5 kB	2023-03-11	2023-03-11
Pretty URL www.welcometothevelvet.com/common.js IP 172.121.182.179 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash 64d3ba4f12f4795505d958670fd61e2c c365b157721ed8cf99aee20f2f7fc6d4ead21834 6242d56138da0603f89c1d19529fc84485fa2666327855b7c01f42c0b3e394cc Loading...

	www.wusong8.top/news/index.php	254 B	2023-03-08	2023-04-05
Pretty URL www.wusong8.top/news/index.php IP 118.107.24.227 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:31:22 Last Seen2023-04-05 01:50:51 Times Seen6 Hash 8f807495ce28e37317ddd52ac843c009 4e1d331102e4c33753d1581aad70e7689ec435e6 b56712350a7d04a1e126eafdc3e0ed5a23eba122c7a63a8b55af398b4f847007 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d0475b6a8bab0790dd22ffbf0d402e90	470 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash d0475b6a8bab0790dd22ffbf0d402e90 d1cef65b83d24b096bda5944ba6f87fa63fe4649 14f46c0310b7e7604bff34b8e8686cefc0e0dfc958506e511e170c22654f7580 Loading...

	#2 Eval - 9dab9085456da010a7580467a655995c	11 B	2023-03-07	2023-10-18
Pretty Observations First Seen2023-03-07 01:19:10 Last Seen2023-10-18 04:20:02 Times Seen400 Hash 9dab9085456da010a7580467a655995c 52a50bc63207e9bb6bea56b2d7634331239fa1ba 90e88c08f4b3f9592513afaa35be7d0bd16ce046025ce8cbf1c2cc49175eedab Loading...

		Size	First Seen	Last Seen
	#1 Write - f00e99b3767c573c08d5a5eb6f6e2d2a	451 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:45:10 Last Seen2023-03-11 22:45:10 Times Seen1 Hash f00e99b3767c573c08d5a5eb6f6e2d2a 167d2935afbccab4dd9895407bab4cfe9c22adeb 5d7558a1dc30b3748a2338d3483612bc9c8cb4f7bd0b3df17f33135184ae8af8 Loading...

	#2 Write - fe02163e2550b3976c21d4e9b4a45b44	93 B	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 20:19:56 Last Seen2023-03-13 01:23:27 Times Seen1 Hash fe02163e2550b3976c21d4e9b4a45b44 6fd3ac60a5f3c10252c45b8f95ac0562edc5cdbb c9e852224e3e27bc09188681d95a91b4536ef509cf472c9f79da50c0f3742fb9 Loading...

HTTP Transactions (78)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11106
Expires: Wed, 30 Nov 2022 05:41:09 GMT
Date: Wed, 30 Nov 2022 02:36:03 GMT
Connection: keep-alive

welcometothevelvet.com/forums/member.php?217662-bypepoorned

172.121.182.179

301 Moved Permanently

0 B

URL HTTP/1.1
welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP
172.121.182.179:0
ASN
#18779 EGIHOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /forums/member.php?217662-bypepoorned HTTP/1.1
Host: welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 30 Nov 2022 02:36:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 974
Cache-Control: max-age=115882
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:03 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 10:47:25 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4287
Expires: Wed, 30 Nov 2022 03:47:30 GMT
Date: Wed, 30 Nov 2022 02:36:03 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 02:19:39 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 984
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: C5uQvVwHG7C6hd/qcMx2IuWMIL78jtPTmY3LtoXjcejuyd2i3dH0b1lSzFZYxhTqT/cdPFQvxNw=
x-amz-request-id: GPZCCAB7Q75H5EBS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 01:45:02 GMT
age: 3061
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 02:36:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 02:11:13 GMT
cache-control: public,max-age=3600
age: 1491
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

172.121.182.179

200 OK

803 B

URL HTTP/1.1
www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP
172.121.182.179:0
ASN
#18779 EGIHOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Size
803 B (803 bytes)
Hash
ae91f79a068e46b343f1b5e275b75d18
e7d78981578a3159c05bd4adfadcdb4a84f01140
dc5cc9e6d6344e2b9a5602c0717bc95c4c10c892b2e17b59737d5e67dc101eb6

HTTP Headers

GET /forums/member.php?217662-bypepoorned HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:03 GMT
Content-Type: text/html
Content-Length: 803
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 974
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:04 GMT
Last-Modified: Wed, 30 Nov 2022 02:19:50 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

www.welcometothevelvet.com/common.js

172.121.182.179

200 OK

739 B

URL HTTP/1.1
www.welcometothevelvet.com/common.js
IP
172.121.182.179:0
ASN
#18779 EGIHOSTING

File type
HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Size
739 B (739 bytes)
Hash
ebe4a22dd7954b912b7548d4cfdb156b
973fb26bebe4c5cd1df795408f84e133666f0266
9916d608a11c3e1039c2171df1c33d61f2caa31a2294892601a10579284cdb5b

HTTP Headers

GET /common.js HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

52.39.94.191

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.94.191:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rjDPYmzsJ76OAQ1G/ovr+A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vFs07fqjkGTzas9oMJ5R6qBoIyI=

www.welcometothevelvet.com/tj.js

172.121.182.179

200 OK

520 B

URL HTTP/1.1
www.welcometothevelvet.com/tj.js
IP
172.121.182.179:0
ASN
#18779 EGIHOSTING

File type
ASCII text, with CRLF line terminators
Size
520 B (520 bytes)
Hash
3aef4da7eb22232152da35f514231819
a9da4484f548a56fe86f95d67cfd22bb22e2839f
3e454279165414309b656cafbf59471ced537220be9cd06f06311aed9e508a77

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive

www.welcometothevelvet.com/favicon.ico

172.121.182.179

200 OK

1.2 kB

URL HTTP/1.1
www.welcometothevelvet.com/favicon.ico
IP
172.121.182.179:0
ASN
#18779 EGIHOSTING

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Mon, 05 Dec 2022 02:36:04 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

push.zhanzhang.baidu.com/push.js

180.101.212.103

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
180.101.212.103:0
ASN
#134770 CHINANET Jiangsu province Suzhou taihu IDC network

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 30 Nov 2022 02:36:05 GMT
Etag: "4078521116"
Expires: Thu, 30 Nov 2023 02:36:05 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=850C8E8C42ED2E93E10C4ACE3D9B3BA8:FG=1; max-age=31536000; expires=Thu, 30-Nov-23 02:36:05 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

www.wusong8.top/news/index.php

118.107.24.227

301 Moved Permanently

311 B

URL HTTP/1.1
www.wusong8.top/news/index.php
IP
118.107.24.227:0
ASN
#64050 BGPNET Global ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
311 B (311 bytes)
Hash
bb2eaed9df1a26c6de8acc871cae4a38
bb3e84f1dbcd825d4484f8dc27e1476e0ad15b67
e7c95a95aeff9208cc3c99af44c6207819a04463a2051a5efa2793ed8f1bbd0f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/index.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 02:36:05 GMT
Server: Apache
Location: https://www.wusong8.top/news/index.php
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
fd462a58bd7ee5f3a53a0ba36d0030b3
c920fd63443ef9b25434a2d259363be5e0d5c976
d77dde942f6ed85c953b52241d3104c22a9315fdc7b26206e8356844dc97cfc4

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 03 Dec 2022 23:02:59 GMT
ETag: "c920fd63443ef9b25434a2d259363be5e0d5c976"
Last-Modified: Tue, 29 Nov 2022 23:03:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2606
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7720318858d11bfe-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4992
Expires: Wed, 30 Nov 2022 03:59:18 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5492 bytes)
Hash
acb1e555533322dbfeb8e0d8c956c43d
e1eec39299f081b53c647953b57da4f2f1ba10bc
579d2fd6aab6bba72a405bb1d0259856878adc90671a88b2b0edf5a284dba1f9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5492
x-amzn-requestid: 4b09d9a8-09fa-40e5-a996-8a6ad9f8283e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgE9E5TIAMF6ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1f-2f17467d7a6318796d01fd2e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6QhRECWKI2TAlt2bgVuKlQPCeyzkes1_5i5kJ4FQYD591KBADY9qVg==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 17001
etag: "e1eec39299f081b53c647953b57da4f2f1ba10bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3719 bytes)
Hash
ceb8e975fb408de32c43f55febaa6414
453067f6ab356aa87a3ad3b56e33545376597852
e0ecbb6052b4fef75f58da8dae589c81ab9ec9d304de08f26c144a2c3ce9eaac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3719
x-amzn-requestid: 6fab3454-fedd-4a1e-ae47-468ddd6233bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaGQ4IAMFUkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-4b313cf054d6301e71cdc0c1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phw8DXQgjOyH5g4gvbqgZk-2sHr2n9cHVr4lqqPXfXtyhG32gs2pIg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 17001
etag: "453067f6ab356aa87a3ad3b56e33545376597852"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5785 bytes)
Hash
59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 16040
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10068 bytes)
Hash
f621857774e4b4adda95f58081644859
639165dc66d171b8266f22cd495181427112bc80
341fd33d3d9486079c182d60e21c355244b6597e6e09ba51ecee2e331b38ca2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: 7f386e94-3c17-44a1-a36b-3d0eeff4623d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEQQoAMFihA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-5069acfd038ffb2c124b7bd8;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Bh6VQ3BLEXcZKHFyJxHVGQWVQm-w2s0786t8SQOcHQUaNvSFc1rg-A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
etag: "639165dc66d171b8266f22cd495181427112bc80"
content-type: image/jpeg
age: 16995
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
8825a2c5c0d98323f489e0b816b7f1d8
05f46985ea4ace57460120876da8e19db08857b3
1d12590a78b32146d6f1d107fb93bdb6cb45228d15babd087c0111495d7138e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 67e1ba67-b4fb-42c8-985d-f34164101c7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhIGGtloAMFxjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcd-295995bb1123430c55659fe3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vOFoi7vW7NluI5wQB03BGh9efp_jvCoH1sUh4s1ubG_JAC6KcDkHxg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:15:52 GMT
age: 15614
etag: "05f46985ea4ace57460120876da8e19db08857b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9051 bytes)
Hash
05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 17195
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

api.share.baidu.com/s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned

112.34.113.148

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP
112.34.113.148:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 30 Nov 2022 02:36:06 GMT

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6f265aaf7ce67893131f1e9e15b0f97e
2a988cdadcd83ff5c01edbd449eaa06f27a5b4e7
71122134e85b3bf8883be216f291d0002bf713743c4776b9525d93dc95bbb9ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71122134E85B3BF8883BE216F291D0002BF713743C4776B9525D93DC95BBB9CA"
Last-Modified: Tue, 29 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8281
Expires: Wed, 30 Nov 2022 04:54:07 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive

hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (617)
Size
11 kB (11255 bytes)
Hash
c447387bf164f4d43e549325fa9e965a
e14e7514f25dad6b0066e664cb0ff955dd39b562
977a0c2624d1b8e435f347deab96bbfbcdf9da7d453846f4119bb16bfb16ae4b

HTTP Headers

GET /hm.js?2d0723feb7c312b2638d45d87c2fcb18 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 14c7608ab26237283be37689d531e857
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=338CFB2E12C8631E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

www.wusong8.top/news/index.php

118.107.24.227

200 OK

800 B

URL HTTP/2
www.wusong8.top/news/index.php
IP
118.107.24.227:0
ASN
#64050 BGPNET Global ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
800 B (800 bytes)
Hash
ceb99eb1c85cd79306890effe9922fb0
14e1e1c3f57ce194c196f0958f86c8d0dd1fe7e8
78b02279b95da980cb328d38605400e5f028ae040246274cbe8bc22a64fc6b81

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/index.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.welcometothevelvet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 800
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:06 GMT
server: Apache
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
8cb110dbd38f16e79682fbb51ce2050a
a6a645a0c2573cf7c847269ed00128102c713877
1bff10217b61a2e961a21db13115ffad8911a9d87f6879c397e80289f7473aee

HTTP Headers

GET /hm.js?5755d298f25aacb18aed89539d4c03ff HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 3b37bf2d03e67517090bed9db55cf199
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=85D11B2D9072BB09; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=53E83D2954327475; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FB6045DFE5E77BA7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (623)
Size
11 kB (11261 bytes)
Hash
d4d6de04a1d15a5da09f7658477203be
c75c386d84a977827f7f98ed928eca0ff4b972df
2eac92bff55ac8c445be469f0deed82df49d604c7b996282a7a60fc3f695dfc2

HTTP Headers

GET /hm.js?2ff4f1dee667bb8c36c9731e185cb15f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11261
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 691a18696105d6b537475e4d7b090fff
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=042C8CD168C9D1FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
5a083bf73b023338ae533d6a6852de75
502f0785e68bae2ccbb4daefe1372e394c93e25a
68e9ad3194e86c40ee1de0a4ce9f9e354cad6cb54940e98571bf9d59f40e1d0c

HTTP Headers

GET /hm.js?ede83dd75a39dd6faf6db374429f6beb HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 6b9ca62c67f2aafe6c3963bae7e63ddd
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=47AC0DB847BD6F15; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C5B96E0F602817FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0BA46F63FBF4E3AB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

www.wusong8.top/news/data.php

118.107.24.227

200 OK

48 B

URL HTTP/2
www.wusong8.top/news/data.php
IP
118.107.24.227:0
ASN
#64050 BGPNET Global ASN

File type
HTML document, ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
f69fb634a6a577288c3494a6ab47ec37
2b5e8faece4f59e6a5cb44f10524d4b6811058b7
738ef7d25b825fa91fd8354a62e8407238e3448f9674cb16a2c6c11db6d905b7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/data.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/news/index.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 48
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong8.top/news/list.php

118.107.24.227

200 OK

188 B

URL HTTP/2
www.wusong8.top/news/list.php
IP
118.107.24.227:0
ASN
#64050 BGPNET Global ASN

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
188 B (188 bytes)
Hash
4903793f6f2dde226ee1ca6034c4da60
e7fae08dc0b3c4e432346b828d3126855a21440e
0ab0407436933a5d045245eed087ebfb5c58f6bfec531901edd2c7f6623d06ea

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/list.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/news/data.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 188
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:09 GMT
server: Apache
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:09 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4075738F104A8073; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4d1045c3301443765ef5b03b7d58e64e
5ce363e3e6b9b4ca75b2ff2c4da4fcd950f93c9b
2d2e0692d46e7d4addd642b2930ce340e9ebc86524317524c565fd56ec1ee3d2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D2E0692D46E7D4ADDD642B2930CE340E9EBC86524317524C565FD56EC1EE3D2"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21579
Expires: Wed, 30 Nov 2022 08:35:49 GMT
Date: Wed, 30 Nov 2022 02:36:10 GMT
Connection: keep-alive

www.wusong99.top/

118.107.24.226

200 OK

10 kB

URL HTTP/2
www.wusong99.top/
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (424), with CRLF line terminators
Size
10 kB (10128 bytes)
Hash
b9157cbbe0defbb4efe6ffa18bda1686
154419a84b4e79e3a4f37f305a4f2f9a7cf3e39b
098c3214990651b8eca9845d1387f44cb906e8a2a1a221841872472be318b055

HTTP Headers

GET / HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 10128
content-type: text/html; charset=utf-8
date: Wed, 30 Nov 2022 02:36:10 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/css/style.css

118.107.24.226

200 OK

5.0 kB

URL HTTP/2
www.wusong99.top/template/m1938pc/static/css/style.css
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
assembler source, Unicode text, UTF-8 text, with very long lines (341)
Size
5.0 kB (5002 bytes)
Hash
c9c3bebc7d5156b5239f3d07805b675a
483eb9bf5750c81d360bfc4252aba1a8ef860a39
1313efea8d46cff6de67d641829e3b885e51615911b9bcd07a71ecc68e5c706b

HTTP Headers

GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:00 GMT
etag: "6320-5eafebf8f8500-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5002
content-type: text/css
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/picture/ws.png

118.107.24.226

200 OK

8.1 kB

URL HTTP/2
www.wusong99.top/template/m1938pc/static/picture/ws.png
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
PNG image data, 209 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
8.1 kB (8123 bytes)
Hash
0521d89e61c4673bdd15aa965b1ed297
e92339e9d8892d43d63377ffc6176b2ddf766c28
0c397570e789de68f83c6dc1e1f6059ce301e6efcd5a3201234c5ad594968759

HTTP Headers

GET /template/m1938pc/static/picture/ws.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 04:42:38 GMT
etag: "1fbb-5ec615a8b0715"
accept-ranges: bytes
content-length: 8123
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/picture/APP.png

118.107.24.226

200 OK

925 B

URL HTTP/2
www.wusong99.top/template/m1938pc/static/picture/APP.png
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
PNG image data, 35 x 35, 8-bit gray+alpha, non-interlaced\012- data
Size
925 B (925 bytes)
Hash
0cb72b3daa1ba608e4ce0cd8e7329d27
f25259de1125e72629c0326a70a8915216fa11c1
16392ae4192e4c5c3b29abd5a202417400dc5bc982176303901942df636abe76

HTTP Headers

GET /template/m1938pc/static/picture/APP.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 20 Oct 2022 09:25:24 GMT
etag: "39d-5eb73e7b4cb7c"
accept-ranges: bytes
content-length: 925
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/picture/1.gif

118.107.24.226

200 OK

254 B

URL HTTP/2
www.wusong99.top/template/m1938pc/static/picture/1.gif
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
GIF image data, version 89a, 16 x 17\012- data
Size
254 B (254 bytes)
Hash
b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

HTTP Headers

GET /template/m1938pc/static/picture/1.gif HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 19 Oct 2022 11:56:54 GMT
etag: "fe-5eb61e7a83063"
accept-ranges: bytes
content-length: 254
content-type: image/gif
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/ads/dh.js

118.107.24.226

404 Not Found

263 B

URL HTTP/2
www.wusong99.top/template/m1938pc/ads/dh.js
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
6a4c2706be59a217cdba37df73be3d39
c92d076b05847300ddada1a0406fd55ca751fb3e
a6b30dc4536f40ecbc2eee7aba7fa4d3efa658de6259a191d708006c4e43274a

HTTP Headers

GET /template/m1938pc/ads/dh.js HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 263
content-type: text/html; charset=iso-8859-1
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/picture/play.png

118.107.24.226

200 OK

2.8 kB

URL HTTP/2
www.wusong99.top/template/m1938pc/static/picture/play.png
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
PNG image data, 100 x 100, 8-bit gray+alpha, non-interlaced\012- data
Size
2.8 kB (2781 bytes)
Hash
653d6a429cb3efc3fa2e24f2499172c1
a1ec6a548d9517e5a37d4348945722f638a268b9
1c78627080fdab664e583cf66844c937fcc680e6a55a0f85b0bc5a8091de15d8

HTTP Headers

GET /template/m1938pc/static/picture/play.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 21 Oct 2022 05:33:39 GMT
etag: "add-5eb84c8c0ea59"
accept-ranges: bytes
content-length: 2781
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
2221a47a7f4efedc71aa819b193b51bb
45aa419cebb596927fbf8e0d01c79147a8761d79
8ab2b17c9323cc19f9e470bca878332499d0649d4dffe6bad5762326352d813a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB2B17C9323CC19F9E470BCA878332499D0649D4DFFE6BAD5762326352D813A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9719
Expires: Wed, 30 Nov 2022 05:18:10 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive

aooacctp.vip/lm/se5.gif

172.67.161.53

200 OK

397 kB

URL HTTP/2
aooacctp.vip/lm/se5.gif
IP
172.67.161.53:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 320 x 180\012- data
Size
397 kB (396964 bytes)
Hash
7b42e791e269b8425a0f380efdd8e5fd
10c09c8f711478c7aeccc988c076d299fafcbbfa
00ef96678470106e95be9f6f4dc07debbbb63a96db839adbf17e5e04e27caf60

HTTP Headers

GET /lm/se5.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 396964
last-modified: Wed, 25 May 2022 14:04:51 GMT
etag: "628e3783-60ea4"
expires: Wed, 07 Dec 2022 13:30:26 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1907574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j49qdCt8hjUYEYh8sX0XSV8SLwdK7Ow70NwVaEQ4R8%2F5HW325xmrzVUi3hmiwJrmgNijJFZxcdIiSVyNcg%2BMSQHwKe32OsBvcL6JVoGflmVOHhBYE0HywtsQGRiQQM0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031ae3c1c0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

dimg04.c-ctrip.com/images/0102y12000a3kjdfv5BC0.gif

104.110.17.24

200 OK

647 kB

URL HTTP/2
dimg04.c-ctrip.com/images/0102y12000a3kjdfv5BC0.gif
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 960 x 80\012- data
Size
647 kB (646750 bytes)
Hash
72371f5b3f1ea1f932ea3882fd5aa02d
b07f955239aaace3a248b70e6137fc91e31bfe7c
f451864300cba47430ddb92cc3f6a9a6602ffacf2c52da2384cce41cb8927912

HTTP Headers

GET /images/0102y12000a3kjdfv5BC0.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 646750
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=7373820
expires: Thu, 23 Feb 2023 10:53:11 GMT
date: Wed, 30 Nov 2022 02:36:11 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
380fc74ad0e94f2ab86dea65a186385f
fdc37b5360ac431beaee656f81e4dc6ed4bd3c1c
a6b7d4eba8c5d0b14da00ed947c0cbb7540441909c0e1070b504472e5000754a

HTTP Headers

POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tukudhgg.vip/lm/aaa122.gif

188.114.97.1

200 OK

514 kB

URL HTTP/2
tukudhgg.vip/lm/aaa122.gif
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 320 x 186\012- data
Size
514 kB (513487 bytes)
Hash
eb6ae4c3d42252ba0149361e28da9f18
b42e20c95a707951729969f9250f0b66f3ab4992
43abb0219a75601add12728d8c9a91af813a1342cc8b70acc6d5d5429af2fb62

HTTP Headers

GET /lm/aaa122.gif HTTP/1.1
Host: tukudhgg.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 513487
last-modified: Wed, 25 May 2022 14:05:09 GMT
etag: "628e3795-7d5cf"
expires: Sun, 04 Dec 2022 21:39:58 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2137409
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nO%2FUl39xKpfuPo5K5Ixa5%2FuOJlhRwYw%2BG%2Fdn6EFdqny7wcAcTF7QPws%2BGGESM7iI91b2C8tVyiawvT3CoE%2BrK%2FxkYON5KaoXgFrafrakahw5S1JElHkv7x%2B6N%2BpMv00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031ae9e170b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
8207661ce638c10b2ea4b5db5a5e3f0a
8dc78f6d05f7f2003c4caaad8bf07d486a0d1d0b
45f96c94a57fcf004fece7ca224e9767075a36d151c7aab260976f41bb7841d3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=99735
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Etag: "6385a432-116"
Expires: Thu, 01 Dec 2022 06:18:26 GMT
Last-Modified: Tue, 29 Nov 2022 06:18:26 GMT
Server: nginx
Content-Length: 278

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
2221a47a7f4efedc71aa819b193b51bb
45aa419cebb596927fbf8e0d01c79147a8761d79
8ab2b17c9323cc19f9e470bca878332499d0649d4dffe6bad5762326352d813a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB2B17C9323CC19F9E470BCA878332499D0649D4DFFE6BAD5762326352D813A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9719
Expires: Wed, 30 Nov 2022 05:18:10 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16962
Expires: Wed, 30 Nov 2022 07:18:53 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16904
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive

tupkku.top/lm/spk320.gif

104.21.51.97

200 OK

137 kB

URL HTTP/2
tupkku.top/lm/spk320.gif
IP
104.21.51.97:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 720 x 428\012- data
Size
137 kB (136930 bytes)
Hash
8ee25a766c10b2ade919dad65e1c9b37
a1d17bdfcda79dbf1ff41eed3e899db67c6c16c6
b9720e5b3ae93583e8e915eddc4c9c00d915c81be0ca0f20069443f18f37c0bb

HTTP Headers

GET /lm/spk320.gif HTTP/1.1
Host: tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 136930
last-modified: Thu, 15 Sep 2022 09:25:05 GMT
etag: "6322ef71-216e2"
expires: Thu, 22 Dec 2022 17:00:13 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 598946
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MO%2FYWmrN8BK21RK37Rzn1X%2Ba0i9%2BEF3oTcVWqf3sicMMFM5C4Qk6cmLQ9T2Nx4MQYd7KW7TGU1xE4bDnVA%2FiWbKgaful6Hk1lUHjCDE7Sfmz58NJogcKeyIJIpCe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031aefc74b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.tupkku.top//lm/spk190.gif

104.21.51.97

200 OK

173 kB

URL HTTP/2
www.tupkku.top//lm/spk190.gif
IP
104.21.51.97:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 720 x 428\012- data
Size
173 kB (173345 bytes)
Hash
35311cb75e25f68d1dad6a630474ece2
e48ba5dcba824a35199fc4fc843be185c53f7f3b
c4ea26086533e343ba5eb059ca8d027490d161fca19228180f13f0032f91d901

HTTP Headers

GET //lm/spk190.gif HTTP/1.1
Host: www.tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:12 GMT
content-type: image/gif
content-length: 173345
last-modified: Thu, 15 Sep 2022 09:25:11 GMT
etag: "6322ef77-2a521"
expires: Thu, 01 Dec 2022 07:10:47 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2448770
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjhMxgz5Ng4JLfgq1PkjxicCqv0kjYLYhyZgIcRjEylbRrnu4wdmN23p6%2FfGKYX7TCHOYEhd%2B%2BZTf6TnPCjrYhftKUanSaW1gTU1JZjsyV6WxE8QhAQjw%2BmjZl%2BWc8v4GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031aefc53b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
380fc74ad0e94f2ab86dea65a186385f
fdc37b5360ac431beaee656f81e4dc6ed4bd3c1c
a6b7d4eba8c5d0b14da00ed947c0cbb7540441909c0e1070b504472e5000754a

HTTP Headers

POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16903
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16903
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

www.wusong99.top/template/m1938pc/static/images/arrow_up.png

118.107.24.226

200 OK

398 B

URL HTTP/2
www.wusong99.top/template/m1938pc/static/images/arrow_up.png
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
398 B (398 bytes)
Hash
353247650251bb3b54b709aa3441deb0
9784d902cbdfbf51cbe3f0281098575311fd5d2f
cdd12906b6861716ac4c33bcb08ff9164f9269b304748e54886482e773d26aec

HTTP Headers

GET /template/m1938pc/static/images/arrow_up.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/template/m1938pc/static/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:16 GMT
etag: "18e-5eafec083a900"
accept-ranges: bytes
content-length: 398
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.wusong99.top/template/m1938pc/static/images/share.png

118.107.24.226

200 OK

3.2 kB

URL HTTP/2
www.wusong99.top/template/m1938pc/static/images/share.png
IP
118.107.24.226:0
ASN
#64050 BGPNET Global ASN

File type
PNG image data, 39 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3172 bytes)
Hash
02f6a2fe1a4a8668aca32a1c08040c0f
72d7273e5e561ed4c70bd0ccef8e66407b9e7ce0
30a473f2f6a26ac3d2fb1538744d781985d6051cf1e8a54a4e8a8d1fabb0e8f8

HTTP Headers

GET /template/m1938pc/static/images/share.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/template/m1938pc/static/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:06 GMT
etag: "c64-5eafebfeb1280"
accept-ranges: bytes
content-length: 3172
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3527f465466795564ac31416125a339b
2fedbaa960f22a6ab101e4123da549d0245fab8e
1f8298fa17c8728777eefd62cf8a456c1505fa814a7f9c9a76dacea9a4938c0b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F8298FA17C8728777EEFD62CF8A456C1505FA814A7F9C9A76DACEA9A4938C0B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Wed, 30 Nov 2022 08:35:36 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6fe45284fd5640dabb0ab3143d48268c
56498f3640dc4dbb5f5e7454dedc39d7d1b6b77c
9b78c77303704e4f30da1099922b98de9dde822424da5bff0a04ede14c60d91e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B78C77303704E4F30DA1099922B98DE9DDE822424DA5BFF0A04EDE14C60D91E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7381
Expires: Wed, 30 Nov 2022 04:39:13 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

200.benbenys.com/view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg

23.224.61.222

200 OK

57 kB

URL HTTP/1.1
200.benbenys.com/view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg
IP
23.224.61.222:0
ASN
#40065 CNSERVERS

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=805, orientation=[*0*], datetime=MM, width=1080], progressive, precision 8, 1080x805, components 3\012- data
Size
57 kB (57375 bytes)
Hash
61b977b3527d7c0e27e2af877b5a5c59
4a1f0beee6c8215da2bfda76b5f1c87d62925bfc
945a7b57589fc601eb17079a589c721417a1307db96c103791138bce8b5a7fff

HTTP Headers

GET /view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg HTTP/1.1
Host: 200.benbenys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Server: Apache
Expires: Fri, 30 Dec 2022 02:36:12 GMT
Pragma: cache
Cache-Control: max-age=2592000
Upgrade: h2
Connection: Upgrade, close
Content-Length: 57375
Content-Type: image/jpeg

yazi16.top/template/m1938pc/baidu/960.gif

104.233.156.153

200 OK

4.7 kB

URL HTTP/2
yazi16.top/template/m1938pc/baidu/960.gif
IP
104.233.156.153:0
ASN
#54600 PEGTECHINC

File type
PNG image data, 1440 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4720 bytes)
Hash
d646ac0d3f6527f695529ac117232aa8
fdd0d1f51a7568d58665d70de303e261fb608c83
0fef174759ab23ad9e762f7851675d4fe094be2cf37e8863aa6d4aa8cf7505b6

HTTP Headers

GET /template/m1938pc/baidu/960.gif HTTP/1.1
Host: yazi16.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 23 Nov 2022 12:50:10 GMT
etag: "1270-5ee22ba9d7d2b"
accept-ranges: bytes
content-length: 4720
content-type: image/gif
date: Wed, 30 Nov 2022 02:36:12 GMT
server: Apache
X-Firefox-Spdy: h2

kvhmm.com/4753106fd5cd4282494606a4f0e82c03.gif

137.175.13.78

301 Moved Permanently

162 B

URL HTTP/2
kvhmm.com/4753106fd5cd4282494606a4f0e82c03.gif
IP
137.175.13.78:0
ASN
#54600 PEGTECHINC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /4753106fd5cd4282494606a4f0e82c03.gif HTTP/1.1
Host: kvhmm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 30 Nov 2022 02:36:13 GMT
content-type: text/html
content-length: 162
location: https://kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
7a63423902ff9c3485f9d39456bbc4e9
6fc1a10e9b0eb624a4dff710090edb5c2e41e019
1446fd8cba7b8e64175df1d7ccd9af7f7e99366ddfe6f7b0d86648c7a446bbc2

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 04 Dec 2022 01:02:01 GMT
ETag: "6fc1a10e9b0eb624a4dff710090edb5c2e41e019"
Last-Modified: Wed, 30 Nov 2022 01:02:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772031afbfc5b506-OSL

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
0a64758212c090b59b9dc9e6b0afe17c
9c1d780d1c0bb5c563ec2b28df750f539c9bb4fc
73cc69104c027472c323b0f53b869f1bf07d1ee516b4e2352d544d2710180a40

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "73CC69104C027472C323B0F53B869F1BF07D1EE516B4E2352D544D2710180A40"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11528
Expires: Wed, 30 Nov 2022 05:48:20 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d27e0525e331a4c3ae096be1a00433af
764b36118b987432e13dd88b9b446a8ec0dc13e9
0929458f0ff0dceccb96bfc844263380c5424939c2e03a59bc4d71d764c4271c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0929458F0FF0DCECCB96BFC844263380C5424939C2E03A59BC4D71D764C4271C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1179
Expires: Wed, 30 Nov 2022 02:55:51 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif

104.21.233.215

200 OK

184 kB

URL HTTP/2
kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif
IP
104.21.233.215:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 240\012- data
Size
184 kB (183681 bytes)
Hash
be0586befbaae0be5e24acbc3d7148fd
ca3696c5f5e3016796aaa5a41c7089ef878a67f1
450822c1b2a66de63023cf9163d1ef8e0e6ad97a019b140c84efaab1e26c3af3

HTTP Headers

GET /4753106fd5cd4282494606a4f0e82c03.gif HTTP/1.1
Host: kvtfff.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.wusong99.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:12 GMT
content-type: image/gif
content-length: 183681
last-modified: Thu, 24 Nov 2022 09:51:56 GMT
etag: "637f3ebc-2cd81"
expires: Sun, 25 Dec 2022 11:37:01 GMT
cache-control: max-age=5356800
cf-cache-status: HIT
age: 399551
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2Bcwe8aoZwb8fWdKLFeepZFYVfx2rL1HifNzlLnNCeLinKFmAAIsVpNex2ZlnvX3BSk%2FZ%2BzB%2FbIrOHDuaYTLkK6f6H7oL0mac6rzT4659A3%2FFlyCUqiOakzqcgId"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031b18d96719e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
0a64758212c090b59b9dc9e6b0afe17c
9c1d780d1c0bb5c563ec2b28df750f539c9bb4fc
73cc69104c027472c323b0f53b869f1bf07d1ee516b4e2352d544d2710180a40

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "73CC69104C027472C323B0F53B869F1BF07D1EE516B4E2352D544D2710180A40"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11528
Expires: Wed, 30 Nov 2022 05:48:20 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
0c19ca72e81d8660d70f39dcd6b00e60
3cc8753898e23239877b82aed3dd7cdf2fb2ef4a
3208e14e6158147ced774fa926fbe3f53ec1607d381dc43c4a3ae1c41d423b1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 09:55:22 GMT
Expires: Mon, 05 Dec 2022 09:55:21 GMT
Etag: "3cc8753898e23239877b82aed3dd7cdf2fb2ef4a"
Cache-Control: max-age=457748,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772031b18d6ab4fd-OSL

img.1153555.com/images/63847e722f45e5cbe914ec3d.gif

185.239.226.87

302 Found

0 B

URL HTTP/2
img.1153555.com/images/63847e722f45e5cbe914ec3d.gif
IP
185.239.226.87:0
ASN
#134835 Starry Network Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/63847e722f45e5cbe914ec3d.gif HTTP/1.1
Host: img.1153555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/472d3bc0f442448e8d60a62f7c8b80d0
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations