r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18744
Expires: Fri, 16 Sep 2022 03:14:41 GMT
Date: Thu, 15 Sep 2022 22:02:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 21:10:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: z1wiU19LTAvvr0CZw6e0c-b3uInRswMP_Q29n3TicKMOEbdsBOV_4w==
Age: 3103
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZyRxD8auheC1jLYp_ZhCsjP7Ye-Fg9DGGKFIZRTgNAvi5QbVlNi90A==
age: 62822
X-Firefox-Spdy: h2
qtx5.com/
38.53.75.203301 Moved Permanently 0 B IP 38.53.75.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Sep 2022 22:02:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.qtx5.com/index.php
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 22:02:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 21:03:22 GMT
Expires: Thu, 15 Sep 2022 21:05:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oecghInF2AUneRnyuJx3N2llug3OF0077u-YCyRjq8mKmXeCLYPciQ==
Age: 3535
www.qtx5.com/index.php
38.53.75.203200 OK 5.3 kB IP 38.53.75.203:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (565), with CRLF, CR, NEL line terminators
Hash bd7c5c9d193e79f5c16bbe6bb6aa0a4b
70def32458c4d507e49701bec5dccca8126a00d5
af4d0e83f39f4e552000e350d8f6958b5236d55ce77624971c633b52d03406e4
Analyzer Verdict Alert fortinet Phishing
GET /index.php HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1517
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:02:18 GMT
Last-Modified: Thu, 15 Sep 2022 21:37:01 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
www.qtx5.com/common.js
38.53.75.203200 OK 1.4 kB IP 38.53.75.203:0
File type ASCII text, with very long lines (3368), with no line terminators
Hash 9039657128cb76f34d9429b74b681f42
055eee4d49fbf08e9630769b259482f6d583c5c5
53e1b9de594661582dd1ea82b84d2f84ed564c74d72e82017f4e7add0da88b02
Analyzer Verdict Alert fortinet Phishing
GET /common.js HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.qtx5.com/tj.js
38.53.75.203200 OK 100 B IP 38.53.75.203:0
File type HTML document, ASCII text, with no line terminators
Hash c19ea9add5f8d45fd6bdf71064787690
2442b71096caef0bff8ecda6632c6d98b8569e45
44eea7248d17583141c5993c74297d1f066bf884a64c44c70f7da7ebaf6595cc
Analyzer Verdict Alert fortinet Phishing
GET /tj.js HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: application/x-javascript
Content-Length: 100
Connection: keep-alive
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fmE9YrKbt2MO1cxGH+XpGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5BKMiik/y00h2CYuvBRDAFNBXf8=
www.qtx5.com/style.css
38.53.75.203200 OK 3.7 kB IP 38.53.75.203:0
File type assembler source, Non-ISO extended-ASCII text, with CRLF line terminators
Hash 868e3014bbabbb0a44c626c121366284
650efdb1415f1dd2d20ce96fd5a3a31b63b9fadb
d8777965662c22afa023ba6d1590bca97a73617481f398da2afb83bc9d98ea64
GET /style.css HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: text/css
Last-Modified: Fri, 02 Sep 2022 23:35:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63129331-3ffb"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
js.users.51.la/21431483.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21431483.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash a19420c383970df3899636ebbfeffb9a
ffdb7c726140e0d078c71871eb18d48a491c02b0
83c08d3c00a69e00bfcce83ead45be3a27b80ba598aadd416fbfa929750a88b3
GET /21431483.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/
HTTP/1.1 200 OK
Server: CloudWAF
Date: Thu, 15 Sep 2022 22:02:19 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=8ed8d18d4d719552a33; path=/
HWWAFSESTIME=1663279337317; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
www.mvtognfpxulybunyndtkobjmyz.com/js/yjx.js
198.16.51.2200 OK 1.8 kB URL HTTP/1.1 www.mvtognfpxulybunyndtkobjmyz.com/js/yjx.js
IP 198.16.51.2:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (447), with CRLF line terminators
Hash 9b490b92d1656c6fefce41b06105841e
d5da3439431ce467e0b1f28edcb595439feea2d6
5b416c035618b549f5e55f0b533ba4bac5dc75fdff50c15800d9bb136f71b299
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/yjx.js HTTP/1.1
Host: www.mvtognfpxulybunyndtkobjmyz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:19 GMT
Content-Type: application/javascript
Last-Modified: Tue, 29 Mar 2022 12:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6242ffc7-f42"
Expires: Fri, 16 Sep 2022 10:02:19 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.qtx5.com/UpFile/20140526122723398.JPG
38.53.75.203200 OK 123 kB URL HTTP/1.1 www.qtx5.com/UpFile/20140526122723398.JPG
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2010:10:24 16:02:15], baseline, precision 8, 567x425, components 3\012- data
Size 123 kB (123004 bytes)
Hash 66aac401381350c950c9b724b5a2f25b
44772a3659cc33699f7893d01e3a890decf087b1
74413669d59d5e2cda702f50e52f17b4a6ace48b7e9202b36ff2a7fae8d4c2c8
Analyzer Verdict Alert fortinet Phishing
GET /UpFile/20140526122723398.JPG HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 123004
Last-Modified: Fri, 02 Sep 2022 23:35:21 GMT
Connection: keep-alive
ETag: "63129339-1e07c"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/UpFile/20140526122656273.JPG
38.53.75.203200 OK 158 kB URL HTTP/1.1 www.qtx5.com/UpFile/20140526122656273.JPG
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2010:10:24 15:59:08], baseline, precision 8, 567x425, components 3\012- data
Size 158 kB (158282 bytes)
Hash 2cc3ba6c795b9d1fc126c58818e749ca
281d54ebd41fcba4845ba189b9e92739e7bb3916
638f479325d3956259896342c00f19040aa23cd911b500bf36cf80f836bf9fe8
Analyzer Verdict Alert fortinet Phishing
GET /UpFile/20140526122656273.JPG HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 158282
Last-Modified: Fri, 02 Sep 2022 23:35:23 GMT
Connection: keep-alive
ETag: "6312933b-26a4a"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/UpFile/20140526122757552.JPG
38.53.75.203200 OK 90 kB URL HTTP/1.1 www.qtx5.com/UpFile/20140526122757552.JPG
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2010:10:24 16:03:05], baseline, precision 8, 567x425, components 3\012- data
Hash 668253279a0266ef61137594f9fb3fbf
b04b747f9f40e09b4978fa17d79060a5dc3e4d85
09121a3828cb10d6f46e85365afc992fb4281ea95aae147bbff10a09ca7abaf1
Analyzer Verdict Alert fortinet Phishing
GET /UpFile/20140526122757552.JPG HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 90300
Last-Modified: Fri, 02 Sep 2022 23:35:20 GMT
Connection: keep-alive
ETag: "63129338-160bc"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/UpFile/20140526122825816.JPG
38.53.75.203200 OK 107 kB URL HTTP/1.1 www.qtx5.com/UpFile/20140526122825816.JPG
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2010:10:24 15:52:36], baseline, precision 8, 567x425, components 3\012- data
Size 107 kB (106968 bytes)
Hash 997c4a0a444d5ad87a8108ca81713287
aed7ecf9aab4108288696f885c3fb8f24453e8d9
4eb406d3f9b54e87854b80b12a55edc56a445d8c4317a50dff1a3072bfca5f2b
Analyzer Verdict Alert fortinet Phishing
GET /UpFile/20140526122825816.JPG HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 106968
Last-Modified: Fri, 02 Sep 2022 23:35:20 GMT
Connection: keep-alive
ETag: "63129338-1a1d8"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/images/101.gif
38.53.75.203200 OK 52 B URL HTTP/1.1 www.qtx5.com/images/101.gif
IP 38.53.75.203:0
File type GIF image data, version 89a, 3 x 5\012- data
Hash c7ab8831b99887b14204901deaab04c7
fa28cf555a46314c1fc5b1027eabe50ff1205b39
f4a68cf4530ffd1a57332f4d098d2a68ccd6e461c5b6bee60fc77d2b2c43566e
GET /images/101.gif HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:28 GMT
Content-Type: image/gif
Content-Length: 52
Last-Modified: Fri, 02 Sep 2022 23:35:12 GMT
Connection: keep-alive
ETag: "63129330-34"
Expires: Tue, 20 Sep 2022 22:02:28 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.mvtognfpxulybunyndtkobjmyz.com/yjx_data.php?zq=yjx&val=smplink&t=0.4501459344929015?v=06212259953403644
198.16.51.2200 OK 58 B URL HTTP/1.1 www.mvtognfpxulybunyndtkobjmyz.com/yjx_data.php?zq=yjx&val=smplink&t=0.4501459344929015?v=06212259953403644
IP 198.16.51.2:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7fa295e3f5bc6eaf6464b8eb869e1f4b
2a0453443020ff8affd011ffbb34abf5b74aada1
00dfc3f8e91fc58bea92e6df0914c12443de44e83e5aa16842a3b9e3ba6df698
Analyzer Verdict Alert quad9 Sinkholed
GET /yjx_data.php?zq=yjx&val=smplink&t=0.4501459344929015?v=06212259953403644 HTTP/1.1
Host: www.mvtognfpxulybunyndtkobjmyz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.qtx5.com
Connection: keep-alive
Referer: http://www.qtx5.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:19 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
ia.51.la/go1?id=21431483&rt=1663279323545&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a&ing=1&ekc=&sid=1663279323545&tt=%25E5%258F%25B0%25E5%25B1%25B1%25E6%258E%25B7%25E4%25BE%2597%25E7%2594%25B5%25E5%25AD%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a%25E8%25A7%2586%25E9%25A2%2591%25E5%2585%258D%25E8%25B4%25B9%25E6%2594%25BE%252C%25E4%25BA%259A%25E6%25B4%25B2%25E5%259B%25BD%25E4%25BA%25A7%25E6%25AC%25A7%25E7%25BE%258E%25E5%258A%25A8%25E6%25BC%25AB%25E4%25BA%25BA%25E6%2588%2590%25E5%259C%25A8%25E7%25BA%25BF%252C%25E5%259B%25BD%25E4%25BA%25A7%25E5%2588%25B6%25E6%259C%258D%25E4%25B8%259D%25E8%25A2%259C%25E6%2597%25A0%25E7%25A0%2581%25E8%25A7%2586%25E9%25A2%2591%252C%25E7%25BB%25BC%25E5%2590%2588%25E5%259B%25BE%25E5%258C%25BA%25E4%25BA%259A%25E4%25B8%2580%25E6%25B4%25B2%25E7%25BB%25BC%25E5%2590%2588%25E7%25BD%2591&cu=http%253A%252F%252Fwww.qtx5.com%252Findex.php&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21431483&rt=1663279323545&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a&ing=1&ekc=&sid=1663279323545&tt=%25E5%258F%25B0%25E5%25B1%25B1%25E6%258E%25B7%25E4%25BE%2597%25E7%2594%25B5%25E5%25AD%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a%25E8%25A7%2586%25E9%25A2%2591%25E5%2585%258D%25E8%25B4%25B9%25E6%2594%25BE%252C%25E4%25BA%259A%25E6%25B4%25B2%25E5%259B%25BD%25E4%25BA%25A7%25E6%25AC%25A7%25E7%25BE%258E%25E5%258A%25A8%25E6%25BC%25AB%25E4%25BA%25BA%25E6%2588%2590%25E5%259C%25A8%25E7%25BA%25BF%252C%25E5%259B%25BD%25E4%25BA%25A7%25E5%2588%25B6%25E6%259C%258D%25E4%25B8%259D%25E8%25A2%259C%25E6%2597%25A0%25E7%25A0%2581%25E8%25A7%2586%25E9%25A2%2591%252C%25E7%25BB%25BC%25E5%2590%2588%25E5%259B%25BE%25E5%258C%25BA%25E4%25BA%259A%25E4%25B8%2580%25E6%25B4%25B2%25E7%25BB%25BC%25E5%2590%2588%25E7%25BD%2591&cu=http%253A%252F%252Fwww.qtx5.com%252Findex.php&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21431483&rt=1663279323545&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a&ing=1&ekc=&sid=1663279323545&tt=%25E5%258F%25B0%25E5%25B1%25B1%25E6%258E%25B7%25E4%25BE%2597%25E7%2594%25B5%25E5%25AD%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E5%2585%258D%25E8%25B4%25B9%25E5%259B%25BD%25E4%25BA%25A7%25E4%25B8%2580%25E7%25BA%25A7A%25E7%2589%2587%25E5%25B0%258F%25E8%25AF%25B4%252C%25E7%2599%25BE%25E5%25A7%2593%25E9%2598%2581baisex%25E7%25BB%25BC%25E5%2590%2588%25E5%258F%25A6%25E5%2586%2585%252C%25E6%25AC%25A7%25E7%25BE%258E%25E7%2588%25B1%25E7%2588%25B1a%25E8%25A7%2586%25E9%25A2%2591%25E5%2585%258D%25E8%25B4%25B9%25E6%2594%25BE%252C%25E4%25BA%259A%25E6%25B4%25B2%25E5%259B%25BD%25E4%25BA%25A7%25E6%25AC%25A7%25E7%25BE%258E%25E5%258A%25A8%25E6%25BC%25AB%25E4%25BA%25BA%25E6%2588%2590%25E5%259C%25A8%25E7%25BA%25BF%252C%25E5%259B%25BD%25E4%25BA%25A7%25E5%2588%25B6%25E6%259C%258D%25E4%25B8%259D%25E8%25A2%259C%25E6%2597%25A0%25E7%25A0%2581%25E8%25A7%2586%25E9%25A2%2591%252C%25E7%25BB%25BC%25E5%2590%2588%25E5%259B%25BE%25E5%258C%25BA%25E4%25BA%259A%25E4%25B8%2580%25E6%25B4%25B2%25E7%25BB%25BC%25E5%2590%2588%25E7%25BD%2591&cu=http%253A%252F%252Fwww.qtx5.com%252Findex.php&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/
HTTP/1.1 200
Server: CloudWAF
Date: Thu, 15 Sep 2022 22:02:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=70e532c2349137118d0; path=/
HWWAFSESTIME=1663279338214; path=/
www.qtx5.com/UpFile/20140526122914195.JPG
38.53.75.203200 OK 155 kB URL HTTP/1.1 www.qtx5.com/UpFile/20140526122914195.JPG
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2013:02:23 14:28:15], baseline, precision 8, 567x425, components 3\012- data
Size 155 kB (155356 bytes)
Hash 3333ba790d95526344434ac9ae1263c5
527fe163550623bfefdf17363babd04e637d63e4
d044672ee587b03113bcd171a2f6ef8badec862ee8df24596501a916790bdad7
Analyzer Verdict Alert fortinet Phishing
GET /UpFile/20140526122914195.JPG HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 155356
Last-Modified: Fri, 02 Sep 2022 23:35:18 GMT
Connection: keep-alive
ETag: "63129336-25edc"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/UpFile/20150521155450282.jpg
38.53.75.203200 OK 155 kB URL HTTP/1.1 www.qtx5.com/UpFile/20150521155450282.jpg
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2010:10:28 20:13:42], baseline, precision 8, 567x425, components 3\012- data
Size 155 kB (155138 bytes)
Hash 9f747ab2490baf2a3e793ec6b32f27f6
a04606e43340a2a90c46ea5d773aa7e1fdb81e4c
fa160624d37dab8b538bf1a8005d641919b4e13bc22e2478a1c8e75ca2c8e1d4
GET /UpFile/20150521155450282.jpg HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:27 GMT
Content-Type: image/jpeg
Content-Length: 155138
Last-Modified: Fri, 02 Sep 2022 23:35:20 GMT
Connection: keep-alive
ETag: "63129338-25e02"
Expires: Tue, 20 Sep 2022 22:02:27 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/images/index_2.jpg
38.53.75.203200 OK 4.8 kB URL HTTP/1.1 www.qtx5.com/images/index_2.jpg
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 324x9, components 3\012- data
Hash 631e354ef0c828e7f2fae35ce5681a45
42035b99b790722a5513f53b311219d0a87f83c1
c40576197fd6439eb70ca4a4fa5b187cbbaefa641ed7a5dffe6aca654c2618f6
GET /images/index_2.jpg HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:28 GMT
Content-Type: image/jpeg
Content-Length: 4844
Last-Modified: Fri, 02 Sep 2022 23:35:12 GMT
Connection: keep-alive
ETag: "63129330-12ec"
Expires: Tue, 20 Sep 2022 22:02:28 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
www.qtx5.com/images/index_3.jpg
38.53.75.203200 OK 9.0 kB URL HTTP/1.1 www.qtx5.com/images/index_3.jpg
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 171x29, components 3\012- data
Hash d80690d252ca7ab06416d2c863f1e39d
245315c6d07d1b682f8d5c698028e977e354a75f
5470eb479273b99a5694ec942e60866ce90fed5291c352905d57ae28cf770714
GET /images/index_3.jpg HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:28 GMT
Content-Type: image/jpeg
Content-Length: 8974
Last-Modified: Fri, 02 Sep 2022 23:35:13 GMT
Connection: keep-alive
ETag: "63129331-230e"
Expires: Tue, 20 Sep 2022 22:02:28 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Thu, 15 Sep 2022 23:43:13 GMT
Date: Thu, 15 Sep 2022 22:02:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Thu, 15 Sep 2022 23:43:13 GMT
Date: Thu, 15 Sep 2022 22:02:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Thu, 15 Sep 2022 23:43:13 GMT
Date: Thu, 15 Sep 2022 22:02:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Thu, 15 Sep 2022 23:43:13 GMT
Date: Thu, 15 Sep 2022 22:02:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6df210d4ad73c1cb4bf14a8b68aaaf6
50cb093cd31e53a67e0a27d9ce9439fbb8a03df8
832d746a04665e8fd808e02a3d4c4d2525fb55e8685f2c654836ebea37c4ca92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8551
x-amzn-requestid: fcb8406f-a0a4-463a-8d6c-86a465867db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUkiG2FIAMFQsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae9-4e2927b52b5ac3f907f52027;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f7ER8lbphHucpnBSlWF1oGktAVq-lmLrZQUtLCSXrkEYdhYYaX6W3g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:53 GMT
age: 986
etag: "50cb093cd31e53a67e0a27d9ce9439fbb8a03df8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6572617127bde36c63aa1163e3352688
d97c94761ed3c1fc84ab46dcc77405e7b8c7c71c
91fdabb99b1317407413b424f50ad025c0578a57d89a0f4c8228d91a36b8e6c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6820
x-amzn-requestid: 3aab395b-9355-4a3a-b033-73420df43ee5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUksFUxoAMFr4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239aea-5be8dbdf57158b0e37ee719f;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I8QSOY13buUN6y89zoSzcjZmV8EygMJUdiPiVouUi4a5LHBJ3AM3wQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 827
etag: "d97c94761ed3c1fc84ab46dcc77405e7b8c7c71c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1oFWsEaOq39GvXu3bHrB7jbl4DGKoTsUyNwHivGjRuCcjfG0KNH8iw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:11:55 GMT
age: 85824
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d242ded8ac40a1eb617303256d5f34eb
afbe7dae2d65763a004b5bddc697131762da7bf2
b4b08292f36acfca7df3710c29c184c5ff18592e6383eddc5582d302184fce59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 19e81e48-6501-4938-906c-60aa7acdb33a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUj5EE5oAMFvwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae5-3031e84f158e1ad94da4875b;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7sWzfcxt9YWCOnMbanWOiZhhv5DXzHDq8vBqd1AhMfxewBBS0ZtidA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:48 GMT
age: 991
etag: "afbe7dae2d65763a004b5bddc697131762da7bf2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9fef3c1097b92969fcc294811a33f46
c16977ad5fb61e8c52aa37d533838c94ce596981
58396de6acba67a8fabb6daa1d7b7d4805533bead82817a7e508e5aed6ad8c0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11592
x-amzn-requestid: 1cf5f5b3-66f5-41eb-8102-b72d493a4ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU_-GX5IAMFa3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b99-65f2aeda73539e0d624528a1;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NeO8zgpcu0D6sQfil9ysw-dFdHexnXblkSKnVTkq4pZrvVFpa1qCxA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 827
etag: "c16977ad5fb61e8c52aa37d533838c94ce596981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JAzbRqinDuqQuQoESEsL26c1Y1UTQ5tO1thL3ugE6LPQtNTWGaGTLg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 827
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.yjx84.top/
198.16.51.4200 OK 13 kB IP 198.16.51.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456), with CRLF, LF line terminators
Hash bfcda33030bd8d646e867fc460a38f98
9bd5da52c06ef11a09439eccc373d1714bcae890
1589ee9abdaac139d32d2f0204b54a2151c6c5279a62382a98a2e297ae00a168
GET / HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=bdni0sprfln555ngqvgqk3q6sr; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
www.yjx84.top/template/yjx/static/css/bootstrap.min.css
198.16.51.4200 OK 27 kB URL HTTP/1.1 www.yjx84.top/template/yjx/static/css/bootstrap.min.css
IP 198.16.51.4:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (493)
Hash 009318d8ae281e66da9d7eaf20de9350
5598f58336a95bd4208b7ebddeb204d43865a70e
80683f9d898f82ebd9b8335a25cf57e68b84c836c4765a42c7bc17b43bea16e2
GET /template/yjx/static/css/bootstrap.min.css HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/css
Last-Modified: Mon, 07 Jun 2021 16:01:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60be42f0-2212e"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.yjx84.top/template/yjx/static/css/swiper.min.css
198.16.51.4200 OK 3.3 kB URL HTTP/1.1 www.yjx84.top/template/yjx/static/css/swiper.min.css
IP 198.16.51.4:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (17459)
Hash 3b0f19c6e3d95b50787117fc26d47c7f
33799bc7c5f9ebda4adde8d59116a87fc2cce23f
39c608aa9656788524e36287f3a9e0070085695a439e4081a5bfd48c3b6f83b3
GET /template/yjx/static/css/swiper.min.css HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/css
Last-Modified: Wed, 27 May 2020 23:55:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5ecefdf2-4562"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.yjx84.top/template/yjx/static/css/white.css
198.16.51.4200 OK 2.8 kB URL HTTP/1.1 www.yjx84.top/template/yjx/static/css/white.css
IP 198.16.51.4:0
File type assembler source, ASCII text, with very long lines (1029), with CRLF line terminators
Hash a5eccc7e2836315f7bb04b7898a027fd
b0df7401bdd8d1c8e70596bcf988254afafd6805
2bce05beec599deec60a00af27e41f9af335ca0684f93e22a6e3c2f6d5169590
GET /template/yjx/static/css/white.css HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Apr 2021 20:48:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60808fb6-29da"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.yjx84.top/template/yjx/static/css/mm-content.css
198.16.51.4200 OK 1.4 kB URL HTTP/1.1 www.yjx84.top/template/yjx/static/css/mm-content.css
IP 198.16.51.4:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4495c8611d18d034410fec999b312b66
7820e1e8963ff54de1cd1207b48d0f75c366f23e
a824748bc8e6648f9e79a23b203bc3b024ffe1843496c68c7aafb7cb852a09b1
GET /template/yjx/static/css/mm-content.css HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/css
Last-Modified: Mon, 07 Jun 2021 16:02:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60be4328-1cd0"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 1e6ab14f6655430f5951083c96971eb3
d2f44883b4812b975f4aa1dcf4f0924c9b250a9d
52015bd80d90354c66aefbffe013a144e1cab826ab6c819daf578b49b84eed86
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 19 Sep 2022 19:08:27 GMT
ETag: "d2f44883b4812b975f4aa1dcf4f0924c9b250a9d"
Last-Modified: Thu, 15 Sep 2022 19:08:28 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 133
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a5671a450b61-OSL
www.yjx84.top/template/yjx/static/css/style.css
198.16.51.4200 OK 15 kB URL HTTP/1.1 www.yjx84.top/template/yjx/static/css/style.css
IP 198.16.51.4:0
File type assembler source, Unicode text, UTF-8 text, with very long lines (350), with CRLF line terminators
Hash 4495e8aa756dc2cda90f57239ecad9ea
c8aaebce7643d7c46edc3b4e2ae426ae6b8c6ed5
d56b5cf774c910d16c7c11a36322205fd47fe3f64688fb79e3f59b1f2a9a9257
GET /template/yjx/static/css/style.css HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/css
Last-Modified: Mon, 05 Jul 2021 18:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60e3537c-10b00"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.yjx84.top/static/js/jquery.js
198.16.51.4200 OK 37 kB URL HTTP/1.1 www.yjx84.top/static/js/jquery.js
IP 198.16.51.4:0
File type ASCII text, with very long lines (32089)
Hash ecb5a5b0c520535a5dedef53186c0079
232708f689fd7efa0bef4b61f169f054504bd22a
d220a5333de3774d06aa124d2e7f8cab2310b2780883a1cd49296d0614ab2a9c
GET /static/js/jquery.js HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: application/javascript
Last-Modified: Sat, 12 Feb 2022 13:52:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6207bb8e-169d5"
Expires: Fri, 16 Sep 2022 10:02:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
gif.naigou1002.top/GIF/1241242.gif
104.21.233.253404 Not Found 167 B URL HTTP/1.1 gif.naigou1002.top/GIF/1241242.gif
IP 104.21.233.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 4e93325cbd7d0a1bd9182c50a87ee855
4761e9470180e0a73ba9df2773318dab945e33be
c9741cd73b587f99806ca15ae0bf08ca7e78d0a805fc0258394b757107395c96
GET /GIF/1241242.gif HTTP/1.1
Host: gif.naigou1002.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 404 Not Found
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 154
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eYvbIEwvczbOpgL3ynWluOi0nYGbN%2F3RiseCxXBkzJG%2BmmDBZ%2BjF7lOBrmWwEHo7BT%2BLatjsk8n%2FyGC%2Fv0o3CBJSndUjw6mK8VNfRgI2JvF86MPiDZXqUFrWL4c6yYi6ghuGnLM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a567c8cc7519-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn.jsdelivr.net/gh/re341/ipad@main/112.ww
151.101.85.229200 OK 1.1 MB URL HTTP/2 cdn.jsdelivr.net/gh/re341/ipad@main/112.ww
IP 151.101.85.229:0
File type GIF image data, version 89a, 206 x 206\012- data
Size 1.1 MB (1127941 bytes)
Hash 0e7eec6edceaeea89caf8f918078ac38
1d7f2cc8f2b17e529e52d2bf4594be2a1934ef25
a1dae3e6252e4cc2d7d8ef59a9b8b7484fd5e4a10f7276e975c3654f6c9391c8
GET /gh/re341/ipad@main/112.ww HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: main
x-jsd-version-type: branch
content-type: application/octet-stream
etag: W/"113605-HX8syPKxflKeUtK/RZS+Khk07yU"
accept-ranges: bytes
date: Thu, 15 Sep 2022 22:02:20 GMT
age: 31594
x-served-by: cache-fra19143-FRA, cache-bma1656-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1127941
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1c7a5fbc417fc7ee295e13c88e449137
2f2e19525b90838941637cf04be44065d10766e2
eb67dfa52170d8333b3ae3b8e27b993ad535f2492d1059c2480121034bea9156
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB67DFA52170D8333B3AE3B8E27B993AD535F2492D1059C2480121034BEA9156"
Last-Modified: Tue, 13 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9292
Expires: Fri, 16 Sep 2022 00:37:12 GMT
Date: Thu, 15 Sep 2022 22:02:20 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 6e280a428dc2eaf7d1d346462b050f51
554cdedea19db241a659cf8c445f1545fcf1d619
a86e45403af69b25be4fb3689a821d8e681a2bbc6637ae10bd17cba2aa3ec690
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 15:36:41 GMT
Expires: Tue, 20 Sep 2022 15:36:40 GMT
Etag: "554cdedea19db241a659cf8c445f1545fcf1d619"
Cache-Control: max-age=408259,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b4a5670bf6b51d-OSL
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 30b9fb2d1a8deb149c18f5565db85e62
700af505f416fccd473e840c8687c507b7555cd9
686a019b4dc6738adae1fb702e4042abe9ec088edc8ac0fd1854b5c0cdc25dbc
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "189842A039E3D10483C2339C913CEFCF0D3A1440"
Expires: Fri, 16 Sep 2022 09:00:00 GMT
Last-Modified: Thu, 15 Sep 2022 21:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1930
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a5686b530b61-OSL
kvhaa.com/62a5acc8a4e6bb9a5cf9e8ab76642b63.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kvhaa.com/62a5acc8a4e6bb9a5cf9e8ab76642b63.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /62a5acc8a4e6bb9a5cf9e8ab76642b63.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:20 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/62a5acc8a4e6bb9a5cf9e8ab76642b63.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
statuse.digitalcertvalidation.com/
93.184.220.29200 OK 471 B URL HTTP/1.1 statuse.digitalcertvalidation.com/
IP 93.184.220.29:0
Hash 8bb95f5cce15723f9ff0653688abe336
9c668fc4b701a655d71327c789a233faf1f91120
3d04fc5af69cee6827d27aab181db5200582105bd253c3d86506c40b7ce1bd00
POST / HTTP/1.1
Host: statuse.digitalcertvalidation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:02:20 GMT
Last-Modified: Thu, 15 Sep 2022 20:46:07 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
www.yjx84.top/template/yjx//images/logo.gif
198.16.51.4200 OK 13 kB URL HTTP/1.1 www.yjx84.top/template/yjx//images/logo.gif
IP 198.16.51.4:0
File type GIF image data, version 89a, 470 x 180\012- data
Hash 5279c09a9d7a0485efe0ec86823d85dd
10b4cb4162ff557e1530c6352b046f5434fd05a6
4ad742c6c83856e91c81d1ed1cc9e4f326e786149be8d776fce67613a06453f3
GET /template/yjx//images/logo.gif HTTP/1.1
Host: www.yjx84.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.yjx84.top/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:20 GMT
Content-Type: image/gif
Content-Length: 13411
Last-Modified: Tue, 29 Mar 2022 15:31:00 GMT
Connection: keep-alive
ETag: "62432634-3463"
Expires: Sat, 15 Oct 2022 22:02:20 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
nvhaaa.top/62a5acc8a4e6bb9a5cf9e8ab76642b63.gif
104.21.234.41200 OK 211 kB URL HTTP/2 nvhaaa.top/62a5acc8a4e6bb9a5cf9e8ab76642b63.gif
IP 104.21.234.41:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 211 kB (211098 bytes)
Hash 0f2b80d3ad13b71edfe82b0bd0aedb70
0a2a3bb08fd6edcfd612c8635c0c7df00b66263c
f5de09e64898fa572397fdeab8bf27e7f5b22cdf7ee846195a8913192e395346
GET /62a5acc8a4e6bb9a5cf9e8ab76642b63.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:20 GMT
content-type: image/gif
content-length: 211098
last-modified: Thu, 19 May 2022 10:22:37 GMT
etag: "62861a6d-3389a"
expires: Sat, 15 Oct 2022 16:28:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 20023
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqCb25cMiP7dYB4LL21ZXU6mlMc26bI9SpYtU%2FDs4qzZRdKDeXC4pfGqFKDwZXJuxTi6UXI5tM0vgXeQvuNciGZCIuHwxkAjhXHmqdQUgnaqonn%2BkOi3fD%2FXxFSZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a568fce876d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bcbee23793095481cbb8b62a67f702a
bbde63fca3e80a8020d64daec2213f34d74fe5fa
d2f5696ad579cec3a61cc022517ba4abe4ee2743663ffb7d94de38a588dc1179
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2F5696AD579CEC3A61CC022517BA4ABE4EE2743663FFB7D94DE38A588DC1179"
Last-Modified: Wed, 14 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12975
Expires: Fri, 16 Sep 2022 01:38:36 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c4110224094a5ed1a4c9e23a5bd84bf
d90612238a48c5feaab7757e39e14e563284958a
ade8d5140300bd59cde965e17c86b8804d2165233d286b271559558dab8294b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADE8D5140300BD59CDE965E17C86B8804D2165233D286B271559558DAB8294B3"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15047
Expires: Fri, 16 Sep 2022 02:13:08 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5568017b1d1beb5fce945e2fd5cbd5dd
a2ca3dd96f489207273a2a96406cff9a67f5a756
af98bbe27e6ed2913bebed46070980f63bf79938c93e5144c68b068384ebc12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF98BBE27E6ED2913BEBED46070980F63BF79938C93E5144C68B068384EBC12B"
Last-Modified: Wed, 14 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17400
Expires: Fri, 16 Sep 2022 02:52:21 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77a2a446c9f0ae3003c68750814f11e2
f35a06a25035479b52cd2d749add76d9869eefd4
584e4b8ec28a97cdea9248ebafce881762931a5e355c29373aeec162fb741f98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "584E4B8EC28A97CDEA9248EBAFCE881762931A5E355C29373AEEC162FB741F98"
Last-Modified: Tue, 13 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3574
Expires: Thu, 15 Sep 2022 23:01:55 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
js.users.51.la/21177489.js
103.143.19.103200 OK 2.5 kB URL HTTP/1.1 js.users.51.la/21177489.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type HTML document, ASCII text, with very long lines (5207)
Hash cdc7683cbaa5abc3a9ff28a08b6bbe48
9904caa8ffc006b6aad161975259d3ca26ec927b
7d7a84458e34c37f9769bbea61d103c37bb21c131349827248f97d79e117bd10
GET /21177489.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=4669a1f026d0f8abe12; path=/
HWWAFSESTIME=1663279339054; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e79f8d054e3520a42df1759f098f115
2ff8ca0675ffb72dc2f9c4ee632f3f2ba1e69179
7629f355b9bf06bae938794c6480e9e6c5ca5e4c1667bbdff48317a431a409cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7629F355B9BF06BAE938794C6480E9E6C5CA5E4C1667BBDFF48317A431A409CD"
Last-Modified: Wed, 14 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Fri, 16 Sep 2022 00:53:01 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 5eca6358fbbfb97d3ed0b9f0a2021574
c561c71c4f1b046b29619fa92acb27277898b1cb
7211238a3a70d28be88224682b3fce4f904a73937a4ecf3ac8c0825cdbfb50ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:45:14 GMT
Expires: Wed, 21 Sep 2022 15:45:13 GMT
Etag: "c561c71c4f1b046b29619fa92acb27277898b1cb"
Cache-Control: max-age=495171,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b4a56a5ef0b51d-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3bf69163a20574ffe186382f4f105e27
b19692dff68a03adc872b0fa57804e5cc83a592b
1a07f81e2897dcb8551d62609325cda13d588e22b2a6a67d76ae2383be5c3f84
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 22:38:23 GMT
Expires: Tue, 20 Sep 2022 22:38:22 GMT
Etag: "b19692dff68a03adc872b0fa57804e5cc83a592b"
Cache-Control: max-age=433560,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b4a56a6ea3b521-OSL
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://kvhhhh.top/ec9fcd758df74f805f29f72e8545d13b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://kvhccc.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzecc.com/ab4913e7a532610bd58878b08c77826a.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kzecc.com/ab4913e7a532610bd58878b08c77826a.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ab4913e7a532610bd58878b08c77826a.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://kvhaaa.top/ab4913e7a532610bd58878b08c77826a.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvezz.com/6ed80b70f51e3203d0bd3e764a23a054.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvezz.com/6ed80b70f51e3203d0bd3e764a23a054.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /6ed80b70f51e3203d0bd3e764a23a054.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://acoozzh.top/6ed80b70f51e3203d0bd3e764a23a054.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzecc.com/789e429d4920f337d8623b8d4aaeae43.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kzecc.com/789e429d4920f337d8623b8d4aaeae43.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /789e429d4920f337d8623b8d4aaeae43.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: text/html
content-length: 162
location: https://kvhaaa.top/789e429d4920f337d8623b8d4aaeae43.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash fef7e2c4e976ceffc9f853bc533b5a81
d182cc05c270a9d22457e291204aa33e3b3a114d
055e8ca689d3df4de157333e3d02688d210cf0a1580becd2b5a131fd06c72cb9
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 19 Sep 2022 18:51:40 GMT
ETag: "d182cc05c270a9d22457e291204aa33e3b3a114d"
Last-Modified: Thu, 15 Sep 2022 18:51:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1320
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a56b19a7b511-OSL
acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
104.21.33.100200 OK 400 kB URL HTTP/2 acoozzh.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 104.21.33.100:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 400 kB (400264 bytes)
Hash b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: acoozzh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Wed, 12 Oct 2022 23:28:07 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 254054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHtggQ7fDetHRCBHJCNJr7BlySnWZABIvBxexNm2X3J284CUeNerxaW%2BOabK4wkEgsm%2Bve1VpZZzL6txiqiIPuBqpbo%2BUJR6sB8WNFdX35IPRBGvWiabCdOzT3qGyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b1856b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
acoozzh.top/6ed80b70f51e3203d0bd3e764a23a054.gif
104.21.33.100200 OK 112 kB URL HTTP/2 acoozzh.top/6ed80b70f51e3203d0bd3e764a23a054.gif
IP 104.21.33.100:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 112 kB (111940 bytes)
Hash 88f3715f27e8e32561820e4d356bb3d6
7ee6f705f5c7dab5ad3d50bdc5aa9e34a3eab1bf
d8cff0f2678147b9198cd07c4e2842da303763503c06ca39b75ddb48dcd34c84
GET /6ed80b70f51e3203d0bd3e764a23a054.gif HTTP/1.1
Host: acoozzh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 111940
last-modified: Mon, 02 May 2022 19:14:29 GMT
etag: "62702d95-1b544"
expires: Thu, 13 Oct 2022 10:44:18 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 213483
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zuvw6g0WtAkD%2FO4LDiKV%2F77Ub1yBQddSl67SdILNhBEGporzGZO9E59yv2aCE5os1SdHPjKHVsfY25u4VIrg29aLYu7kLV%2FNhqaq9SR8WHw1A0Da9vIE1xucf612Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b2867b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72e908c7108eeac9a182b878338fca0c
3e77fe9461845d984b2a08119f40ee88c8291a49
609aadbc1a5ce4fe69801c018315e4724162ddcf468539d0aeec8cd4a5bd4dfb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "609AADBC1A5CE4FE69801C018315E4724162DDCF468539D0AEEC8CD4A5BD4DFB"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12026
Expires: Fri, 16 Sep 2022 01:22:47 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72e908c7108eeac9a182b878338fca0c
3e77fe9461845d984b2a08119f40ee88c8291a49
609aadbc1a5ce4fe69801c018315e4724162ddcf468539d0aeec8cd4a5bd4dfb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "609AADBC1A5CE4FE69801C018315E4724162DDCF468539D0AEEC8CD4A5BD4DFB"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12026
Expires: Fri, 16 Sep 2022 01:22:47 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
kvhaaa.top/ab4913e7a532610bd58878b08c77826a.gif
104.21.94.20200 OK 389 kB URL HTTP/2 kvhaaa.top/ab4913e7a532610bd58878b08c77826a.gif
IP 104.21.94.20:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 389 kB (388680 bytes)
Hash 96284edda10aee3431c569b48aa79121
ab9b427b01457bcea356343a49f4d7f076b0303e
2b521834367c6f9e4a0e32ff0a07c6d205811afa0a4914297356287a70d92084
GET /ab4913e7a532610bd58878b08c77826a.gif HTTP/1.1
Host: kvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 388680
last-modified: Sun, 04 Sep 2022 09:07:13 GMT
etag: "63146ac1-5ee48"
expires: Sat, 15 Oct 2022 22:01:56 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 25
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72bxfphqyeq3uYir%2FPXm%2BAVd3YdS4h243FPHv4J02%2FeMZwA6sQ9F37v2G%2BSsPJUGK09l0u%2B0S%2Ft8pHDuTPWCF65%2BiykfEmcZT24AqDzJUDro7qHgMXuvxb0CHt7E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b7dffb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pic.rmb.bdstatic.com/bjh/c4aec2fc715ed9100d40a15aa4b82c28.gif
185.10.104.115404 Not Found 117 B URL HTTP/2 pic.rmb.bdstatic.com/bjh/c4aec2fc715ed9100d40a15aa4b82c28.gif
IP 185.10.104.115:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 901b53c352061e566a3655da4fa5c5a8
f4d598dc7985ed7ddc450b88c2446636d28612a1
8a11a7520b706dca74be8ed307a3c4c6f1b50dc585767be587ddb5550c6efd45
GET /bjh/c4aec2fc715ed9100d40a15aa4b82c28.gif HTTP/1.1
Host: pic.rmb.bdstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: JSP3/2.0.14
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: application/json; charset=utf-8
content-length: 117
x-bce-debug-id: njI10vfn1RxaPJoC43QHmvyeHIDF/tPz5eah22ph/aTjaIeq7WvEyYRrrewXWfE4pDQ+CnozL5JjZ3/CixmzkA==
x-bce-request-id: ff3f4583-59de-4be9-b5e6-bff672b62236
x-bce-restore-cache: -
x-bce-restore-tier: -
x-error-info: Origin
timing-allow-origin: *
ohc-cache-hit: fra01-sys-jomo2.fra01.baidu.com [1], zhuzuncache57 [1], xaix97 [1]
ohc-file-size: 117
x-cache-status: MISS
X-Firefox-Spdy: h2
kvhaaa.top/789e429d4920f337d8623b8d4aaeae43.gif
104.21.94.20200 OK 552 kB URL HTTP/2 kvhaaa.top/789e429d4920f337d8623b8d4aaeae43.gif
IP 104.21.94.20:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 552 kB (552137 bytes)
Hash d4f9fe2e2037f91ef8a7cac508ff7dd3
adbe36339b875532fee42169a68142c508f758bc
bb1cd5879463c2bbe97a45dc285aa7beddafd8d4401d25f784f3d05bcb2c0cdd
GET /789e429d4920f337d8623b8d4aaeae43.gif HTTP/1.1
Host: kvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 552137
last-modified: Sun, 17 Jul 2022 10:44:26 GMT
etag: "62d3e80a-86cc9"
expires: Sat, 15 Oct 2022 00:56:35 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 75946
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtamxE3%2Blg5ReLc2EKFDxo8c1FufScek1c9qlD5pWN4zcTXU6wgml9N5tdWh0XFzRQlTI3IwMY7guCHUUyhcJP5BaR2sKpegpvUqKnMXGSceHZn9f853oUZW4TAh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b6dfcb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 13d1355dac365efed853f11c8ec81f76
0570fab106cf87a31b4d90f3aa14677056d76371
5f17c7a904e4dfbcc3dd4fca79c86bddd8a307b24157b4985ad66e87d37d0303
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 19 Sep 2022 19:07:17 GMT
ETag: "0570fab106cf87a31b4d90f3aa14677056d76371"
Last-Modified: Thu, 15 Sep 2022 19:07:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1324
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a56bda60b511-OSL
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72e908c7108eeac9a182b878338fca0c
3e77fe9461845d984b2a08119f40ee88c8291a49
609aadbc1a5ce4fe69801c018315e4724162ddcf468539d0aeec8cd4a5bd4dfb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "609AADBC1A5CE4FE69801C018315E4724162DDCF468539D0AEEC8CD4A5BD4DFB"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12026
Expires: Fri, 16 Sep 2022 01:22:47 GMT
Date: Thu, 15 Sep 2022 22:02:21 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 13d1355dac365efed853f11c8ec81f76
0570fab106cf87a31b4d90f3aa14677056d76371
5f17c7a904e4dfbcc3dd4fca79c86bddd8a307b24157b4985ad66e87d37d0303
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 19 Sep 2022 19:07:17 GMT
ETag: "0570fab106cf87a31b4d90f3aa14677056d76371"
Last-Modified: Thu, 15 Sep 2022 19:07:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1324
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4a56bdcb9b506-OSL
kvhccc.top/92f0c144d76dd785f7c04f84ae149b33.gif
104.21.233.189200 OK 1.0 MB URL HTTP/2 kvhccc.top/92f0c144d76dd785f7c04f84ae149b33.gif
IP 104.21.233.189:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 1.0 MB (1024160 bytes)
Hash 52748c8ca30fe48c822541046bceafc0
8640926f83b9c0d635fb28403505a7c0f0753857
2e292531362f37bf7a1cd01330efb234450b1f836e975c55f2b2179c0be32ae6
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kvhccc.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 1024160
last-modified: Wed, 25 May 2022 13:49:10 GMT
etag: "628e33d6-fa0a0"
expires: Fri, 14 Oct 2022 04:39:45 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 148956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfES3xv7f8qItCoCNQDYdoP9etoYyc46so1Mkg2NlUA4Os9Pu3RC2IXp8qlRbjwDGdyY2%2BLS7b9DX8UKPXKIuPETgmZsPJ8b9x9tVVtSa44kg5Sg6%2Fk8qoSpRuAa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b3e74dd77-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvhhhh.top/ec9fcd758df74f805f29f72e8545d13b.gif
104.21.235.36200 OK 902 kB URL HTTP/2 kvhhhh.top/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.21.235.36:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvhhhh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.yjx84.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 902313
last-modified: Sat, 12 Mar 2022 15:17:28 GMT
etag: "622cb988-dc4a9"
expires: Mon, 03 Oct 2022 16:05:33 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1058208
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sW9HP6ujNtflhmd5Rh8NLEIFvAxYSyIPXAaXmBG0lFrwuuCI7K0%2BRio%2FCVQzF6tuOdepyPdEwbnyxl1N0Nrj19gn6jqeKYDZlNJZkEFTLjihoDiCgs%2BE1V2%2BqiB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a56b3b99719e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pic.rmb.bdstatic.com/bjh/1da62db7a3fca4f1b284612aabb89564.gif
185.10.104.115404 Not Found 117 B URL HTTP/2 pic.rmb.bdstatic.com/bjh/1da62db7a3fca4f1b284612aabb89564.gif
IP 185.10.104.115:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 37d885e21314442486a32467f4985454
837d8f1bc6d8c6870a48baa3e09b05f7d6b8ea07
b425553d10473232d502e0afec3d213499471710508e557e0e00fe6cd6727a84
GET /bjh/1da62db7a3fca4f1b284612aabb89564.gif HTTP/1.1
Host: pic.rmb.bdstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: JSP3/2.0.14
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: application/json; charset=utf-8
content-length: 117
x-bce-debug-id: YJ00xagYlD5SrbPl0Fg7kuhJPB72PlnoVH6mPBu6b/UxzKv9r0Qv3oZbgNzofcmH0Xv9qfXiSAmYlIJYNu+Wiw==
x-bce-request-id: e97cefc7-1c04-492e-8913-3893a7628ff2
x-bce-restore-cache: -
x-bce-restore-tier: -
x-error-info: Origin
timing-allow-origin: *
ohc-cache-hit: fra01-sys-jomo4.fra01.baidu.com [1], zhuzuncache62 [1], xiangyix124 [1]
ohc-file-size: 117
x-cache-status: MISS
X-Firefox-Spdy: h2
65677358625.com/109e604a3c6249d594c56004b700f28c.gif
45.61.212.217200 OK 720 kB URL HTTP/1.1 65677358625.com/109e604a3c6249d594c56004b700f28c.gif
IP 45.61.212.217:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 720 kB (719745 bytes)
Hash a371336a677886333a1e0e87f32df904
5d17beeea80b18e70073f0e54dfa9ad61e71b25f
18543a39e003823862ca88f74a899b953e82fc6f1771682b37d0b435d40644cc
Analyzer Verdict Alert quad9 Sinkholed
GET /109e604a3c6249d594c56004b700f28c.gif HTTP/1.1
Host: 65677358625.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "62ee26b9-afb81"
Date: Wed, 14 Sep 2022 08:59:59 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sat, 06 Aug 2022 08:30:49 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-17
Content-Length: 719745
www.qtx5.com/images/index_1.jpg
38.53.75.203200 OK 264 kB URL HTTP/1.1 www.qtx5.com/images/index_1.jpg
IP 38.53.75.203:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2014:08:06 14:46:45], baseline, precision 8, 680x84, components 3\012- data
Size 264 kB (263849 bytes)
Hash ef525cfe56e6b1f7fbeffa6002bff22d
9cc9aa22d3151d478620b997c0aa9bfb46ad9fa2
ebcb9a04307a96cee88b3245f17718e8d9a8d14b9294238f08cc9be2188750c2
GET /images/index_1.jpg HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:28 GMT
Content-Type: image/jpeg
Content-Length: 110659
Last-Modified: Fri, 02 Sep 2022 23:35:14 GMT
Connection: keep-alive
ETag: "63129332-1b043"
Expires: Tue, 20 Sep 2022 22:02:28 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
65677358625.com/0b452a2bc56e4793bcc7b4d4bbf9f783.gif
45.61.212.217200 OK 282 kB URL HTTP/1.1 65677358625.com/0b452a2bc56e4793bcc7b4d4bbf9f783.gif
IP 45.61.212.217:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 282 kB (282273 bytes)
Hash b0eeacf9c1fdf54285cf2a34d94485fd
bb887429dbe864e20cd5793bdfb436a066da4e89
d42452e67d2c4935be450dc77b275f2d5f393590814c3cebfa22e9f5270f08d8
Analyzer Verdict Alert quad9 Sinkholed
GET /0b452a2bc56e4793bcc7b4d4bbf9f783.gif HTTP/1.1
Host: 65677358625.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "630b43b2-44ea1"
Date: Tue, 13 Sep 2022 08:01:19 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sun, 28 Aug 2022 10:30:10 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-17
Content-Length: 282273
n0422.com/75791c462f6a4318b417dfbbcbcb3f7c.gif
20.239.191.67200 OK 82 kB URL HTTP/1.1 n0422.com/75791c462f6a4318b417dfbbcbcb3f7c.gif
IP 20.239.191.67:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 700 x 120\012- data
Hash 62b82b377fa699b7dd50dd7b16b54d95
5e979f18f7e73eca79c7d86090ef0afb84c1554e
f171573bfdaa6442971d9d8b65cc18479ea07c34ae9ca5a32440c4c2eedfb202
GET /75791c462f6a4318b417dfbbcbcb3f7c.gif HTTP/1.1
Host: n0422.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 29 May 2022 13:27:20 GMT
ETag: W/"629374b8-4b5a6"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
66377311795.com/31b089ea83214367bf1436f6dc9a843b.gif
45.61.212.50200 OK 725 kB URL HTTP/1.1 66377311795.com/31b089ea83214367bf1436f6dc9a843b.gif
IP 45.61.212.50:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 725 kB (724869 bytes)
Hash 17d7276bec51de6123854892f5d1d4ec
2f4954866443fcb402a5ee33f78c61cffe22eae8
c677f7601d68004a5c0af802407899ba001333fd3c69e8993a8a757a8521b20d
GET /31b089ea83214367bf1436f6dc9a843b.gif HTTP/1.1
Host: 66377311795.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "630b4402-b0f85"
Date: Thu, 15 Sep 2022 05:30:03 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sun, 28 Aug 2022 10:31:30 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-20
Content-Length: 724869
yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X60.gif
47.75.19.91200 OK 96 kB URL HTTP/1.1 yaoji666.oss-cn-hongkong.aliyuncs.com/gg/960X60.gif
IP 47.75.19.91:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Hash 57557d6b489d522d480d9b82ce29db65
da2d3b35f0c9534e84e50310aeafe73173037315
4b96548579c0d9b380b10ce78bdb3e8edfd35e180519b319c6b1181e7b325952
GET /gg/960X60.gif HTTP/1.1
Host: yaoji666.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 15 Sep 2022 22:02:21 GMT
Content-Type: image/gif
Content-Length: 95856
Connection: keep-alive
x-oss-request-id: 6323A0ED4C8B3739351ECD62
Accept-Ranges: bytes
ETag: "57557D6B489D522D480D9B82CE29DB65"
Last-Modified: Sat, 09 Jul 2022 12:37:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15928828585404051914
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: V1V9a0idUi1IDZuCzinbZQ==
x-oss-server-time: 1
p.qlogo.cn/qqmail_head/PiajxSqBRaELwR4xf94eWENgvxiczrusib7DD0uE3oWug9qlMPlDicI0glFu3XF6yfQqprzh37WicJso/0
43.154.254.32200 OK 255 kB URL HTTP/2 p.qlogo.cn/qqmail_head/PiajxSqBRaELwR4xf94eWENgvxiczrusib7DD0uE3oWug9qlMPlDicI0glFu3XF6yfQqprzh37WicJso/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 255 kB (254728 bytes)
Hash e31747184c41fbcc8d20acaeb3269c67
5b3134d7cc79fd35b8e002f56ed737221808744c
59f4e58c787082d958bfc1839a5f5ad39514def82e300edbd262b6cf7cd235f0
GET /qqmail_head/PiajxSqBRaELwR4xf94eWENgvxiczrusib7DD0uE3oWug9qlMPlDicI0glFu3XF6yfQqprzh37WicJso/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 254728
vary: Accept,Origin
last-modified: Fri, 02 Sep 2022 12:50:06 GMT
cache-control: max-age=2592000
x-delay: 36894 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 254728
chid: 0
fid: 0
x-nws-log-uuid: 518263d0-6216-410e-87fd-16aa4d933e74
X-Firefox-Spdy: h2
p.qlogo.cn/hy_personal/3e28f14aa051684245c4e0cfebfbd4b5489dde6bfa6ea63b30c8e304e22a4012/0.png
43.154.254.32200 OK 1.2 MB URL HTTP/2 p.qlogo.cn/hy_personal/3e28f14aa051684245c4e0cfebfbd4b5489dde6bfa6ea63b30c8e304e22a4012/0.png
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 80\012- data
Size 1.2 MB (1186991 bytes)
Hash b7ff6b584c23b3c247d43c4dd73a9063
7430c81b9edcef194c4165a31f1293b489f9c53e
7bec7d626dc2ca81a95ebae691c949068aaa3bb3060662887f613882b3b3afc5
GET /hy_personal/3e28f14aa051684245c4e0cfebfbd4b5489dde6bfa6ea63b30c8e304e22a4012/0.png HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Thu, 15 Sep 2022 22:02:21 GMT
content-type: image/gif
content-length: 1186991
vary: Accept,Origin
last-modified: Mon, 18 Jul 2022 16:43:32 GMT
cache-control: max-age=2592000
x-delay: 100358 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1186991
chid: 0
fid: 0
x-nws-log-uuid: 9e1e0f86-72fc-41ed-b50a-e1f42ae71d8d
X-Firefox-Spdy: h2
cdn.bdstatic.org/scripts/common.js
104.21.57.222200 OK 0 B URL HTTP/2 cdn.bdstatic.org/scripts/common.js
IP 104.21.57.222:0
Analyzer Verdict Alert fortinet Malware
GET /scripts/common.js HTTP/1.1
Host: cdn.bdstatic.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.yjx84.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:02:20 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=77555
etag: W/"63108e3d-12ef3"
last-modified: Thu, 01 Sep 2022 10:49:33 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 2243
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNO1bVnrA9lkVFN%2FFq2fbvNADe1CkqPyJtHK2p3jgj7SNaQ8zPaoDxRNEbuik8CRNbbPP%2B73cFk44mKocfzIpi8NkKGFcFjLEfilyW%2BpkzQC1lIWg0nk1qQPPZgajAlNcf5z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b4a5647b3cb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.qtx5.com/images/bg.jpg
38.53.75.203200 OK 0 B URL HTTP/1.1 www.qtx5.com/images/bg.jpg
IP 38.53.75.203:0
GET /images/bg.jpg HTTP/1.1
Host: www.qtx5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qtx5.com/style.css
Cookie: __tins__21431483=%7B%22sid%22%3A%201663279323545%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201663281123545%7D; __51cke__=; __51laig__=1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 22:02:28 GMT
Content-Type: image/jpeg
Content-Length: 300211
Last-Modified: Fri, 02 Sep 2022 23:35:28 GMT
Connection: keep-alive
ETag: "63129340-494b3"
Expires: Tue, 20 Sep 2022 22:02:28 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes