r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9461
Expires: Fri, 25 Nov 2022 12:36:53 GMT
Date: Fri, 25 Nov 2022 09:59:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3230
Cache-Control: max-age=91549
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:12 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:25:01 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2305
Expires: Fri, 25 Nov 2022 10:37:37 GMT
Date: Fri, 25 Nov 2022 09:59:12 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fbYjAxFV0AmfnQ+0qWWMv52riV5kB2MN8IpRRXxanpMLyerMHCVP78lPpFoTyGVDN7kCFZBBV5zmnwIWfA+6TQ==
x-amz-request-id: Y1X5ZD3X7XQY0871
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 09:43:47 GMT
age: 925
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 09:19:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2408
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
1380418.com/
154.214.159.54301 Moved Permanently 0 B IP 154.214.159.54:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 1380418.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 25 Nov 2022 09:59:12 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.1380418.com/
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 09:11:11 GMT
cache-control: public,max-age=3600
age: 2881
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 271
Cache-Control: max-age=169930
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:12 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 09:11:22 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: b2fp12Th7i0/rEdnspMOjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6Lxq00SeCLytm3L9U2QXtVDt9XQ=
www.1380418.com/
154.214.159.54200 OK 796 B IP 154.214.159.54:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash dc6692c373cd0766acdcfeceddb61871
819d178745596f922798e0a33f73ebe3c41b2fe3
cb15531ef77fe8d6253376c25b77880a78a7262a5c78ff16d15d8c63a79acb59
GET / HTTP/1.1
Host: www.1380418.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:12 GMT
Content-Type: text/html
Content-Length: 796
Connection: keep-alive
www.1380418.com/tj.js
154.214.159.54200 OK 208 B IP 154.214.159.54:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, ASCII text, with CRLF line terminators
Hash 31233c488f0427e71b3c599b4d325445
53aa736b5c414fd65c8d0763d07aa66a1d51e530
4b7ffcda6da629fb1bc4c5cedfe88289d5cb4d27e6caffe7c7c2c421d3183009
GET /tj.js HTTP/1.1
Host: www.1380418.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:13 GMT
Content-Type: application/x-javascript
Content-Length: 208
Connection: keep-alive
www.1380418.com/common.js
154.214.159.54200 OK 697 B URL HTTP/1.1 www.1380418.com/common.js
IP 154.214.159.54:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, ASCII text, with very long lines (443), with CRLF line terminators
Hash 48a22f4fc151be3bff17bb70fcdcd571
eee3f6b16675436fa050f940e06f0e9a4933c35e
715736f49505bb6547a572e1aee061ead5cf60b15f9999a3dcebf22c25032af3
GET /common.js HTTP/1.1
Host: www.1380418.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:13 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.zhanzhang.baidu.com/push.js
180.101.212.103200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 25 Nov 2022 09:59:13 GMT
Etag: "4078521116"
Expires: Sat, 25 Nov 2023 09:59:13 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=1025903C6BB939032365F57C2E6F3DAD:FG=1; max-age=31536000; expires=Sat, 25-Nov-23 09:59:13 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash a167ab4c23cfc38e4c6a53a56f9ab5e6
2dd6a4a533e5c678f476de040e56f1f1cbe14966
203f9d695ec83e862b243bb8301a613aca31af330974da4b381ef5ff7bb46665
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 29 Nov 2022 07:56:26 GMT
ETag: "2dd6a4a533e5c678f476de040e56f1f1cbe14966"
Last-Modified: Fri, 25 Nov 2022 07:56:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3419
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f987c85c1fb4fa-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17550
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 09:59:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17550
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 09:59:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17550
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 09:59:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f6292a2988fb4505d0098553b8e99ddc
9b8aafcda0e22edcc16d3048f4b88659d3b42419
16b7b473229c5e519ab81b385c50277424f3f3b2a5d7647035e84ba58e44f3be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6385
x-amzn-requestid: 4c2a84f7-f038-4f5a-86c2-5c8ce1a48c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cI5NVFMAoAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63803bee-45c6411c2430e2375f530dd8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 03:52:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fj82i9qJmEiUy2DOkkowq8WRyzupMwNyQqu110sJ3o72HEW4yb7bjQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:22:46 GMT
age: 9388
etag: "9b8aafcda0e22edcc16d3048f4b88659d3b42419"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f4b5f150-a5dc-40bf-93b9-394c294a51cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEmkRFSnIAMF5vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e8481-74454bee1a1ec6d506f3d75b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 20:37:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZVv8iTGCYV-IiBJ6KwNSG1ZWSEwClaQopUejSqZq0S1wd782lRoyKA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:59:49 GMT
age: 39565
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d43ec6824d4fdc4d31b8c245bf8c5849
81f85633fca39972d8e0bf9a4ec7cd999e54564f
b0e521b23879af86102f46a9ec412faf6345df31a97a7b58880f63f81fdcd0c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7900
x-amzn-requestid: a9d184b1-3b4a-4ca6-9ad2-ce3aac10f422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB91H2IIAMFjGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38b-5732361f36c023c22c922ee9;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nVe_gcpscsmf4QGPseIR2poHwzxp_mfWODrAz8Oy0ePkMgnIREhCag==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:07 GMT
etag: "81f85633fca39972d8e0bf9a4ec7cd999e54564f"
content-type: image/jpeg
age: 44647
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 28306
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8784bb7a8b88736a6016f712e3183bf3
b0ddc1555d2506177adcdcea77864d75f1245d07
8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 43469
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5863138af1ddbba34a7856242a7b3a06
2eba66ff6539388c48562503e8d11ff0e060350a
d1543e1b803a07095148b743925eebbbf21f566a2df9b785a1a9d48c5604496c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8917
x-amzn-requestid: 10f3b269-9437-476d-ae4f-a0ac3fb78491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wEIwoAMF8uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4cfeecf4553b26381ed11875;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6ibPrCdDNQqWzxiVYDsl87yUfTP8sUmu22GbhBdDHJruil0qxbw7Fw==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:00 GMT
etag: "2eba66ff6539388c48562503e8d11ff0e060350a"
content-type: image/jpeg
age: 44654
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.users.51.la/21418051.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21418051.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash ee83aa63e6e5aec33cde80fbb33e02df
3f6beae89b19eb8714eeb8f123d7a6d6c797019f
a64075cc03850440e10b204bc5de921f85f946ae27fb5894a68685a5e19700dc
GET /21418051.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.1380418.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:14 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=7ccbd2d7e084551c71d; path=/
HWWAFSESTIME=1669370352582; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
js.users.51.la/21467683.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21467683.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash d28f3b5c7bbd40ed92f566e221c9257d
410793b4f11c8d0a6b40099c56542e6d165827be
843bee01db39e39fa209ebfe72b70b16df75d38f40b2c6a4d0c48c0fa75c4a11
GET /21467683.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.1380418.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:14 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=d1e6719300d2a319d70; path=/
HWWAFSESTIME=1669370353445; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
api.share.baidu.com/s.gif?l=http://www.1380418.com/
180.101.212.103200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.1380418.com/
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.1380418.com/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 25 Nov 2022 09:59:14 GMT
38.239.196.126/nar/756.html
38.239.196.126200 OK 687 B URL HTTP/1.1 38.239.196.126/nar/756.html
IP 38.239.196.126:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 42136db4af05d6f9ea747ff6c496d412
95befc1a8c30abafddd8bc0a456d70f491b22355
f68907b3aab4ecf1de3006ad193a5409b279768b51f52518c1276536194a954e
Analyzer Verdict Alert quad9 Sinkholed
GET /nar/756.html HTTP/1.1
Host: 38.239.196.126
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 687
Last-Modified: Thu, 24 Nov 2022 20:55:45 GMT
Connection: keep-alive
ETag: "637fda51-2af"
Accept-Ranges: bytes
www.1380418.com/favicon.ico
154.214.159.54200 OK 1.2 kB URL HTTP/1.1 www.1380418.com/favicon.ico
IP 154.214.159.54:0
ASN #134548 DXTL Tseung Kwan O Service
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.1380418.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
Cookie: __tins__21467683=%7B%22sid%22%3A%201669370354049%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201669372154049%7D; __51cke__=; __51laig__=2; __tins__21418051=%7B%22sid%22%3A%201669370354059%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201669372154059%7D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:14 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 30 Nov 2022 09:59:14 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
ia.51.la/go1?id=21418051&rt=1669370354059&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1669370354059&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21418051&rt=1669370354059&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1669370354059&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21418051&rt=1669370354059&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1669370354059&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=d90a9466b3ded6da912; path=/
HWWAFSESTIME=1669370353745; path=/
ia.51.la/go1?id=21467683&rt=1669370354049&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669370354049&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21467683&rt=1669370354049&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669370354049&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21467683&rt=1669370354049&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669370354049&tt=%25E4%25BA%2591%25E6%25B5%25AE%25E9%2597%25B2%25E6%2580%2582%25E4%25BC%259A%25E5%25B1%2595%25E6%259C%258D%25E5%258A%25A1%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.1380418.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.1380418.com/
HTTP/1.1 200
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=fff317fcda8446464c5; path=/
HWWAFSESTIME=1669370352874; path=/
38.239.194.4/0.27990586513370574
38.239.194.4404 Not Found 146 B URL HTTP/1.1 38.239.194.4/0.27990586513370574
IP 38.239.194.4:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.27990586513370574 HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
38.239.194.2/0.06656829901023054
38.239.194.2404 Not Found 146 B URL HTTP/1.1 38.239.194.2/0.06656829901023054
IP 38.239.194.2:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.06656829901023054 HTTP/1.1
Host: 38.239.194.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
38.239.194.8/0.786078558614254
38.239.194.8404 Not Found 146 B URL HTTP/1.1 38.239.194.8/0.786078558614254
IP 38.239.194.8:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.786078558614254 HTTP/1.1
Host: 38.239.194.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
38.239.194.6/0.8937472071895978
38.239.194.6404 Not Found 146 B URL HTTP/1.1 38.239.194.6/0.8937472071895978
IP 38.239.194.6:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.8937472071895978 HTTP/1.1
Host: 38.239.194.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
38.239.194.7/0.4891131799854156
38.239.194.7404 Not Found 146 B URL HTTP/1.1 38.239.194.7/0.4891131799854156
IP 38.239.194.7:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.4891131799854156 HTTP/1.1
Host: 38.239.194.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
38.239.194.4/
38.239.194.4200 OK 9.5 kB IP 38.239.194.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (7286), with CRLF line terminators
Hash dd57ee5438684b2f5b773003734bbc6a
806539a31165c9badb08c823279de7db5276e112
430275cfdeb79886ddb0c468099e46daebc8c373bde568e3e425ca457f7684b8
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.196.126/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:15 GMT
Content-Type: text/html;Charset=utf-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=9bmg1k53nma75a98eqs7621324; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d8efdd41b8040a8ac3fb7ae891d1d54
3eb9674f12bbfe098808b7011f6867a25e4f5885
85b45ec330e2f9aad9e5d67855495625c60bcc71cd94ff5759453e06fb1104ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85B45EC330E2F9AAD9E5D67855495625C60BCC71CD94FF5759453E06FB1104EA"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15917
Expires: Fri, 25 Nov 2022 14:24:33 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d8efdd41b8040a8ac3fb7ae891d1d54
3eb9674f12bbfe098808b7011f6867a25e4f5885
85b45ec330e2f9aad9e5d67855495625c60bcc71cd94ff5759453e06fb1104ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85B45EC330E2F9AAD9E5D67855495625C60BCC71CD94FF5759453E06FB1104EA"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15917
Expires: Fri, 25 Nov 2022 14:24:33 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d8efdd41b8040a8ac3fb7ae891d1d54
3eb9674f12bbfe098808b7011f6867a25e4f5885
85b45ec330e2f9aad9e5d67855495625c60bcc71cd94ff5759453e06fb1104ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85B45EC330E2F9AAD9E5D67855495625C60BCC71CD94FF5759453E06FB1104EA"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15917
Expires: Fri, 25 Nov 2022 14:24:33 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/zo0cu4ncgin1730zo0cu4ncgin195156.jpg
104.22.12.214200 OK 3.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/zo0cu4ncgin1730zo0cu4ncgin195156.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 68e4cdf8dd763758e678ffac2f3a4e3f
caf27432ba37cfbd3faa0468b576944d62acfcd2
a95f7d24b0cde73874e7dd3a2e9215fd943e1d1a66d313738278b39a65cde98e
GET /upload/vod/2022/11-24/17/zo0cu4ncgin1730zo0cu4ncgin195156.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 3826
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6398
content-disposition: inline; filename="zo0cu4ncgin1730zo0cu4ncgin195156.webp"
etag: "637f39ac-18fe"
last-modified: Thu, 24 Nov 2022 09:30:20 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5898a0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/2kvwuy1gj5y17302kvwuy1gj5y205158.jpg
104.22.12.214200 OK 9.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/2kvwuy1gj5y17302kvwuy1gj5y205158.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 563x750, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 6e3a5997eaae28981fb688cac41c9b3f
d91ba2688b570a18728b892498a43af491780fe7
165e2d96c9c5474577520a68ba849500c72e345ac3313669a3cdf6fddce52431
GET /upload/vod/2022/11-24/17/2kvwuy1gj5y17302kvwuy1gj5y205158.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 9143
cf-bgj: imgq:85,h2pri
cf-polished: origSize=9582, status=webp_bigger
etag: "637f39ac-256e"
last-modified: Thu, 24 Nov 2022 09:30:20 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d5898b0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/p0ftymwghrn1730p0ftymwghrn215160.jpg
104.22.12.214200 OK 8.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/p0ftymwghrn1730p0ftymwghrn215160.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7da2aa4483245cb49bfd3f8e6a948ae5
f619136118925b60d253a8d099f12b5440dc2b47
dc56fa08cb8ed40cab424df42779e5ec6331673e7fae0ad0d936ed2c1ea92dcc
GET /upload/vod/2022/11-24/17/p0ftymwghrn1730p0ftymwghrn215160.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 7990
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9311
content-disposition: inline; filename="p0ftymwghrn1730p0ftymwghrn215160.webp"
etag: "637f39ad-245f"
last-modified: Thu, 24 Nov 2022 09:30:21 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5898d0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/o3yn2uqzidd1730o3yn2uqzidd165148.jpg
104.22.12.214200 OK 18 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/o3yn2uqzidd1730o3yn2uqzidd165148.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 25a5583166b86e213eaaede1031422e4
fba42029f892d891991d1a21732f1d511d4c5901
c6ddcc50385259f60eefadc59abe19e08d5228bde940e308c45b8f1365207897
GET /upload/vod/2022/11-24/17/o3yn2uqzidd1730o3yn2uqzidd165148.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 17498
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=17811, status=webp_bigger
etag: "637f39a8-4593"
last-modified: Thu, 24 Nov 2022 09:30:16 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d589980b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/2g2feuszfwc17302g2feuszfwc175150.jpg
104.22.12.214200 OK 12 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/2g2feuszfwc17302g2feuszfwc175150.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 823360a32f93f11714821ae293e1ad96
2ae4a2a5ad64ac245d972a481220798c3e4cfdbd
0d49ba9edbbf026753ee6439f489e9fcc1c0f3d244f602dc06fb1ac4986eec02
GET /upload/vod/2022/11-24/17/2g2feuszfwc17302g2feuszfwc175150.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 11872
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=12539
content-disposition: inline; filename="2g2feuszfwc17302g2feuszfwc175150.webp"
etag: "637f39a9-30fb"
last-modified: Thu, 24 Nov 2022 09:30:17 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d589960b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/apdnmrxfrel1730apdnmrxfrel185152.jpg
104.22.12.214200 OK 17 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/apdnmrxfrel1730apdnmrxfrel185152.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 59e9557523e7a7837a6781a14afbbc61
96fd7272b0eb0c3ea7ec545aeec702909d4fa217
5a3feb5fc60e0e9bc4074859234e170109a013fd6cf4900f4fc0ed9005558a51
GET /upload/vod/2022/11-24/17/apdnmrxfrel1730apdnmrxfrel185152.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 16823
cf-bgj: imgq:85,h2pri
cf-polished: origSize=17763, status=webp_bigger
etag: "637f39aa-4563"
last-modified: Thu, 24 Nov 2022 09:30:18 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d589970b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/4voc45ycusw17304voc45ycusw235164.jpg
104.22.12.214200 OK 5.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/4voc45ycusw17304voc45ycusw235164.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dba2fe565422df57625e2c6d91d8aeea
c8e4352de353456f314334b73d1ef271af34ec93
6625673124bcc9e6a8cf58417111e2fbc4fd60053b0d84b835ef4063843ef389
GET /upload/vod/2022/11-24/17/4voc45ycusw17304voc45ycusw235164.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 5074
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6381
content-disposition: inline; filename="4voc45ycusw17304voc45ycusw235164.webp"
etag: "637f39af-18ed"
last-modified: Thu, 24 Nov 2022 09:30:23 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5898f0b06-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d8efdd41b8040a8ac3fb7ae891d1d54
3eb9674f12bbfe098808b7011f6867a25e4f5885
85b45ec330e2f9aad9e5d67855495625c60bcc71cd94ff5759453e06fb1104ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85B45EC330E2F9AAD9E5D67855495625C60BCC71CD94FF5759453E06FB1104EA"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15917
Expires: Fri, 25 Nov 2022 14:24:33 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/y3x1eidsvx11730y3x1eidsvx1225162.jpg
104.22.12.214200 OK 8.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/y3x1eidsvx11730y3x1eidsvx1225162.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 28b3566436c7e47f1f856d5bc694d8da
913c560fbd4873020557c4f1439c974b57c82812
635d4873e59ecc756c0a9076570e9173c1f6298764036cdb200291723cd844a5
GET /upload/vod/2022/11-24/17/y3x1eidsvx11730y3x1eidsvx1225162.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 8072
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9668
content-disposition: inline; filename="y3x1eidsvx11730y3x1eidsvx1225162.webp"
etag: "637f39ae-25c4"
last-modified: Thu, 24 Nov 2022 09:30:22 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2330
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5898e0b06-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d8efdd41b8040a8ac3fb7ae891d1d54
3eb9674f12bbfe098808b7011f6867a25e4f5885
85b45ec330e2f9aad9e5d67855495625c60bcc71cd94ff5759453e06fb1104ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85B45EC330E2F9AAD9E5D67855495625C60BCC71CD94FF5759453E06FB1104EA"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15917
Expires: Fri, 25 Nov 2022 14:24:33 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
38.239.194.4/template/m1938/css/ate.css
38.239.194.4200 OK 6.0 kB URL HTTP/1.1 38.239.194.4/template/m1938/css/ate.css
IP 38.239.194.4:0
File type ASCII text, with CRLF line terminators
Hash 251de3a6c1f48287067d6e9884f7888f
d0d01ad05609d705df6dc86c14d7911aab71b8f2
256f80b2d6f2d004ddba641a773690bae0c70094d68d2ea3fa5b3893ff4ecb94
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/css/ate.css HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: text/css
Last-Modified: Sun, 07 Mar 2021 04:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6044558a-126e5"
Expires: Fri, 25 Nov 2022 21:59:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
js.users.51.la/21285107.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21285107.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 2a62068128af7ac1e9295a6aa9288681
34e7db7d16d30ebe5b5aad07e667df21d9a2945a
4106736f2422718c5c5c49f1176be5432993ccce430a2445d6ec2839758dd35c
GET /21285107.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=d1e6731900d2a319d70; path=/
HWWAFSESTIME=1669370353445; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/udqy5husaln1730udqy5husaln135142.jpg
104.22.12.214200 OK 7.5 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/udqy5husaln1730udqy5husaln135142.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b7cbb3a5a7aa875e0ec5e04d09e06b7b
451d7d0e3a8929b6029c38acdc30a12adbb1fa05
452e88a310328abf6648527e0bb0888484859af496020ab2169cd144497da9c6
GET /upload/vod/2022/11-24/17/udqy5husaln1730udqy5husaln135142.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 7492
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8129
content-disposition: inline; filename="udqy5husaln1730udqy5husaln135142.webp"
etag: "637f39a5-1fc1"
last-modified: Thu, 24 Nov 2022 09:30:13 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d579880b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/1kjb3ztu3a317301kjb3ztu3a3265170.jpg
104.22.12.214200 OK 4.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/1kjb3ztu3a317301kjb3ztu3a3265170.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ca06d5353270228cd993533ce47fea66
0cd4d4870b84184b1434823b0db7bf3becec3d0c
d893c8e380c59b4a1c8484f55ebd2f913e9c364d484be06dd3154d100c28db08
GET /upload/vod/2022/11-24/17/1kjb3ztu3a317301kjb3ztu3a3265170.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 4684
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6979
content-disposition: inline; filename="1kjb3ztu3a317301kjb3ztu3a3265170.webp"
etag: "637f39b2-1b43"
last-modified: Thu, 24 Nov 2022 09:30:26 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d589940b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/hviplus5zcy1730hviplus5zcy125140.jpg
104.22.12.214200 OK 9.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/hviplus5zcy1730hviplus5zcy125140.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c7e9ad2792e5812a811f1554dcbc0b47
0b8291d49705fd25f9a79f4b0ece6a16c5015f60
0e444921e38e4a94bba49430009803b450b6425ee7d19d73c5e447a3ebc3ab33
GET /upload/vod/2022/11-24/17/hviplus5zcy1730hviplus5zcy125140.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 9276
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10018
content-disposition: inline; filename="hviplus5zcy1730hviplus5zcy125140.webp"
etag: "637f39a4-2722"
last-modified: Thu, 24 Nov 2022 09:30:12 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d579870b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/3f4ecaa3qvj17303f4ecaa3qvj245166.jpg
104.22.12.214200 OK 13 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/3f4ecaa3qvj17303f4ecaa3qvj245166.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash b6de591e807a508fc7e4276db14bc030
3665b42020b4391269cdd0ec5c9706714f80ca61
bf68f96828de4c78c441c45d3a8f5dfe4d8e8e857125b48aedcf730e51f57128
GET /upload/vod/2022/11-24/17/3f4ecaa3qvj17303f4ecaa3qvj245166.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 12764
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=15170, status=webp_bigger
etag: "637f39b0-3b42"
last-modified: Thu, 24 Nov 2022 09:30:24 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d589910b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-23/09/wlaouoilj2j0900wlaouoilj2j584802.jpg
104.22.12.214200 OK 3.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-23/09/wlaouoilj2j0900wlaouoilj2j584802.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5af06725625313aab0304db3476cfd34
aa7eb207c3be2bf001f02be76428fe33de239f84
b795566977ff2c4b086f7fc87411a4cccb8863001e766c009eec1f16ed20c020
GET /upload/vod/2022/11-23/09/wlaouoilj2j0900wlaouoilj2j584802.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 3870
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5957
content-disposition: inline; filename="wlaouoilj2j0900wlaouoilj2j584802.webp"
etag: "637d70ca-1745"
last-modified: Wed, 23 Nov 2022 01:00:58 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d589950b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/30cfvwvgjak173030cfvwvgjak115138.jpg
104.22.12.214200 OK 12 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/30cfvwvgjak173030cfvwvgjak115138.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cd1a02d4532c85de5a1e06cd1564c54e
f6da14f362ddfd39c98e303d59ee90baadde593f
6e2057790947b4ec53238dfed15323049c39b8dd00fec609858011c780f867e6
GET /upload/vod/2022/11-24/17/30cfvwvgjak173030cfvwvgjak115138.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 12476
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=12724
content-disposition: inline; filename="30cfvwvgjak173030cfvwvgjak115138.webp"
etag: "637f39a3-31b4"
last-modified: Thu, 24 Nov 2022 09:30:11 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5899c0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/sunqzepigob1730sunqzepigob195154.jpg
104.22.12.214200 OK 7.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/sunqzepigob1730sunqzepigob195154.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7a314f5595738bedb10b9086cc300500
958e1fab4f608a2e981198bdc7ee4964dd05124f
4a2ec5493e2e6c98e6c069ff425250a61322d1320ca2357cb4c8696ee85094f9
GET /upload/vod/2022/11-24/17/sunqzepigob1730sunqzepigob195154.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 7766
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9211
content-disposition: inline; filename="sunqzepigob1730sunqzepigob195154.webp"
etag: "637f39ab-23fb"
last-modified: Thu, 24 Nov 2022 09:30:19 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d589890b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/o0kpydpwigp1730o0kpydpwigp105134.jpg
104.22.12.214200 OK 8.5 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/o0kpydpwigp1730o0kpydpwigp105134.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1a08b9ae07c2a93955ad8b80543a3793
5563920aff337e459779d6100a3f143ac0148508
0e484d86dd62950118ea6365707b35542e9985a7472041f8bfcfb87ddb1369d0
GET /upload/vod/2022/11-24/17/o0kpydpwigp1730o0kpydpwigp105134.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 8482
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11388
content-disposition: inline; filename="o0kpydpwigp1730o0kpydpwigp105134.webp"
etag: "637f39a2-2c7c"
last-modified: Thu, 24 Nov 2022 09:30:10 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d579860b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/1el045t00pv17301el045t00pv145144.jpg
104.22.12.214200 OK 9.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/1el045t00pv17301el045t00pv145144.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 97a079367349730dd3374b2250d89560
a3bf3c527e4e61c01193401cfb677abcfd9c971c
23c9c7cc617206a3b83068a8d88196d1c09530f22c84188475938d3501f8220f
GET /upload/vod/2022/11-24/17/1el045t00pv17301el045t00pv145144.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 9718
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10270, status=webp_bigger
etag: "637f39a6-281e"
last-modified: Thu, 24 Nov 2022 09:30:14 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d579850b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/kr2311vbxw51730kr2311vbxw5105136.jpg
104.22.12.214200 OK 7.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/kr2311vbxw51730kr2311vbxw5105136.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 13db57111e466476e6663a55dfeaac51
d83c735da4bb38f5dbbc91fe6b7969f715f486b6
d3c76b6057a0fda40ea7393dcd28807c36ac64c92d3b09995f9560502b83d077
GET /upload/vod/2022/11-24/17/kr2311vbxw51730kr2311vbxw5105136.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 7874
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9027
content-disposition: inline; filename="kr2311vbxw51730kr2311vbxw5105136.webp"
etag: "637f39a3-2343"
last-modified: Thu, 24 Nov 2022 09:30:11 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d5899b0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/0rur5rubhdo17300rur5rubhdo155146.jpg
104.22.12.214200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/0rur5rubhdo17300rur5rubhdo155146.jpg
IP 104.22.12.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 2184a18ed38cce5f44abc5bb33d31710
6984d5b2a2759b4a18624c3230a7f2098fc58da1
c2464f080c766dcbf2c24de7d6e39b872856538809eb2693f73d4a51d58f9d89
GET /upload/vod/2022/11-24/17/0rur5rubhdo17300rur5rubhdo155146.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/jpeg
content-length: 10467
cf-bgj: imgq:85,h2pri
cf-polished: origSize=11206, status=webp_bigger
etag: "637f39a7-2bc6"
last-modified: Thu, 24 Nov 2022 09:30:15 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987d5899a0b06-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-24/17/aamqzw5pumv1730aamqzw5pumv255168.jpg
104.22.12.214200 OK 3.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-24/17/aamqzw5pumv1730aamqzw5pumv255168.jpg
IP 104.22.12.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7d0a31c80e7bc1a02ebf1b790a97c6e7
3d74e64a82a768f47a83b1843b15ef8b007deec9
01e6409fdc0729495ccf5f2641c9897ebfaef30336cc4f389b0da6727c95c7bf
GET /upload/vod/2022/11-24/17/aamqzw5pumv1730aamqzw5pumv255168.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: image/webp
content-length: 3682
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5671
content-disposition: inline; filename="aamqzw5pumv1730aamqzw5pumv255168.webp"
etag: "637f39b1-1627"
last-modified: Thu, 24 Nov 2022 09:30:25 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 76f987d589920b06-OSL
X-Firefox-Spdy: h2
38.239.194.4/template/m1938/css/zui.css
38.239.194.4200 OK 22 kB URL HTTP/1.1 38.239.194.4/template/m1938/css/zui.css
IP 38.239.194.4:0
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
Hash 989119441b99dc00d29481edf802fef3
c3141b9d2c5e3d82f2a3a2e6abd747b198cbc7ea
4d49f5f5cd38ba825d17e7d76c9592e824c495b3d1a01246454cfa72029598fd
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/css/zui.css HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Apr 2022 16:48:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"624b214a-17838"
Expires: Fri, 25 Nov 2022 21:59:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
js.users.51.la/21481107.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21481107.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash bf21d1c7769c2a14bd910ae21ae1d68e
205b103838a383a22ae4869b053d8d20546bbebd
f843ce4be057b27ca449aac019bafa3fa2d08100c97dee30f1703f8875565954
GET /21481107.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=b27f6367dc532b7e9c8; path=/
HWWAFSESTIME=1669370353451; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
38.239.194.4/template/m1938/images/1.gif
38.239.194.4200 OK 254 B URL HTTP/1.1 38.239.194.4/template/m1938/images/1.gif
IP 38.239.194.4:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/images/1.gif HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: image/gif
Content-Length: 254
Last-Modified: Mon, 04 Apr 2022 14:58:52 GMT
Connection: keep-alive
ETag: "624b07ac-fe"
Expires: Sun, 25 Dec 2022 09:59:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6783a14dcf1e45bf85c21fb9c2633f8b
38a83dee1d62563e1f883f17bd051d5c1c50e6a5
68c5a150ea2d1e7ccd3fb32d84ee4dd4ef5f1efca80d3b02e953c9437da8dbc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68C5A150EA2D1E7CCD3FB32D84EE4DD4EF5F1EFCA80D3B02E953C9437DA8DBC8"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19574
Expires: Fri, 25 Nov 2022 15:25:30 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6783a14dcf1e45bf85c21fb9c2633f8b
38a83dee1d62563e1f883f17bd051d5c1c50e6a5
68c5a150ea2d1e7ccd3fb32d84ee4dd4ef5f1efca80d3b02e953c9437da8dbc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68C5A150EA2D1E7CCD3FB32D84EE4DD4EF5F1EFCA80D3B02E953C9437DA8DBC8"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19572
Expires: Fri, 25 Nov 2022 15:25:28 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6783a14dcf1e45bf85c21fb9c2633f8b
38a83dee1d62563e1f883f17bd051d5c1c50e6a5
68c5a150ea2d1e7ccd3fb32d84ee4dd4ef5f1efca80d3b02e953c9437da8dbc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68C5A150EA2D1E7CCD3FB32D84EE4DD4EF5F1EFCA80D3B02E953C9437DA8DBC8"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19534
Expires: Fri, 25 Nov 2022 15:24:50 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef72660a134e24aad964b48822c6a6e1
6a4b9bfd92cddcfb20331f7d93e837b76729560b
5f2d643c8c962b367b8052b07f1504f7dd1591d5b99ee6869f34d17f7d2c26b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F2D643C8C962B367B8052B07F1504F7DD1591D5B99EE6869F34D17F7D2C26B8"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19611
Expires: Fri, 25 Nov 2022 15:26:07 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef72660a134e24aad964b48822c6a6e1
6a4b9bfd92cddcfb20331f7d93e837b76729560b
5f2d643c8c962b367b8052b07f1504f7dd1591d5b99ee6869f34d17f7d2c26b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F2D643C8C962B367B8052B07F1504F7DD1591D5B99EE6869F34D17F7D2C26B8"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21501
Expires: Fri, 25 Nov 2022 15:57:37 GMT
Date: Fri, 25 Nov 2022 09:59:16 GMT
Connection: keep-alive
38.239.194.4/template/m1938//images/1.png
38.239.194.4200 OK 43 kB URL HTTP/1.1 38.239.194.4/template/m1938//images/1.png
IP 38.239.194.4:0
File type PNG image data, 350 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 00d985bcfda2fff5a222ca4f40d78f88
0ee6b80d0cd8c697c5692b231a9e1669aad183ce
55a9a5f94728aeabefe15240204b3210175e24a18df03aad3f4f2b8fdba89afd
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938//images/1.png HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:16 GMT
Content-Type: image/png
Content-Length: 43176
Last-Modified: Sun, 10 Apr 2022 13:53:00 GMT
Connection: keep-alive
ETag: "6252e13c-a8a8"
Expires: Sun, 25 Dec 2022 09:59:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
www.gfngus-fd5fsfr.cc/ssiq/dht.js
154.208.100.15404 Not Found 146 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/dht.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /ssiq/dht.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
www.gfngus-fd5fsfr.cc/ssiq/dl.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/dl.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ssiq/dl.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 16 Mar 2022 16:11:12 GMT
etag: "62320c20-0"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.gfngus-fd5fsfr.cc/ssiq/tj.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/tj.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ssiq/tj.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 20 Jul 2022 03:19:47 GMT
etag: "62d77453-0"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 99b4009cb5b56adf8c87ed0c5df8ac38
afad21ac3bd44aa94ffccb9677eb9bcc412b035e
bd036fab8f4c95fcd29c80f8d7bf7f24d90b963e187d71b64175d72b0da25022
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BD036FAB8F4C95FCD29C80F8D7BF7F24D90B963E187D71B64175D72B0DA25022"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13365
Expires: Fri, 25 Nov 2022 13:42:02 GMT
Date: Fri, 25 Nov 2022 09:59:17 GMT
Connection: keep-alive
tupkku.top/logotp/hgsbtr01.gif
172.67.178.134200 OK 1.6 MB URL HTTP/2 tupkku.top/logotp/hgsbtr01.gif
IP 172.67.178.134:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /logotp/hgsbtr01.gif HTTP/1.1
Host: tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:17 GMT
content-type: image/gif
content-length: 1626999
last-modified: Sun, 31 Jul 2022 13:10:59 GMT
etag: "62e67f63-18d377"
expires: Tue, 06 Dec 2022 05:13:29 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1618381
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WRKmgGJV%2Fd66QZwdZiZ7lCG3JBu6LF1kxF5GKarPVr%2B4lqPT1FF75PEt6BoJdFFJTfJm%2BOUyagrsxBE4QwTldJ19ZMuXBr7NiEC36Ty7HC18kNMVy1Qy90tZUmB7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987de9f820b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 99b4009cb5b56adf8c87ed0c5df8ac38
afad21ac3bd44aa94ffccb9677eb9bcc412b035e
bd036fab8f4c95fcd29c80f8d7bf7f24d90b963e187d71b64175d72b0da25022
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BD036FAB8F4C95FCD29C80F8D7BF7F24D90B963E187D71B64175D72B0DA25022"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13365
Expires: Fri, 25 Nov 2022 13:42:02 GMT
Date: Fri, 25 Nov 2022 09:59:17 GMT
Connection: keep-alive
38.239.194.4/template/m1938/images/video-play.png
38.239.194.4200 OK 1.6 kB URL HTTP/1.1 38.239.194.4/template/m1938/images/video-play.png
IP 38.239.194.4:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/images/video-play.png HTTP/1.1
Host: 38.239.194.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/template/m1938/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:17 GMT
Content-Type: image/png
Content-Length: 1567
Last-Modified: Fri, 29 May 2020 05:44:40 GMT
Connection: keep-alive
ETag: "5ed0a148-61f"
Expires: Sun, 25 Dec 2022 09:59:17 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1883c8cf353eaae13b3e223d0939f124
c3bece9e26b02c39938c191ebbae6a7d4f049929
985817c04fd9bebd18bfae17e578b1acdd53b1bf168b26fa4c45ff0439b7b7cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "985817C04FD9BEBD18BFAE17E578B1ACDD53B1BF168B26FA4C45FF0439B7B7CF"
Last-Modified: Thu, 24 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16334
Expires: Fri, 25 Nov 2022 14:31:31 GMT
Date: Fri, 25 Nov 2022 09:59:17 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash df4206844db9ff5e5c136fe2aa98e78c
1aacdd5ecb6d57432b6315133840b26396976514
09b9e91c2676a28fbc6f2f44a59812199ec56975d67312eda90a4e70637b0825
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 05:28:47 GMT
Expires: Thu, 01 Dec 2022 05:28:46 GMT
Etag: "1aacdd5ecb6d57432b6315133840b26396976514"
Cache-Control: max-age=501567,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987e1fc0fb4fd-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 1dba4c61882c20cb82d22a34fb12052a
94fb2241ba8b81bcb8d23f1472bb306ee272f7b6
3d7fdb397709549ebf64909bafd30e1982bbbe84510723c9d7ca4a0862ba1656
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 07:09:20 GMT
ETag: "94fb2241ba8b81bcb8d23f1472bb306ee272f7b6"
Last-Modified: Fri, 25 Nov 2022 07:09:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2072
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f987e28efb0b02-OSL
678tktp.com/tp/225x150.gif
154.83.24.157200 OK 34 kB URL HTTP/1.1 678tktp.com/tp/225x150.gif
IP 154.83.24.157:0
File type GIF image data, version 89a, 225 x 150\012- data
Hash 5b530d2ce692cec14d0ab68165562124
55ed9805398542b7a7b5e15a854d833e9cd22835
ade66d8efe4fca1daaae6761dd39bb0e735309193fd7db8ceba789c36e7410e4
GET /tp/225x150.gif HTTP/1.1
Host: 678tktp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: image/gif
Content-Length: 34379
Connection: keep-alive
Last-Modified: Sun, 20 Nov 2022 08:07:12 GMT
ETag: "6379e030-864b"
Expires: Fri, 23 Dec 2022 08:46:32 GMT
Cache-Control: max-age=2592000
Via: 154.83.24.154
CDN-Cache: HIT
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 968f6d6cab47f52c258262945670f166
ca6680deab56f259b8c8e1e0c9700baeb728e79c
b43ca7df197e51d6e83d79008cb5967426ed6b74ae0bd30e5f8d3ea313a0462c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B43CA7DF197E51D6E83D79008CB5967426ED6B74AE0BD30E5F8D3EA313A0462C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13577
Expires: Fri, 25 Nov 2022 13:45:35 GMT
Date: Fri, 25 Nov 2022 09:59:18 GMT
Connection: keep-alive
www.gfngus-fd5fsfr.cc/ssiq/qq3.js
154.208.100.15200 OK 17 kB URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/qq3.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
Hash 34df68c3d45b7d0c915194b923c68fee
ad561e56b276ae6f346eaf03b139d358427d0a03
b21543d6a8f47ea3958d86aed5acc4056cbc10c143d2d448cc993f58fb45aa00
GET /ssiq/qq3.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 11:06:08 GMT
vary: Accept-Encoding
etag: W/"6374c420-20ac"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
aooacctp.vip/logotp/xfb63.gif
172.67.161.53200 OK 801 kB URL HTTP/2 aooacctp.vip/logotp/xfb63.gif
IP 172.67.161.53:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 801 kB (800906 bytes)
Hash b67d8e3b2e6a17ef65cca5924479bcaf
170f0e54f86d9fe303bca99f7524cee878289a3f
2b6a9b53114e36c800d36b460001279b5b27d86ad0b0f79d71bd5157d7d2ba8c
GET /logotp/xfb63.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:18 GMT
content-type: image/gif
content-length: 800906
last-modified: Sun, 14 Aug 2022 07:55:32 GMT
etag: "62f8aa74-c388a"
expires: Sun, 18 Dec 2022 16:07:02 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 542335
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8eXNRYOl4WWGzL%2BDkOt4elD49ZjsjDLB0pnzb6bn7QL5XOq80USGk5M0wRXDg3K0szxIbWGwdozuvQdXEy0r%2FfcFOTM8mL%2FEtOzJT3XlB3yvV9ZK8VPt8yp2446rVu4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987e55e261c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d.wyqaafplm.live/ty/76D76AFA-C90D-17760-34-6714A92625D6.alpha
23.225.154.19200 OK 49 B URL HTTP/2 d.wyqaafplm.live/ty/76D76AFA-C90D-17760-34-6714A92625D6.alpha
IP 23.225.154.19:0
File type Unicode text, UTF-8 text, with no line terminators
Hash 61279ce051678ec50b58ea09b48b1474
3c55e78d7a401549b60af8af3a966a4c3f221d7b
6eaf9e9b236ffbfd8e5bcbf704cde4fcc4a0aa57b6890f7400672e2d662d5ff5
Analyzer Verdict Alert quad9 Sinkholed
GET /ty/76D76AFA-C90D-17760-34-6714A92625D6.alpha HTTP/1.1
Host: d.wyqaafplm.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Fri, 25 Nov 2022 09:59:18 GMT
expires: Fri, 25 Nov 2022 10:14:18 GMT
cache-control: max-age=900
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
nkiun.xyz/guanggao/22.jpg
8.210.99.166200 OK 17 kB URL HTTP/1.1 nkiun.xyz/guanggao/22.jpg
IP 8.210.99.166:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 377x377, components 3\012- data
Hash d4ff38bbb14b8c7efaf7631ed7b17d7b
29e7892508fa13314dff9e206178952a50d3ded8
1f83a9a771790e0dc7368598662280ecaed8b12b8da18ad237d0b9ec4f740099
GET /guanggao/22.jpg HTTP/1.1
Host: nkiun.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: image/jpeg
Content-Length: 16832
Last-Modified: Tue, 20 Sep 2022 14:03:48 GMT
Connection: keep-alive
ETag: "6329c844-41c0"
Expires: Sun, 25 Dec 2022 09:59:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ia.51.la/go1?id=21285107&rt=1669370357754&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1669370357754&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F38.239.194.4%252F&pu=http%253A%252F%252F38.239.196.126%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21285107&rt=1669370357754&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1669370357754&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F38.239.194.4%252F&pu=http%253A%252F%252F38.239.196.126%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21285107&rt=1669370357754&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1669370357754&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F38.239.194.4%252F&pu=http%253A%252F%252F38.239.196.126%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://38.239.194.4/
HTTP/1.1 200
Server: CloudWAF
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=5831ca09e3acad2d822; path=/
HWWAFSESTIME=1669370354340; path=/
ak-d.tripcdn.com/images/0Z03x223496bn1tjl1F95.gif
96.6.16.143200 OK 576 kB URL HTTP/2 ak-d.tripcdn.com/images/0Z03x223496bn1tjl1F95.gif
IP 96.6.16.143:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 576 kB (576269 bytes)
Hash d18a583c2d2ea700e268b1e2749139de
489359e1381aeb2806af0896d5a36b2fc932c125
09060e9dac6e8a5f191258114d32bce1865a47da1ddc0eb47a70e8aa8bfc0d59
GET /images/0Z03x223496bn1tjl1F95.gif HTTP/1.1
Host: ak-d.tripcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 576269
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
x-edgeconnect-midmile-rtt: 21
x-edgeconnect-origin-mex-latency: 59
cache-control: max-age=6996812
expires: Tue, 14 Feb 2023 09:32:50 GMT
date: Fri, 25 Nov 2022 09:59:18 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
ak-d.tripcdn.com/images/0Z0292215cyp9qgrk7748.gif
96.6.16.143200 OK 1.4 MB URL HTTP/2 ak-d.tripcdn.com/images/0Z0292215cyp9qgrk7748.gif
IP 96.6.16.143:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 1.4 MB (1448406 bytes)
Hash 005a9ab21c34732aead0e3343700e682
175e856610e8f086806124faac5ed66354f46682
9df8d48adea8f822668643b1f0d2b0f025f92e3cd7249b04061a654b7dbdb466
GET /images/0Z0292215cyp9qgrk7748.gif HTTP/1.1
Host: ak-d.tripcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 1448406
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=7267538
expires: Fri, 17 Feb 2023 12:44:56 GMT
date: Fri, 25 Nov 2022 09:59:18 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 968f6d6cab47f52c258262945670f166
ca6680deab56f259b8c8e1e0c9700baeb728e79c
b43ca7df197e51d6e83d79008cb5967426ed6b74ae0bd30e5f8d3ea313a0462c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B43CA7DF197E51D6E83D79008CB5967426ED6B74AE0BD30E5F8D3EA313A0462C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13577
Expires: Fri, 25 Nov 2022 13:45:35 GMT
Date: Fri, 25 Nov 2022 09:59:18 GMT
Connection: keep-alive
www.gfngus-fd5fsfr.cc/ssiq/dht.js
154.208.100.15404 Not Found 146 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/dht.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /ssiq/dht.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 25 Nov 2022 09:59:18 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2aee78ed2e3d7de1b2a7a2b23d097360
782463d3db74bbe0439feaf7c1fe18aa6f20aef7
72337b48ac80604e2338c6889fc2ffd9560062931e228fe1abc422e3312d9be9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2037
Cache-Control: max-age=105437
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:18 GMT
Etag: "637f82de-117"
Expires: Sat, 26 Nov 2022 15:16:35 GMT
Last-Modified: Thu, 24 Nov 2022 14:42:38 GMT
Server: ECS (amb/6B8A)
X-Cache: HIT
Content-Length: 279
nvhbbb.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
172.67.170.188200 OK 159 kB URL HTTP/2 nvhbbb.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
IP 172.67.170.188:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 159 kB (158847 bytes)
Hash a497c1ae73df54fe08463b3342b8d1d0
73ce4da38e2826e033444992cff2a827eb474c97
e9f7f7dc820dc334c1cf0e7ccb151c7483c7a64cc7c28f50de03fa2f65c34957
GET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/1.1
Host: nvhbbb.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:18 GMT
content-type: image/gif
content-length: 158847
last-modified: Wed, 10 Aug 2022 09:44:15 GMT
etag: "62f37def-26c7f"
expires: Fri, 23 Dec 2022 11:35:04 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 167054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uf7vEL0YWYSZEhaXL1QKPODlHSd2eEC9k5WUTN20D01nALXvncfDAw9gcazsgawLjhX%2FXsSBvO35gCL%2BsX10x2THIuumxMvt6lOOh4bPCm9G6S9obI0XDZ6h5eAz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987e72d5ab51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2aee78ed2e3d7de1b2a7a2b23d097360
782463d3db74bbe0439feaf7c1fe18aa6f20aef7
72337b48ac80604e2338c6889fc2ffd9560062931e228fe1abc422e3312d9be9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2037
Cache-Control: max-age=105437
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:18 GMT
Etag: "637f82de-117"
Expires: Sat, 26 Nov 2022 15:16:35 GMT
Last-Modified: Thu, 24 Nov 2022 14:42:38 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
dimg04.c-ctrip.com/images/0Z06r12000a1q59pc5E63.gif
104.110.17.24200 OK 494 kB URL HTTP/2 dimg04.c-ctrip.com/images/0Z06r12000a1q59pc5E63.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 494 kB (494073 bytes)
Hash a4b5924a4f837fc68184b2c9734497ba
8cf1875d4dd8385719ce447cf8a769b746601e39
311758228e255024dc721b038305a62d40349b817ac26f272cf6e9fa044bf39b
GET /images/0Z06r12000a1q59pc5E63.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 494073
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=11154310
expires: Mon, 03 Apr 2023 12:24:29 GMT
date: Fri, 25 Nov 2022 09:59:19 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ea238f3f5d867a88d919aada5f5c988a
8693ec9900da8a4c31d2a0734d4de21d6b84a690
a358413427ce3590c6b340c90d53acd48dda9c7647f9393a0fd185cf3c2e9a44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A358413427CE3590C6B340C90D53ACD48DDA9C7647F9393A0FD185CF3C2E9A44"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17585
Expires: Fri, 25 Nov 2022 14:52:24 GMT
Date: Fri, 25 Nov 2022 09:59:19 GMT
Connection: keep-alive
678tktp.com/tp/960x60.gif
154.83.24.157200 OK 42 kB URL HTTP/1.1 678tktp.com/tp/960x60.gif
IP 154.83.24.157:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 4fd9de737ce6698fb5c3a0eb52ed3cdf
da1fc841a82ddbfcee0dde9dd50b34acad24ce50
03cae438deedf1f1eb905ac79daef3fa63b8a45c51c9fbbe8164e7df0ac4a58c
GET /tp/960x60.gif HTTP/1.1
Host: 678tktp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: image/gif
Content-Length: 41618
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 04:31:47 GMT
ETag: "63688a33-a292"
Expires: Fri, 23 Dec 2022 16:11:10 GMT
Cache-Control: max-age=2592000
Via: 154.83.24.154
CDN-Cache: HIT
Accept-Ranges: bytes
dimg04.c-ctrip.com/images/03913120009rs7n3a8C45.gif
104.110.17.24200 OK 1.2 MB URL HTTP/2 dimg04.c-ctrip.com/images/03913120009rs7n3a8C45.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 1.2 MB (1186991 bytes)
Hash b7ff6b584c23b3c247d43c4dd73a9063
7430c81b9edcef194c4165a31f1293b489f9c53e
7bec7d626dc2ca81a95ebae691c949068aaa3bb3060662887f613882b3b3afc5
GET /images/03913120009rs7n3a8C45.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 1186991
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=10539093
expires: Mon, 27 Mar 2023 09:30:52 GMT
date: Fri, 25 Nov 2022 09:59:19 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 225fdcb65dd238bbca6ddef653409c9c
3653498ce8d8ddfa6d247dc94dba4c43c586d62f
5ddaccc55ca041a6d7d18c78b2ab5171762e8e19d1f3510f5fb2c557eb926507
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DDACCC55CA041A6D7D18C78B2AB5171762E8E19D1F3510F5FB2C557EB926507"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13621
Expires: Fri, 25 Nov 2022 13:46:20 GMT
Date: Fri, 25 Nov 2022 09:59:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 63add92414da3c7a6c6c80da09a52b3b
02f05fd6c6d0435d02119cc6040ef8b583697f09
6b669228c50af0eb33dd89682464071c62c509ccc83f604346de463841ce9424
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B669228C50AF0EB33DD89682464071C62C509CCC83F604346DE463841CE9424"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8132
Expires: Fri, 25 Nov 2022 12:14:51 GMT
Date: Fri, 25 Nov 2022 09:59:19 GMT
Connection: keep-alive
kvkaa.com/d816a0142aeb37814a5d77cfd510e67b.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/d816a0142aeb37814a5d77cfd510e67b.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d816a0142aeb37814a5d77cfd510e67b.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 09:59:19 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/d816a0142aeb37814a5d77cfd510e67b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 42278ef7e6589af98c2423b75e7c46bd
caf43419f16b0946e0ff0c590096dd2b945e7b92
16aff9cc0c99e7ab1ce8918e332416be4e5daeda76ea2265849088dcba0caad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16AFF9CC0C99E7AB1CE8918E332416BE4E5DAEDA76EA2265849088DCBA0CAAD7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7906
Expires: Fri, 25 Nov 2022 12:11:05 GMT
Date: Fri, 25 Nov 2022 09:59:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca07d4a6cb15ddf3471e3ad3a0df9f3a
ee444dbba986b80e30b116d57ee1544cb184949f
8c49abbe066ef732bacf572daf7714b0af7c3a1d83954d6ad022512416164d96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=137229
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:19 GMT
Etag: "63800704-117"
Expires: Sun, 27 Nov 2022 00:06:28 GMT
Last-Modified: Fri, 25 Nov 2022 00:06:28 GMT
Server: nginx
Content-Length: 279
kvtaaa.top/d816a0142aeb37814a5d77cfd510e67b.gif
172.67.173.230200 OK 186 kB URL HTTP/2 kvtaaa.top/d816a0142aeb37814a5d77cfd510e67b.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 186 kB (185463 bytes)
Hash 07d436db9009e187330d91ffc5c77745
a7944de8f44192fe6bee6e6584d03966d0ffe8b8
75e2ad510799f05ddf20510e09f538233254217314fc7b301370407112eab0e2
GET /d816a0142aeb37814a5d77cfd510e67b.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://38.239.194.4/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:19 GMT
content-type: image/gif
content-length: 185463
last-modified: Mon, 13 Jun 2022 10:10:31 GMT
etag: "62a70d17-2d477"
expires: Sun, 11 Dec 2022 15:25:39 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1190020
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmWid16EPLu71zWv7HuCXwlGUWp5tSspPlPDUXiQOqJAZiC7juv3a30BRdtmYBZp4Odz4sup409XsmVvlnIR0Vpw21kdA%2FQrm%2BC6j%2BZ5dzLhVss%2BzrkC7Gtt5LEE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987eb8ac7b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 345d5c98dc03b290c7bda10d8b448b20
bb604f288579d31c276519450c0036f131c96683
6a289474c710c34f4d6ecbcd96637671906b4c58c8505a8ec0e5c6b80603552f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 00:14:21 GMT
Expires: Tue, 29 Nov 2022 00:14:20 GMT
Etag: "bb604f288579d31c276519450c0036f131c96683"
Cache-Control: max-age=309900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987eb59180b39-OSL
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 25 Nov 2022 09:59:19 GMT
content-type: text/html
content-length: 162
location: https://kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d44c7823ced4481d584fca0963c39140
d00999880d204f0de341dc43b03ecac7bae6328b
173264ab91b1551c549c94879fa6645972a683c4111e8bd7e74f1d42bf38fe66
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 09:52:02 GMT
Expires: Fri, 02 Dec 2022 09:52:01 GMT
Etag: "d00999880d204f0de341dc43b03ecac7bae6328b"
Cache-Control: max-age=603761,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987eb4d2b0b4d-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 59b02c1c948cef8ac39cb280b2422d4d
31b11d0550d45edc800a0f7e17838abbbb1498c8
66d52879030be45f297ae1d7fd40cee0700712dc87456efd19a6886506aa064f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 23:21:49 GMT
Expires: Tue, 29 Nov 2022 23:21:48 GMT
Etag: "31b11d0550d45edc800a0f7e17838abbbb1498c8"
Cache-Control: max-age=393148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987eb3a89b4fd-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 77b1ac6fcb8a2f322305213b2d8ad256
09688400cad5bd7613942ff730a405e70c4efdbe
d490db1b76558b75898370ce1ba6d8883b495c0d95cad29246a01e8b5d7f236b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 05:12:51 GMT
Expires: Thu, 01 Dec 2022 05:12:50 GMT
Etag: "09688400cad5bd7613942ff730a405e70c4efdbe"
Cache-Control: max-age=500610,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987eb4d760b69-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca07d4a6cb15ddf3471e3ad3a0df9f3a
ee444dbba986b80e30b116d57ee1544cb184949f
8c49abbe066ef732bacf572daf7714b0af7c3a1d83954d6ad022512416164d96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=137229
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:19 GMT
Etag: "63800704-117"
Expires: Sun, 27 Nov 2022 00:06:28 GMT
Last-Modified: Fri, 25 Nov 2022 00:06:28 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash da71cb9245282574079d7ad854ebf4e1
8455fdf748d6824d5c54da005fbd8288e00392af
3d8992f613119538bbb18628168e08fa95947acd855cb6c66d3dc5dde2e0efc6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 08:23:24 GMT
Expires: Thu, 01 Dec 2022 08:23:23 GMT
Etag: "8455fdf748d6824d5c54da005fbd8288e00392af"
Cache-Control: max-age=512043,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987eb8c93b4ff-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash da71cb9245282574079d7ad854ebf4e1
8455fdf748d6824d5c54da005fbd8288e00392af
3d8992f613119538bbb18628168e08fa95947acd855cb6c66d3dc5dde2e0efc6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 08:23:24 GMT
Expires: Thu, 01 Dec 2022 08:23:23 GMT
Etag: "8455fdf748d6824d5c54da005fbd8288e00392af"
Cache-Control: max-age=512043,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ebb94b0b39-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 4d1ec21768fc688c5c6e6cb06da48823
d93bd6d524182b73306ac976181735f35446104d
18a167d8d8c8286b50b86a0ea1611cadac3113c63aea47ab81520a645d95127e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 07:09:56 GMT
Expires: Fri, 02 Dec 2022 07:09:55 GMT
Etag: "d93bd6d524182b73306ac976181735f35446104d"
Cache-Control: max-age=594035,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ecec3eb524-OSL
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4324
Expires: Fri, 25 Nov 2022 11:11:23 GMT
Date: Fri, 25 Nov 2022 09:59:19 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash da71cb9245282574079d7ad854ebf4e1
8455fdf748d6824d5c54da005fbd8288e00392af
3d8992f613119538bbb18628168e08fa95947acd855cb6c66d3dc5dde2e0efc6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 08:23:24 GMT
Expires: Thu, 01 Dec 2022 08:23:23 GMT
Etag: "8455fdf748d6824d5c54da005fbd8288e00392af"
Cache-Control: max-age=512043,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ec8e930b4d-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 4d1ec21768fc688c5c6e6cb06da48823
d93bd6d524182b73306ac976181735f35446104d
18a167d8d8c8286b50b86a0ea1611cadac3113c63aea47ab81520a645d95127e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 07:09:56 GMT
Expires: Fri, 02 Dec 2022 07:09:55 GMT
Etag: "d93bd6d524182b73306ac976181735f35446104d"
Cache-Control: max-age=594035,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ec9dcab4f1-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 4d1ec21768fc688c5c6e6cb06da48823
d93bd6d524182b73306ac976181735f35446104d
18a167d8d8c8286b50b86a0ea1611cadac3113c63aea47ab81520a645d95127e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 07:09:56 GMT
Expires: Fri, 02 Dec 2022 07:09:55 GMT
Etag: "d93bd6d524182b73306ac976181735f35446104d"
Cache-Control: max-age=594035,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ecba30b4f9-OSL
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac88f81f2cca3102d87cd03c11b529bc
32afcf40894b57f897dcb4cf4cd4338284c754c5
91717e655a6f519bedf0cecf42f85e2e458424ff0dc0af4d23322fa5983faa22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "91717E655A6F519BEDF0CECF42F85E2E458424FF0DC0AF4D23322FA5983FAA22"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4323
Expires: Fri, 25 Nov 2022 11:11:23 GMT
Date: Fri, 25 Nov 2022 09:59:20 GMT
Connection: keep-alive
kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
104.21.235.62200 OK 902 kB URL HTTP/2 kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.21.235.62:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://38.239.194.4/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 09:59:19 GMT
content-type: image/gif
content-length: 902313
last-modified: Sat, 12 Mar 2022 15:17:28 GMT
etag: "622cb988-dc4a9"
expires: Sun, 04 Dec 2022 22:58:19 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1767660
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiSijbHu5ansTJANDClejDc3MkEjoxvmrLKN4rlWbQ95VxvyIRCgBtMakOI1%2BOm1J6Z6tZUw56h64Hj7g%2BDQ5TrY1UmYtpopJ%2FAZ6%2FlQeNQjvviAe%2BZUxGqQ6F18"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f987ed7d31dc73-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 4d1ec21768fc688c5c6e6cb06da48823
d93bd6d524182b73306ac976181735f35446104d
18a167d8d8c8286b50b86a0ea1611cadac3113c63aea47ab81520a645d95127e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 07:09:56 GMT
Expires: Fri, 02 Dec 2022 07:09:55 GMT
Etag: "d93bd6d524182b73306ac976181735f35446104d"
Cache-Control: max-age=594035,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f987ed1c94b524-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash ea58433a5256d43e684039eca10cfef7
8dc3e65ed86f53d77a8f87ffb6ad6504c4b756f2
4efd95a1c3258de258cc8bc57605c7a16536a2913fc0eb388ac76f00eb89476f
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 08:45:22 GMT
ETag: "8dc3e65ed86f53d77a8f87ffb6ad6504c4b756f2"
Last-Modified: Fri, 25 Nov 2022 08:45:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f987ed9ac80b02-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash ea58433a5256d43e684039eca10cfef7
8dc3e65ed86f53d77a8f87ffb6ad6504c4b756f2
4efd95a1c3258de258cc8bc57605c7a16536a2913fc0eb388ac76f00eb89476f
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 29 Nov 2022 08:45:22 GMT
ETag: "8dc3e65ed86f53d77a8f87ffb6ad6504c4b756f2"
Last-Modified: Fri, 25 Nov 2022 08:45:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f987eedd6d0b02-OSL
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 3c802933cbcc9e541e2f677ea7d32465
189b12dcbf7a957d0808bed1b7738abe5fdcf31a
b48a53359186928285167549c54fbcf2033d0971441aa57de3f59561626dae95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6048
Cache-Control: max-age=135391
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:59:20 GMT
Etag: "637fe837-2d7"
Expires: Sat, 26 Nov 2022 23:35:51 GMT
Last-Modified: Thu, 24 Nov 2022 21:55:03 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 727
p3.douyinpic.com/obj/tos-cn-i-dy/4cc6e027ff07440b86b4c8f810e13446
47.246.44.230200 OK 420 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/4cc6e027ff07440b86b4c8f810e13446
IP 47.246.44.230:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 420 kB (420442 bytes)
Hash 7020ecb5ebdf5d2d41668f76d36f5982
30c768ceb1463fffc0145f1e73c808f8f6d2bb51
3a55db6e5e4fa541729efffaa932549e491e07af768e1c3c3d1dad65ae53a8bb
GET /obj/tos-cn-i-dy/4cc6e027ff07440b86b4c8f810e13446 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 420442
date: Thu, 17 Nov 2022 10:44:41 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 17 Nov 2022 10:43:05 GMT
nw-session-id: 2022111718430501020909506614B08F3Clqbnq02dy
nw-session-trace: 2022-11-17T18:43:05.564818541+08:00 195
x-bdcdn-cache-status: TCP_HIT
x-length: 420442
x-powered-by: ImageX
x-response-date: Thu, 17 Nov 2022 18:43:05 GMT
x-tt-logid: 2022111718430501020909506614B08F3C
via: n150-057-105, cache26.l2de2[0,23,206-0,H], cache3.l2de2[26,0], cache3.l2de2[27,0], cache2.se1[0,0,200-0,H], cache1.se1[3,0]
x-request-ip: fdbd:dc02:19:485::47
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=3
x-tt-trace-host: 01cd9ebcbab541bdda5cbcefeefd3a5fb040e592f966e0cfcd4470f84a8f17ff26b6d3a886b1ab9aafa65f58774e3d1c8250dafd765d519ebb500b706905601594e0f53416cca5e0cdc27c37dfbec470a4088b978fac19a2f476c3ee53560955b6
x-response-lb: image
ali-swift-global-savetime: 1668681881
age: 688479
x-cache: HIT TCP_HIT dirn:6:91436273
x-swift-savetime: Thu, 17 Nov 2022 10:56:06 GMT
x-swift-cachetime: 31535315
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516693703601837147e
X-Firefox-Spdy: h2
d.wyqaafplm.live/ty/FAA6AAAC-4775-18522-33-6E8DF2D94015.alpha
23.225.154.19200 OK 86 kB URL HTTP/2 d.wyqaafplm.live/ty/FAA6AAAC-4775-18522-33-6E8DF2D94015.alpha
IP 23.225.154.19:0
Hash 75bc3bdb03b42b39a361fe11e7e8424a
6ab43506a92fa28cf81e2b943833266499017c05
9b80dfdeabbdb45511efdfa71f9a5a5e4952816c6058059b8b8943fd2a1ee0f4
Analyzer Verdict Alert quad9 Sinkholed
GET /ty/FAA6AAAC-4775-18522-33-6E8DF2D94015.alpha HTTP/1.1
Host: d.wyqaafplm.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Fri, 25 Nov 2022 09:59:18 GMT
expires: Fri, 25 Nov 2022 10:14:18 GMT
cache-control: max-age=900
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f855f451642b3dc93983f5cb2d63cc59
1bf58eff94d0fa8281acbdf4bb78dff3c15be66e
230727299f01a7af9436ff0e17416d3e57d6885056cc805b47164d5aa057475f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "230727299F01A7AF9436FF0E17416D3E57D6885056CC805B47164D5AA057475F"
Last-Modified: Wed, 23 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21569
Expires: Fri, 25 Nov 2022 15:58:49 GMT
Date: Fri, 25 Nov 2022 09:59:20 GMT
Connection: keep-alive
gg72a1.com/gg/960x60-2.gif
137.175.13.103200 OK 567 kB URL HTTP/2 gg72a1.com/gg/960x60-2.gif
IP 137.175.13.103:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 567 kB (566629 bytes)
Hash c9fa1542af8b7e568dc7b3a56522b833
1449fff789834cb44c300d12d770eeb251a4bbd5
7db19a9e96ed52f61b3b4c76bf6cac9259ae0b3e9d18eb597320c30a0e4e1e90
GET /gg/960x60-2.gif HTTP/1.1
Host: gg72a1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 10:01:37 GMT
content-type: image/gif
content-length: 566629
last-modified: Tue, 01 Nov 2022 07:49:47 GMT
etag: "6360cf9b-8a565"
expires: Sun, 25 Dec 2022 10:01:37 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/c4/aec2fc715ed9100d40a15aa4b82c28.gif?attname=290299ed48d84c7b99d8fbd8a96a254c.gif
47.75.19.145200 OK 186 kB URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/c4/aec2fc715ed9100d40a15aa4b82c28.gif?attname=290299ed48d84c7b99d8fbd8a96a254c.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 150 x 150\012- data
Size 186 kB (186342 bytes)
Hash c4aec2fc715ed9100d40a15aa4b82c28
c147669e2e7bffdbff992edf4b8ab2b146040dce
b349c187657aac001daafe636bf8c97f2c81c13f526886cb3fc9bafc0b8cb6df
GET /c4/aec2fc715ed9100d40a15aa4b82c28.gif?attname=290299ed48d84c7b99d8fbd8a96a254c.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: image/gif
Content-Length: 186342
Connection: keep-alive
x-oss-request-id: 638091F69DB57839363F0E94
Accept-Ranges: bytes
ETag: "C4AEC2FC715ED9100D40A15AA4B82C28"
Last-Modified: Mon, 18 Jul 2022 12:33:24 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17557702505599265099
x-oss-storage-class: Standard
Content-Disposition: inline;filename=290299ed48d84c7b99d8fbd8a96a254c.gif
Content-MD5: xK7C/HFe2RANQKFapLgsKA==
x-oss-server-time: 2
986338dsd.com/33c3cc8978d241dc99eb1c2fed141d7d.gif
103.170.15.81200 OK 359 kB URL HTTP/1.1 986338dsd.com/33c3cc8978d241dc99eb1c2fed141d7d.gif
IP 103.170.15.81:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 359 kB (358672 bytes)
Hash 668143938c3bb811847d83330decd423
f86300da5d773b84bc65d3c901a4767fd8566c48
a06c47f458fdbd01ba8ba0202fb615e94e2353d65098b480ede52a13a645f859
Analyzer Verdict Alert quad9 Sinkholed
GET /33c3cc8978d241dc99eb1c2fed141d7d.gif HTTP/1.1
Host: 986338dsd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "636cc2ea-57910"
Date: Sat, 12 Nov 2022 00:22:26 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 10 Nov 2022 09:22:50 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-11
Content-Length: 358672
638236rpn.com/da4fca5f2b554096b6d3d4c2c2ea7828.gif
103.170.15.72200 OK 581 kB URL HTTP/1.1 638236rpn.com/da4fca5f2b554096b6d3d4c2c2ea7828.gif
IP 103.170.15.72:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 750 x 100\012- data
Size 581 kB (581233 bytes)
Hash b5d963f9872462dec11edaafecf3f31b
a5e2d29783771cd8cb1b8cc4881733813147ceda
934310664e769574317024d8a83aaa6d0d73ef2b243dcc9dd7ace18efe84baea
Analyzer Verdict Alert quad9 Sinkholed
GET /da4fca5f2b554096b6d3d4c2c2ea7828.gif HTTP/1.1
Host: 638236rpn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63773c5c-8de71"
Date: Fri, 18 Nov 2022 12:21:50 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 18 Nov 2022 08:03:40 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-02
Content-Length: 581233
398375178.com/fa3e0ddb2ff640acbd0ad3863036c189.gif
47.75.19.145200 OK 31 kB URL HTTP/1.1 398375178.com/fa3e0ddb2ff640acbd0ad3863036c189.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 180 x 180\012- data
Hash df8680f8a205a27ffa3a908100aae066
f1089fd39ae9c1dc935392fcf8a24f69e7e2084b
6afaf2d4840f8151e6b21f67272185a25ad2fe99b4e01cc98822a62aee6c1b6e
GET /fa3e0ddb2ff640acbd0ad3863036c189.gif HTTP/1.1
Host: 398375178.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: image/gif
Content-Length: 30842
Connection: keep-alive
x-oss-request-id: 638091F88A23F73131E708C1
Accept-Ranges: bytes
ETag: "DF8680F8A205A27FFA3A908100AAE066"
Last-Modified: Thu, 10 Nov 2022 09:23:18 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12168794102283187344
x-oss-storage-class: Standard
Content-MD5: 34aA+KIFon/6OpCBAKrgZg==
x-oss-server-time: 1
sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894286620122.gif
52.184.85.124200 OK 132 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894286620122.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 132 kB (131724 bytes)
Hash 6815a174b1da262bb85e17910991d3ed
cbf03ab57a46f9301dac7cd0f7cf99c777b686c7
d0089533769022907251b9dd2fbd0c51fbd14b1326dda3cc2d990c1931fabc01
GET /static/uploads/image/x26/20221004/1664894286620122.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:53:20 GMT
ETag: "1667494400"
Expires: Sat, 03 Dec 2022 16:53:20 GMT
Last-Modified: Thu, 03 Nov 2022 16:53:20 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
267827wnc.com/a455af4f310f4cb78c567eafc6d017a5.gif
45.61.212.216200 OK 792 kB URL HTTP/1.1 267827wnc.com/a455af4f310f4cb78c567eafc6d017a5.gif
IP 45.61.212.216:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 792 kB (792073 bytes)
Hash 2816c79b455d9e6a7422c4672783bfc2
5a25b2bffd6319852ae2519dd26067bcd5d2406d
10316406e8574d5f3152aad8a4f60c2f87e1b0154ac2c5049cc2f9f5dce416fb
Analyzer Verdict Alert quad9 Sinkholed
GET /a455af4f310f4cb78c567eafc6d017a5.gif HTTP/1.1
Host: 267827wnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b91cb-c1609"
Date: Thu, 17 Nov 2022 20:22:12 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:24:43 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-16
Content-Length: 792073
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/4a/fba97a5491e68fcca4cdee4b87d629.gif?attname=0103d120009h1026r1BFC.gif
47.75.19.145200 OK 873 kB URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/4a/fba97a5491e68fcca4cdee4b87d629.gif?attname=0103d120009h1026r1BFC.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Size 873 kB (873044 bytes)
Hash 4afba97a5491e68fcca4cdee4b87d629
09e1dddabf60e12cbd368c2df9d6474f703d7a2f
23861d601f540f738c33eebd6821fef3a74e1f6d5540d939d8a07c08f40bcd19
GET /4a/fba97a5491e68fcca4cdee4b87d629.gif?attname=0103d120009h1026r1BFC.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:18 GMT
Content-Type: image/gif
Content-Length: 873044
Connection: keep-alive
x-oss-request-id: 638091F6E46B16393301F527
Accept-Ranges: bytes
ETag: "4AFBA97A5491E68FCCA4CDEE4B87D629"
Last-Modified: Mon, 18 Jul 2022 12:32:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7891666003124264077
x-oss-storage-class: Standard
Content-Disposition: inline;filename=0103d120009h1026r1BFC.gif
Content-MD5: SvupelSR5o/MpM3uS4fWKQ==
x-oss-server-time: 2
287335kmu.com/d408cd44ac6b4add92fe94f78d7f66e5.gif
45.61.212.55200 OK 1.0 MB URL HTTP/1.1 287335kmu.com/d408cd44ac6b4add92fe94f78d7f66e5.gif
IP 45.61.212.55:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.0 MB (1020091 bytes)
Hash b3aedc862671b2fa2e2922fadaa38add
8134113e40aa47b7b0508e81c447ccea8c10e7c0
d60a38f60cbd8cc782d6ecaf7c076dea16bf5eddfdc064d0aa4c03a440d236aa
Analyzer Verdict Alert quad9 Sinkholed
GET /d408cd44ac6b4add92fe94f78d7f66e5.gif HTTP/1.1
Host: 287335kmu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635ba188-f90bb"
Date: Wed, 09 Nov 2022 12:10:57 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 09:31:52 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-25
Content-Length: 1020091
www.gfngus-fd5fsfr.cc/ssiq/qq1.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/qq1.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
GET /ssiq/qq1.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 14:48:08 GMT
vary: Accept-Encoding
etag: W/"637e32a8-3061"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/04/4bef20fb6191fd19a6279928fe0dbf.gif?attname=960x120px+.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/04/4bef20fb6191fd19a6279928fe0dbf.gif?attname=960x120px+.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /04/4bef20fb6191fd19a6279928fe0dbf.gif?attname=960x120px+.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: image/gif
Content-Length: 540956
Connection: keep-alive
x-oss-request-id: 638091F89DB5783936E51794
Accept-Ranges: bytes
ETag: "044BEF20FB6191FD19A6279928FE0DBF"
Last-Modified: Fri, 02 Sep 2022 10:56:22 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1695515477309922558
x-oss-storage-class: Standard
Content-Disposition: inline;filename=960x120px%20.gif
Content-MD5: BEvvIPthkf0ZpieZKP4Nvw==
x-oss-server-time: 2
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: image/gif
Content-Length: 463098
Connection: keep-alive
x-oss-request-id: 638091F7DA8A793338A3D39F
Accept-Ranges: bytes
ETag: "7DAA17E173A4C65DF1EC1B23879A2D31"
Last-Modified: Fri, 13 May 2022 15:18:43 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 235009922681292474
x-oss-storage-class: Standard
Content-Disposition: inline;filename=571.gif
Content-MD5: faoX4XOkxl3x7Bsjh5otMQ==
x-oss-server-time: 2
701.oss-cn-hongkong.aliyuncs.com/gg/150X150-2.gif
47.75.19.251200 OK 0 B URL HTTP/1.1 701.oss-cn-hongkong.aliyuncs.com/gg/150X150-2.gif
IP 47.75.19.251:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /gg/150X150-2.gif HTTP/1.1
Host: 701.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: image/gif
Content-Length: 302941
Connection: keep-alive
x-oss-request-id: 638091F7B374843831626A42
Accept-Ranges: bytes
ETag: "849D3B77A87512FB8E63DE7FE770A145"
Last-Modified: Tue, 21 Jun 2022 08:13:57 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12517348424964693894
x-oss-storage-class: Standard
Content-MD5: hJ07d6h1EvuOY95/53ChRQ==
x-oss-server-time: 2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894256451036.gif
52.184.85.124200 OK 0 B URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894256451036.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/uploads/image/x22/20221004/1664894256451036.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:12:17 GMT
ETag: "1667491937"
Expires: Sat, 03 Dec 2022 16:12:17 GMT
Last-Modified: Thu, 03 Nov 2022 16:12:17 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
img.1203555.com/images/63760e067d37113108afb906.gif
91.199.87.220302 Found 0 B URL HTTP/2 img.1203555.com/images/63760e067d37113108afb906.gif
IP 91.199.87.220:0
GET /images/63760e067d37113108afb906.gif HTTP/1.1
Host: img.1203555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/4cc6e027ff07440b86b4c8f810e13446
cache-control: max-age=3600
X-Firefox-Spdy: h2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894380503898.gif
52.184.85.124200 OK 0 B URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894380503898.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/uploads/image/x22/20221004/1664894380503898.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:40:42 GMT
ETag: "1667486442"
Expires: Sat, 03 Dec 2022 14:40:42 GMT
Last-Modified: Thu, 03 Nov 2022 14:40:42 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
www.gfngus-fd5fsfr.cc/ssiq/sq.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/sq.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
GET /ssiq/sq.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:17 GMT
content-type: application/javascript
last-modified: Sun, 20 Nov 2022 08:52:40 GMT
vary: Accept-Encoding
etag: W/"6379ead8-f81"
expires: Fri, 25 Nov 2022 21:59:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.shifangshike.com/gif22.gif
192.151.223.74200 OK 0 B URL HTTP/1.1 img.shifangshike.com/gif22.gif
IP 192.151.223.74:0
GET /gif22.gif HTTP/1.1
Host: img.shifangshike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: image/gif
Content-Length: 51613
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 14:19:12 GMT
ETag: "630784e0-c99d"
Expires: Tue, 29 Nov 2022 18:49:11 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/ed/0edcd2a1e03138d9f20969b680923c.gif?attname=960x60.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/ed/0edcd2a1e03138d9f20969b680923c.gif?attname=960x60.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /ed/0edcd2a1e03138d9f20969b680923c.gif?attname=960x60.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: image/gif
Content-Length: 278301
Connection: keep-alive
x-oss-request-id: 638091F7FC567C36389B251B
Accept-Ranges: bytes
ETag: "ED0EDCD2A1E03138D9F20969B680923C"
Last-Modified: Sat, 03 Sep 2022 08:26:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13760466319862843894
x-oss-storage-class: Standard
Content-Disposition: inline;filename=960x60.gif
Content-MD5: 7Q7c0qHgMTjZ8glptoCSPA==
x-oss-server-time: 2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894322248517.gif
52.184.85.124200 OK 0 B URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894322248517.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/uploads/image/x22/20221004/1664894322248517.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:53:00 GMT
ETag: "1667494383"
Expires: Sat, 03 Dec 2022 16:53:00 GMT
Last-Modified: Thu, 03 Nov 2022 16:53:03 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
398375178.com/f6bc409c34864843ac2d579851def759.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 398375178.com/f6bc409c34864843ac2d579851def759.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /f6bc409c34864843ac2d579851def759.gif HTTP/1.1
Host: 398375178.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: image/gif
Content-Length: 161611
Connection: keep-alive
x-oss-request-id: 638091F81F856337304C2FD5
Accept-Ranges: bytes
ETag: "4666EA4F8137600EF53345C02188DD19"
Last-Modified: Wed, 16 Nov 2022 15:29:10 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1732053763189643994
x-oss-storage-class: Standard
Content-MD5: RmbqT4E3YA71M0XAIYjdGQ==
x-oss-server-time: 1
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894518194257.gif
52.184.85.124200 OK 0 B URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894518194257.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/uploads/image/x22/20221004/1664894518194257.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:42:01 GMT
ETag: "1667486521"
Expires: Sat, 03 Dec 2022 14:42:01 GMT
Last-Modified: Thu, 03 Nov 2022 14:42:01 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/14/2da2f849b5ba3ca1a2a94c96d636f0.gif?attname=960X60%E6%A3%8B%E7%89%8C.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/14/2da2f849b5ba3ca1a2a94c96d636f0.gif?attname=960X60%E6%A3%8B%E7%89%8C.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /14/2da2f849b5ba3ca1a2a94c96d636f0.gif?attname=960X60%E6%A3%8B%E7%89%8C.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: image/gif
Content-Length: 125054
Connection: keep-alive
x-oss-request-id: 638091F7F27FBE343223252B
Accept-Ranges: bytes
ETag: "142DA2F849B5BA3CA1A2A94C96D636F0"
Last-Modified: Mon, 17 Oct 2022 13:06:10 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12564824308862032824
x-oss-storage-class: Standard
Content-Disposition: inline;filename=960X60%E6%A3%8B%E7%89%8C.gif
Content-MD5: FC2i+Em1ujyhoqlMltY28A==
x-oss-server-time: 2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894599409102.gif
52.184.85.124200 OK 0 B URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894599409102.gif
IP 52.184.85.124:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/uploads/image/x22/20221004/1664894599409102.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:43:22 GMT
ETag: "1667486603"
Expires: Sat, 03 Dec 2022 14:43:22 GMT
Last-Modified: Thu, 03 Nov 2022 14:43:23 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
www.gfngus-fd5fsfr.cc/ssiq/qq2.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/qq2.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
GET /ssiq/qq2.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 13:51:13 GMT
vary: Accept-Encoding
etag: W/"63778dd1-273b"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.gfngus-fd5fsfr.cc/ssiq/dh.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/dh.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
GET /ssiq/dh.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 11:06:34 GMT
vary: Accept-Encoding
etag: W/"637cad3a-2c2c"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.gfngus-fd5fsfr.cc/ssiq/tz.js
154.208.100.15200 OK 0 B URL HTTP/2 www.gfngus-fd5fsfr.cc/ssiq/tz.js
IP 154.208.100.15:0
ASN #134548 DXTL Tseung Kwan O Service
GET /ssiq/tz.js HTTP/1.1
Host: www.gfngus-fd5fsfr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:59:16 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 09:30:12 GMT
vary: Accept-Encoding
etag: W/"636cc4a4-86b"
expires: Fri, 25 Nov 2022 21:59:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
398375178.com/c310ce984d314cde8c4c930fd85d15a4.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 398375178.com/c310ce984d314cde8c4c930fd85d15a4.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /c310ce984d314cde8c4c930fd85d15a4.gif HTTP/1.1
Host: 398375178.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:20 GMT
Content-Type: image/gif
Content-Length: 584025
Connection: keep-alive
x-oss-request-id: 638091F84C8B373233EAC609
Accept-Ranges: bytes
ETag: "EBF4EE75BBD43B703E1B1B861BA166E2"
Last-Modified: Wed, 16 Nov 2022 15:34:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9573701292697531384
x-oss-storage-class: Standard
Content-MD5: 6/TudbvUO3A+GxuGG6Fm4g==
x-oss-server-time: 1
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/1e/71c933aabc1e9f07e769996c8ab221.gif?attname=05.gif
47.75.19.145200 OK 0 B URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/1e/71c933aabc1e9f07e769996c8ab221.gif?attname=05.gif
IP 47.75.19.145:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /1e/71c933aabc1e9f07e769996c8ab221.gif?attname=05.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://38.239.194.4/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 25 Nov 2022 09:59:19 GMT
Content-Type: image/gif
Content-Length: 232787
Connection: keep-alive
x-oss-request-id: 638091F722AAFC35352F5611
Accept-Ranges: bytes
ETag: "1E71C933AABC1E9F07E769996C8AB221"
Last-Modified: Sat, 03 Sep 2022 08:18:37 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6712043708322284217
x-oss-storage-class: Standard
Content-Disposition: inline;filename=05.gif
Content-MD5: HnHJM6q8Hp8H52mZbIqyIQ==
x-oss-server-time: 2