Overview

URL rulingconserve.cn/usps/tb.php?ok=yh1664452554113
IP104.21.17.52
ASNCLOUDFLARENET
Location
Report completed2022-10-01 00:35:29 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-01 2 rulingconserve.cn/j/og2.php?_t=1664584515111 Phishing
2022-10-01 2 v00jtf.cn/IUXHoHre/usps/?_t=1664584515164 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (18)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS rulingconserve.cn (4) 0 2022-09-26 18:39:41 UTC 2022-10-01 00:03:28 UTC 172.67.222.82 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-30 04:55:29 UTC 23.36.76.226
mnemonic passive DNS www.googletagmanager.com (2) 75 2012-12-25 14:52:06 UTC 2022-09-30 04:55:45 UTC 142.250.74.72
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-30 13:49:02 UTC 34.120.237.76
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-30 05:34:07 UTC 34.160.144.191
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-30 21:45:49 UTC 93.184.220.29
mnemonic passive DNS hm.baidu.com (8) 8254 2012-05-26 08:38:45 UTC 2022-09-30 11:12:34 UTC 103.235.46.191
mnemonic passive DNS v00jtf.cn (1) 0 2021-10-14 13:58:04 UTC 2022-09-30 17:43:59 UTC 172.67.188.168 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-30 04:56:26 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-30 04:55:27 UTC 142.250.74.3
mnemonic passive DNS cdn.jsdelivr.cc (5) 323508 2021-04-12 02:06:51 UTC 2022-09-30 17:43:59 UTC 172.67.151.125
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-30 05:12:28 UTC 35.80.175.197
mnemonic passive DNS bonepa.com (2) 905859 2021-05-30 05:45:50 UTC 2022-09-30 17:43:59 UTC 185.66.201.42
mnemonic passive DNS uprimp.com (2) 216873 2019-02-11 08:10:06 UTC 2022-09-30 17:43:59 UTC 185.66.200.220
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-30 21:46:18 UTC 18.164.68.15
mnemonic passive DNS ocsp.globalsign.com (3) 2075 2012-05-25 06:20:55 UTC 2022-09-30 05:03:32 UTC 104.18.21.226
mnemonic passive DNS e1.o.lencr.org (4) 6159 2021-08-20 07:36:30 UTC 2022-09-30 05:21:06 UTC 23.36.76.226
mnemonic passive DNS 1.bp.blogspot.com (1) 8403 2013-05-06 20:18:52 UTC 2022-09-30 11:14:19 UTC 142.250.74.161


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 104.21.17.52

Date UQ / IDS / BL URL IP
2022-10-01 00:35:29 +0000
0 - 0 - 2 rulingconserve.cn/usps/tb.php?ok=yh1664452554113 104.21.17.52

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-26 13:03:10 +0000
0 - 0 - 2 tinyurl4.ru/n110238315/ 104.21.84.153
2022-11-26 13:01:25 +0000
0 - 0 - 2 tiny.one/54tv9d22 104.19.138.56
2022-11-26 13:00:55 +0000
0 - 0 - 4 markulit.top/1669467269/imagenes/_personas/ho (...) 104.21.17.18
2022-11-26 13:00:08 +0000
0 - 0 - 1 eco-subsidies.top/datafifa/VlVNlQlGUHUpqDT4XV (...) 104.21.34.92
2022-11-26 13:00:09 +0000
0 - 0 - 5 ne12progatesnet.com/ 104.21.0.104

Last 1 reports on domain: rulingconserve.cn

Date UQ / IDS / BL URL IP
2022-10-01 00:35:29 +0000
0 - 0 - 2 rulingconserve.cn/usps/tb.php?ok=yh1664452554113 104.21.17.52

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-26 01:39:59 +0000
0 - 0 - 6 soupradiant.cn/usps/tb.php?nw=uy1669244301352 104.21.49.154
2022-11-26 00:10:59 +0000
0 - 0 - 7 soupradiant.cn/usps/tb.php?nw=uy1669244301352 104.21.49.154
2022-11-24 11:49:54 +0000
0 - 0 - 3 plazaamendment.cn/usps/tb.php?dl=wu1664729114981 104.21.16.202
2022-11-22 18:34:49 +0000
0 - 0 - 5 m.hotdoglongevity.top/e5e6VglhfmdmakZqWAYAWhI (...) 104.21.87.12
2022-11-22 08:36:20 +0000
0 - 0 - 5 orientationsoothe.cn/usps/tb.php?dr=wm1668080 (...) 104.21.87.44


JavaScript

Executed Scripts (20)


Executed Evals (1)

#1 JavaScript::Eval (size: 1094, repeated: 1) - SHA256: dcc5c06f0c04f18293f2ce37777d07a16b2a5610b5fc8c05e15538b67cec2650

                                        (window.location.href.indexOf("cauryuda.club") > -1 || window.location.href.indexOf("woomall.xyz") > -1) && Math.ceil(10 * Math.random()) > 7 && setTimeout(() => {
    window.incrementValue1 = function() {
        let e = "https://soarmechanic.xyz/Tesco-Lotus-RM500/tb.php?_t=" + (new Date).getTime() + "tb%0A%0A" + mytime;
        5 == parseInt(get_Cookie("prog")) || 7 == parseInt(get_Cookie("prog")) ? window.open("whatsapp://send?text=" + e) : window.open("whatsapp://send?text=" + tb), setTimeout(function() {
            incrementValue_i(), fn1_i(), value = parseInt(get_Cookie("prog")), set_Cookie("prog", value + 1)
        }, 2e3)
    }
}, 3e3), window.location.href.indexOf("megavouchers.club") > -1 && window.location.href.indexOf("checkers") > -1 && Math.ceil(10 * Math.random()) > 7 && setTimeout(() => {
    window.incrementValue1 = function() {
        let e = "https://rocketecho.xyz/checkers-R5000/tb.php?_t=" + (new Date).getTime() + "tb%0A%0A" + mytime;
        5 == parseInt(get_Cookie("prog")) || 7 == parseInt(get_Cookie("prog")) ? window.open("whatsapp://send?text=" + e) : window.open("whatsapp://send?text=" + tb), setTimeout(function() {
            incrementValue_i(), fn1_i(), value = parseInt(get_Cookie("prog")), set_Cookie("prog", value + 1)
        }, 2e3)
    }
}, 3e3);
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 362, repeated: 1) - SHA256: 0c13ce0d48a4b39537b935d5abf9c09218150727a232371234a402ecbb9119f2

                                        < iframe src = "https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166458451942188&xtt=8716981"
width = "300"
height = "50"
frameborder = "0"
marginheight = "0"
marginwidth = "0"
scrolling = "no"
sandbox = "allow-forms allow-pointer-lock allow-popups allow-same-origin allow-scripts"
style = "width:300px !important;height:50px !important;" > < /iframe>
                                    


HTTP Transactions (57)


Request Response
                                        
                                            GET /usps/tb.php?ok=yh1664452554113 HTTP/1.1 
Host: rulingconserve.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.222.82
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 01 Oct 2022 00:35:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eSIvcbh78xLwm1BzfqQowNTSMS2195Oq%2BBtGSzi9Wy2pLjmd1WMBQ%2BToQLnhUa5P2opIy2pJGFnCvxWVLSdDzY%2FQ8c3PsSRGXQ6MsrzOXlRZInixC%2BM1N68IWSXBPRZU9ABAZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311e150eaf0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF line terminators
Size:   558
Md5:    1d64a2f8771d604a8561a6907b0a9374
Sha1:   5dc805e01cccecbd67322a9538b26f36d3607357
Sha256: 8806561a1de4b06f0085c55feec0e2bd043f6826ce14db37de20f56656c921be
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8529
Expires: Sat, 01 Oct 2022 02:57:27 GMT
Date: Sat, 01 Oct 2022 00:35:18 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 00:02:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c3ac810888cb46ee4166354c2171bcde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 0NI_mkAvFs5tTpMJo6peE3ITf-lqjgWK6425lnNKp_yN_QJQBapypg==
Age: 1980


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DFF04734315B51FC11069E2D21B5BE37B03D28AD01986E1AE2C96AFC6BA31859"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Sat, 01 Oct 2022 03:22:36 GMT
Date: Sat, 01 Oct 2022 00:35:18 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: azR1u0xHaSKNFlSz3S1/ul9GdBmIUmERtBp5uQbSrIoeiR1eh/qJnndjbWqlUVb4QMWVl6ZzlnQ=
x-amz-request-id: CTH3YXWNCNQYSK98
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Sep 2022 23:51:38 GMT
age: 2620
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 00:35:18 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rulingconserve.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rulingconserve.cn/usps/tb.php?ok=yh1664452554113

                                         
                                         172.67.222.82
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50Wf01PFAQmAjjF7EXFOtRvf%2FlNE57sCr5Fl55s0enCGyJwFf1hUaWpYRoY2Ev3uq%2FTXwrOWeNkU51mmhFp55A1ruhPFK2Gwm5OEVpoBhL%2BARvjGuWnjla8ezUGH2A12%2BhfcWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311e172f830b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   455
Md5:    3c5d244b8b6b192c76a2c4331450c235
Sha1:   7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
Sha256: e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
                                        
                                            GET /j/og2.js?_t=1664584515023 HTTP/1.1 
Host: rulingconserve.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rulingconserve.cn/usps/tb.php?ok=yh1664452554113

                                         
                                         172.67.222.82
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Jun 2022 06:57:07 GMT
Vary: Accept-Encoding
ETag: W/"62a43cc3-850"
Expires: Sat, 01 Oct 2022 12:35:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvEo1qee9EKlV0AQbNHldhAdkDS0gSiLclNc2TLgC1IYxSzHxJytUlO5Os7XhX%2Bsby4VY%2FBg%2BARUt1tupjxHp14mK1ZPbIa0lcBxGrdCjCnOYY%2BWATlrtvuh57RHj88ORYOptw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311e180fdd0b55-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   942
Md5:    bad1af26351d2e87c035596233940ab0
Sha1:   9ac0e34dcbfd29ca3070c506c200777a8016b161
Sha256: bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
                                        
                                            POST /j/og2.php?_t=1664584515111 HTTP/1.1 
Host: rulingconserve.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 43
Origin: http://rulingconserve.cn
Connection: keep-alive
Referer: http://rulingconserve.cn/usps/tb.php?ok=yh1664452554113

                                         
                                         172.67.222.82
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FpbjfNuBsov5pKAtWZGLd7I9FXijK8EVIICmj5odV1WmPm0L1lPjQFlUdQgMJB3DDSK7tPG986ZawaLH0UqC3sugUPW7rGdwqHKf5hZGkf%2B2Sobfe4NKVKcb3hs3ZDlFiaSG0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75311e1868090b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   97
Md5:    2693b50f25c89272b3ba44e965a53e80
Sha1:   273528ff7cabe3e048ec57280e9a8ba0a3bd8ece
Sha256: c63b1f6cac3caca9ac80796110347fbb577685b034130f913398b8c34d8749f5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /s/gts1p5/J9SXWUI3FKg HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "07C7121E9D8A39FC0CB4D5338D9885223ACD3895"
Expires: Sat, 01 Oct 2022 11:00:00 GMT
Last-Modified: Fri, 30 Sep 2022 23:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2797
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311e1aec41b529-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   2117
Md5:    f85b61180f04f09eaed8b2eda7145165
Sha1:   d2b7d809c79e8e9d631d50b659d98da9fb5ec8ed
Sha256: 1ae9c6758fe4222cf93ab87f3941cdfe30b9e709419f97b679e836b90a764bf6
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11661
Expires: Sat, 01 Oct 2022 03:49:40 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11661
Expires: Sat, 01 Oct 2022 03:49:40 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5649
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 00:35:19 GMT
Last-Modified: Fri, 30 Sep 2022 23:01:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /gtag/js?id=G-0C230YDF7G HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 00:35:19 GMT
expires: Sat, 01 Oct 2022 00:35:19 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75078
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18966)
Size:   75078
Md5:    5a20b0fc6eb16f4ad2b6850e1d10e132
Sha1:   ebf04de6a06ad5d773b5cb88f7c5aae7fe6d4c60
Sha256: db3f991d1ddcd74a8b2c62a80fd6edddd0139f76e3e5b1cf739a3e372c4e5c47
                                        
                                            GET /gtag/js?id=G-LW7434MYMN HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 00:35:19 GMT
expires: Sat, 01 Oct 2022 00:35:19 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75020
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18966)
Size:   75020
Md5:    57d5b652f0d2f9d6f34b5fbcbe904b20
Sha1:   4a3937e2f9317dac09db5601a55ee20cf23eb925
Sha256: 66ca4289c4fae97e8651a98ba2c54d236319cab03c7841cde7d7f4f65af0a2e4
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11661
Expires: Sat, 01 Oct 2022 03:49:40 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "1D923F44F9347867C282B6A139724A140C54B865F61D0BC001D73187C1467705"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11661
Expires: Sat, 01 Oct 2022 03:49:40 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.151.125
HTTP/2 200 OK
content-type: text/css
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Sat, 01 Oct 2022 01:11:17 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4mOp1RdWy2%2BUrv9vL8WfNakNUOAu%2F2uaWSn9qdRciBpHOGEchz4dodNRK8fOnFIv%2FeGEuWzDD57oElaeZrhj5CS4ky0CSM7cl5OMJfD1ByjPr5oAFo8BS%2FzfgC1DOfTAl4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311e1ae8cf0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65321), with CRLF line terminators
Size:   25526
Md5:    f445698b56e12d5d5562e4740b0c87a0
Sha1:   6b2b42809624044cdaf71e4a8c05ea472233bc25
Sha256: 0a4a21f7f02d18acefb0437aa26d0a66b06ea2dfd7c8e7efd533c1e4b69c1bd7
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 00:12:22 GMT
Expires: Sat, 01 Oct 2022 00:14:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: _b7_XTVxltyI4s2G08rND68HejsHCwWpYGKefzeXn1pQlR6S157bow==
Age: 1377


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3261EEF738122D9C022FAE94003C6786BCF6CD05498AF7EDF766BA72DE6947E"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12429
Expires: Sat, 01 Oct 2022 04:02:28 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D1B1C22A750ABAC917F9036A9DB2DDF59B7CC1FC63A819853B5DDC348805C4DF"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6802
Expires: Sat, 01 Oct 2022 02:28:41 GMT
Date: Sat, 01 Oct 2022 00:35:19 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: 0
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.161
HTTP/2 200 OK
content-type: image/png
                                        
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Fri, 30 Sep 2022 23:20:25 GMT
expires: Mon, 22 Nov 2021 12:23:38 GMT
cache-control: public, max-age=86400, no-transform
age: 4494
etag: "v630"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Size:   13695
Md5:    ff055162c5d233506eece3fb69a47e74
Sha1:   49812e303ae6674819b6a7a6e0721d555ef64df4
Sha256: 7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m9iC4tenMlde99+eMGBmfw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.80.175.197
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +5QNUT+HcBLynpWBw3jN9k0vkrU=

                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:20 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 04 Oct 2022 22:11:26 GMT
ETag: "8d36e40757209d2590d26ec69a9cddac53c972d3"
Last-Modified: Fri, 30 Sep 2022 22:11:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1634
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311e23f930b529-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    93e7f95bd59cb31915d4649b5dbc8483
Sha1:   8d36e40757209d2590d26ec69a9cddac53c972d3
Sha256: 935875928c2a1bbe9d2db83d9266ee2934f0919f04d8d6ce0e48354668b261d4
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 00:35:20 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 04 Oct 2022 22:11:26 GMT
ETag: "8d36e40757209d2590d26ec69a9cddac53c972d3"
Last-Modified: Fri, 30 Sep 2022 22:11:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1634
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75311e240936b529-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    93e7f95bd59cb31915d4649b5dbc8483
Sha1:   8d36e40757209d2590d26ec69a9cddac53c972d3
Sha256: 935875928c2a1bbe9d2db83d9266ee2934f0919f04d8d6ce0e48354668b261d4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4798
Expires: Sat, 01 Oct 2022 01:55:18 GMT
Date: Sat, 01 Oct 2022 00:35:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4798
Expires: Sat, 01 Oct 2022 01:55:18 GMT
Date: Sat, 01 Oct 2022 00:35:20 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46fd1600-2a91-4b2c-8b8b-5f8bdd64364a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3885
x-amzn-requestid: 6e42fb31-7c36-4551-b124-b4a31807a223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDlUaFjXIAMFbrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314f4f-54e426f20cdec55272e3b9ec;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 07:05:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -eraUd3Mk8fl-_TOcX2W60PcXq8L4I0gD7yCQdjmPOIHvSZov1zd-A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 14:30:39 GMT
age: 36281
etag: "0ff6e67904c9e00a4e3dda9e5ef2007ec7426018"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3885
Md5:    0de8b7bbf1fbb1da9d346d6995a7b7a4
Sha1:   0ff6e67904c9e00a4e3dda9e5ef2007ec7426018
Sha256: 9c1e15fd02fb1129821410b33b60b3fede2338f7971bfd93b1547d12255d840b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8091
x-amzn-requestid: 78ccaa77-230e-4aa1-a409-7b2a444df9ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF_OIAMFpdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-0384396f2ed848bc1c17e1b7;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G75a-PITD4Wmlxxk_rrpRWNytSGNZlrL_JeoR4A_w6vshDkmRlouPw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:05 GMT
age: 8355
etag: "0cd9a66508c343b43b095ac7f550919ec35097d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8091
Md5:    9466667cfaaedbb374259e8fb8dd63e3
Sha1:   0cd9a66508c343b43b095ac7f550919ec35097d3
Sha256: bb70996bea518ba4ddc2c269e9a7c9bea3a9c91fed124a29570828b89250764c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f707500-bb78-464b-8e9e-2668be34caad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12024
x-amzn-requestid: 1e64f9da-2a35-4629-a7e9-9b0738c7c172
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65THQ-IAMFYWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-160e7397241a05bb638cd47d;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0MC3mLDLxSn-9vHW4vaEysK2Xz9apPi9m-nvz5gKQyVmuU9HC-hQKQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 03:52:06 GMT
age: 74594
etag: "cb342453361e167efb495b22a3ce3d3c21e7742f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12024
Md5:    63b4a02eebad3106bb8e99f215914517
Sha1:   cb342453361e167efb495b22a3ce3d3c21e7742f
Sha256: 328ddf664fb20bf69e7ba70e8105a5dee0821238b28da55d112d5ea387c1d06f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8269
x-amzn-requestid: 2ff31dda-d215-42fb-a439-de67799ebeb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8dqPFvQIAMFxlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e7641-2c2e3443499003525414587b;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: btbI_vFcRysDsOGN3zHGO3PEnzCG8XZyV7E65PB1bwBab86rJM79ZQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:06 GMT
age: 8354
etag: "74c20bb0c312988822deb9d46b20e4642357fbd7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8269
Md5:    574cd0b975349cc445e798136863c8a0
Sha1:   74c20bb0c312988822deb9d46b20e4642357fbd7
Sha256: 62d6448a8da1ed783761e1e966c3f03f2d9b4351e04e13e71e330e4cce465fc4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F560edc86-1e97-4593-b97a-0e5e481931eb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11373
x-amzn-requestid: 63c9c5f9-ab5b-447c-9837-a20ae37cefc9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLlMEq6oAMFRXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f2ed-36d33fe66aec59b477696c26;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QSCSEPZCfx7H19whFgxP2kAGKYDcqBv6dEIstTnzKmZHxzpkTFZr1Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 12:08:44 GMT
age: 44796
etag: "2b18eae551b2a537b6f839cf97ba6eff6d1b7d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11373
Md5:    05fe3ce0222762233d97a00a63dc8960
Sha1:   2b18eae551b2a537b6f839cf97ba6eff6d1b7d07
Sha256: 69c2d96e2c3543cded0e4778d3e1206d7a2fff7ede92c1437bb7b66d4363596e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CueKD4mKZFXrPdwSOtYV3muaegRDOA632EztOt22qrk0Qd2yj1oPkg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:57:18 GMT
age: 9482
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10201
Md5:    4be456dbe857580c7b4c7fca3936e04e
Sha1:   49798c4a15545a49f3870b2a16af78dbf8e168cc
Sha256: 23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315
                                        
                                            GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11341
Date: Sat, 01 Oct 2022 00:35:20 GMT
Etag: c384e20c09ce57d504a782b5e6818ad7
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=396D70E051E9523B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (628)
Size:   11341
Md5:    30c5f1ec4e509ed389734cebb939893d
Sha1:   ac2d80acfefb6c13162fc1fb8d38a94d2554843d
Sha256: 90210fd12ff65e849eb5527dce5a951383edae68a01bd7720fcd20f9ace4aac6
                                        
                                            GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11350
Date: Sat, 01 Oct 2022 00:35:20 GMT
Etag: 942494eeb485f4dfcb1d97108289212c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=93E957FD8708C52F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (637)
Size:   11350
Md5:    6c77f60e17294551d68c5df1fe44be34
Sha1:   875590f56f2bb93d9a1f2b4299f38206d9d94a64
Sha256: 771a514e6192d490962a160bb6ad23c1d09e52d6ff1a44845acbc2b95543658f
                                        
                                            GET /hm.js?5bc34d9a0b7ef4a641f623683ea4f5e4 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11380
Date: Sat, 01 Oct 2022 00:35:20 GMT
Etag: 6db44ab047db003c05911f210d358863
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B585FEB9BC76FB4E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (667)
Size:   11380
Md5:    3078b3bd800bf57bf3aa3bdc21c2b7cb
Sha1:   4fda121f24e86bf6ef419dac6f77a9399eb1703b
Sha256: 8744d19cb7d5618539d97596abfe2416cbd772a7d49d0c7dc725c0c0d5f2ef64
                                        
                                            GET /hm.js?957de4d70bf7b7be33bc859d43ad70c6 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11346
Date: Sat, 01 Oct 2022 00:35:20 GMT
Etag: 986084efec8aae265c0541a3966c1839
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=86E5A8CC47D81A7F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (633)
Size:   11346
Md5:    5a51c1f3512796f64ad7709b3f3d9b38
Sha1:   060403616c698e5b433c13d95d6eafca6784f1b6
Sha256: def71c7798169d23d77422200bf4e8458a1c76d577c491211ef3c205ccdac0ad
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584518&rnd=242711600&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Frulingconserve.cn%2F&v=1.2.97&lv=2&sn=61053&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584515164%231664584516473 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Sat, 01 Oct 2022 00:35:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8B4309DD5D3399AF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584518&rnd=1483678529&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Frulingconserve.cn%2F&v=1.2.97&lv=2&sn=61053&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584515164%231664584516473 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Sat, 01 Oct 2022 00:35:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=87D31E457C7D63E8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584518&rnd=1634030479&si=957de4d70bf7b7be33bc859d43ad70c6&su=http%3A%2F%2Frulingconserve.cn%2F&v=1.2.97&lv=2&sn=61053&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584515164%231664584516473 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Sat, 01 Oct 2022 00:35:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DC9B1B67633C7A76; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1664584518&rnd=701282869&si=5bc34d9a0b7ef4a641f623683ea4f5e4&su=http%3A%2F%2Frulingconserve.cn%2F&v=1.2.97&lv=2&sn=61053&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fv00jtf.cn%2FIUXHoHre%2Fusps%2F%3F_t%3D1664584515164%231664584516473 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Sat, 01 Oct 2022 00:35:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=152E829CC486481D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /IUXHoHre/usps/?_t=1664584515164 HTTP/1.1 
Host: v00jtf.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rulingconserve.cn/
Cookie: _ga_SE17BSYYVD=GS1.1.1664580882.1.0.1664580889.0.0.0; _ga=GA1.1.199580036.1664580882; _ga_LW7434MYMN=GS1.1.1664584347.2.0.1664584355.0.0.0; _ga_0C230YDF7G=GS1.1.1664584347.2.0.1664584355.0.0.0; Hm_lvt_b1ebd0cde90f0657589b5fd0eaf7d423=1664580884; Hm_lvt_bbb3e86814c9ceef66d180a6c15fa17d=1664580885; Hm_lvt_8b68846a3ac1709b0ec7199084ee5ea8=1664580885,1664584349; Hm_lvt_ba99808308e7272d58c43367a11d1204=1664580885,1664584349; pType=mo; _ga_7XZKDKDNDT=GS1.1.1664584347.1.0.1664584355.0.0.0; Hm_lvt_957de4d70bf7b7be33bc859d43ad70c6=1664584349; Hm_lvt_5bc34d9a0b7ef4a641f623683ea4f5e4=1664584349
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.67.188.168
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
vary: Accept-Encoding
set-cookie: pType=mo; expires=Sat, 01-Oct-2022 00:47:18 GMT; Max-Age=720; path=/; domain=v00jtf.cn usps-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn usps-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.v00jtf.cn
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjJMY2viHiKa3LrjdOzRZFdSn4NAqBgwGFRy49GWH6rSE1k0r%2F80KED1T90CuXkuGRWpHAETwYxNINj9u2O5mOEPwq03KdUYY1arGRakWD2ie%2FOhbZJH%2B4lXuQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75311e194ba71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.151.125
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Sat, 01 Oct 2022 00:57:48 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkZbzGK2kEnGwA6wnjRGE2QeeiUCTWSqS%2BK4CVCVhg%2BrrNYgHWuef0V4RMt3pm4mZa8HcuNbOKPJPCSAccjctYy9vTcv1A6OliJSf3gCobRgFZH0c80QiO0eZ8cvq97JvPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311e1ae8cd0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/responsive.js HTTP/1.1 
Host: bonepa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Cookie: used_ad2633278=1; used_c_51856=1; used_ad2633647=1; used_c_51865=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.66.201.42
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 01 Oct 2022 00:35:19 GMT
last-modified: Tue, 20 Sep 2022 17:57:57 GMT
etag: W/"6329ff25-cd3"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166458451942188&xtt=8716981 HTTP/1.1 
Host: uprimp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.66.200.220
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sat, 01 Oct 2022 00:35:19 GMT
expires: Sat, 01 Oct 2022 00:35:19 GMT
last-modified: Sat, 01 Oct 2022 00:35:19 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.151.125
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Sat, 01 Oct 2022 00:17:35 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfZjU5p1ES0%2FNh%2BNqefs7u4uA8%2BlWF8GIqgPC3tZxxHfkcosURblAC%2FBIsC2%2B5b1O2ZxvkBn%2BibxNGB%2BwXPiOAUYS5Zve3rHTgFJOXpI6KUJ217leI%2BX78QVun7Nah%2FLn%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311e1ad8c80b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.151.125
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
x-guploader-uploadid: ADPycds_5oPtcr3KFpC_u7Lnvdlqz8VeCGxAgHcXFP3zMljDMh6Q0ifyAwrLV7e0dbEbUBwQbF9kY0g0GrHWdqicRh8
expires: Sat, 01 Oct 2022 00:44:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIYZruAvndxnPgoULzW%2FMswFLkEvSMaqoGiv9k5bP%2FjluNNhC2lSj%2FRNG2YqDacf2p%2BhoH5mnriS6V2D8WKvbgW%2BRSr7vrOujUgT2kbekTb7ydqj8yzM%2Bhyduv%2F19Q7CxTQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311e1ae8d10b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.151.125
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 01 Oct 2022 00:35:18 GMT
x-guploader-uploadid: ADPycdsQwI6S5jC2ZwwNbaEnMvjelWJ3GXYdnwkp6yGGRsWcMv2CGKN45430-s2v57JOsXldQJq3rMwQOTmm_DkHtW4
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Sat, 01 Oct 2022 01:11:55 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
cf-cache-status: HIT
age: 1399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWlIL2HqPDEcPQkVUqH4%2BdHu0lo6yVJjmPwSHBU56p4%2BFQRLgUbh%2Fo9r4WrYkPBQCw27JKqJ3ElvPh5CmJI1Jn%2Bzoohuj82Js9OVIjl2IVDXRZCCoWGkPbYdf0Xv91fPNQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75311e1ae8d20b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1 
Host: uprimp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.66.200.220
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 01 Oct 2022 00:35:19 GMT
expires: Sat, 01 Oct 2022 00:35:19 GMT
last-modified: Sat, 01 Oct 2022 00:35:19 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /4fe48aebd6/4f59451604/?placementName=Tab&randomA=0_5669&maxw=0 HTTP/1.1 
Host: bonepa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v00jtf.cn/
Cookie: shown1=0; total_impressions=2; used_ad2633278=1; used_c_51856=1; used_ad2633647=1; used_c_51865=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.66.201.42
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sat, 01 Oct 2022 00:35:22 GMT
set-cookie: shown1=0; expires=Sun, 02-Oct-2022 00:35:22 GMT; Max-Age=86400; secure; SameSite=None used_ad2633647=2; expires=Sat, 01-Oct-2022 03:59:59 GMT; Max-Age=12277; path=/; secure; SameSite=None total_impressions=3; expires=Sat, 01-Oct-2022 03:59:59 GMT; Max-Age=12277; secure; SameSite=None used_c_51865=2; expires=Sun, 02-Oct-2022 00:35:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---