lifemidst.cn/qatarenergy-2022/tb.php?sl=cv1667986099280
104.21.89.157200 OK 589 B URL HTTP/1.1 lifemidst.cn/qatarenergy-2022/tb.php?sl=cv1667986099280
IP 104.21.89.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (550), with CRLF line terminators
Hash a544cba566e236b73b35ea9791633d09
eddd6dc8564e919e53afd1587b0a556d4c736230
e5486f6bcc5397dd136ce7d3bbf66b6ff4c39aab8efc8b8b337098c6c553a797
Analyzer Verdict Alert fortinet Phishing
GET /qatarenergy-2022/tb.php?sl=cv1667986099280 HTTP/1.1
Host: lifemidst.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c34PEo9i%2BneJDVzbT0rrP9%2FOBvKEEbwpVUXwq39sI%2F%2FDCmrx8QL3hwAKNXY7MUnk9mriL2zBY38hp0Zkc08%2FWo9KvvZThnNRqvyEnu%2BD9k6Su7JveoGiefcG4lcCNN0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76e11a7ccc70b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6304
Expires: Tue, 22 Nov 2022 12:35:23 GMT
Date: Tue, 22 Nov 2022 10:50:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a6c553d89cb6fd1de4787fee2a0e0dc
b974e022ea8675c0a09f58864cc99df05b5b1241
a62ecedcb0953814f982237818a3d902fdca501f82b675629d28b5d476e0fbfa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A62ECEDCB0953814F982237818A3D902FDCA501F82B675629D28B5D476E0FBFA"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Tue, 22 Nov 2022 11:59:39 GMT
Date: Tue, 22 Nov 2022 10:50:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4843de3bf95411e6aa89834def44bb86
1f1882351ac63fba73a22014382f69df5e02ec96
1e6ed1df02f8fa6c89ddca66f7c9981f8a06127d7ec90b503703137e823bb4b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3817
Cache-Control: max-age=89075
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:19 GMT
Etag: "637b5375-1d7"
Expires: Wed, 23 Nov 2022 11:34:54 GMT
Last-Modified: Mon, 21 Nov 2022 10:31:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 10:50:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1U8u6sbx9CibGAZn3/hms7QCqdtjsBPuAhBGEuyGnCzc5EjQaSWN59e9+zjmVHsJz/ylwMLZHbwxaWLkrqP0nA==
x-amz-request-id: W2GV652N4XP2QT89
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 10:42:32 GMT
age: 467
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 10:09:22 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2457
alt-svc: clear
X-Firefox-Spdy: h2
lifemidst.cn/favicon.ico
104.21.89.157200 OK 455 B IP 104.21.89.157:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: lifemidst.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lifemidst.cn/qatarenergy-2022/tb.php?sl=cv1667986099280
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:19 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXT7GQCjT2vUX3PqNGsm3yWOF2ayF4X1bUMxUrq%2BSqcoBgue0Stqb0BZ5DIuRnjt%2F2GNeqAnnWqXmTY5u7dCXh%2Flz7fhyxP1Vd%2BRO4z08oU7%2B6vRh2mc82MCY2D3RFk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e11a7ff90db523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
lifemidst.cn/j/og2.js?_t=1669114219402
104.21.89.157200 OK 942 B URL HTTP/1.1 lifemidst.cn/j/og2.js?_t=1669114219402
IP 104.21.89.157:0
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
Analyzer Verdict Alert fortinet Phishing
GET /j/og2.js?_t=1669114219402 HTTP/1.1
Host: lifemidst.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lifemidst.cn/qatarenergy-2022/tb.php?sl=cv1667986099280
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Tue, 22 Nov 2022 22:50:19 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9w%2BG0lb39xFXCltkr8vPiDJhtV23BPnMzqxNw4TLxqC%2BH3ACdBiq8XwN6LHGlQexvCPo0ndY6qUJr1PkGD%2FtLVuvCJd0WlvZIKB99dtcSlJm7pVyUp7jPd7c3BcptVs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76e11a80fa8fb523-OSL
alt-svc: h2=":443"; ma=60
lifemidst.cn/j/og2.php?_t=1669114219592
104.21.89.157200 OK 101 B URL HTTP/1.1 lifemidst.cn/j/og2.php?_t=1669114219592
IP 104.21.89.157:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e1bb17b17324a754233b8f04836c7686
8ba228001cb0806ebe83a92e6484dea0d986d5cf
a22f52fe39bd8c26274ae97dc90fcc8ad2400c5c27c16acbeeddcde13c8806a6
Analyzer Verdict Alert fortinet Phishing
POST /j/og2.php?_t=1669114219592 HTTP/1.1
Host: lifemidst.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 55
Origin: http://lifemidst.cn
Connection: keep-alive
Referer: http://lifemidst.cn/qatarenergy-2022/tb.php?sl=cv1667986099280
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=93f6dLvvY1BNiSvefHsSByRGHCCVVKMyv%2FKxSlHqnPG4bsvG4lCYRzcXrlq6fnMP8hAa2JKSxASquQdQ8uCkOIk6WvdNfLQduCoyxV4EJMIyWbfFbREgNUMOeEFd2uw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76e11a819b70b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98e24002c6959c72d93c5ee9a12d41f2
700493b2e2937d362cdf7353b297e0039bbc19d3
f3bd425c639eb0409b92054b01c7c3ad6756cf35cfa40bade4650d6b2e4b2823
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F3BD425C639EB0409B92054B01C7C3AD6756CF35CFA40BADE4650D6B2E4B2823"
Last-Modified: Mon, 21 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18129
Expires: Tue, 22 Nov 2022 15:52:28 GMT
Date: Tue, 22 Nov 2022 10:50:19 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98e24002c6959c72d93c5ee9a12d41f2
700493b2e2937d362cdf7353b297e0039bbc19d3
f3bd425c639eb0409b92054b01c7c3ad6756cf35cfa40bade4650d6b2e4b2823
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F3BD425C639EB0409B92054B01C7C3AD6756CF35CFA40BADE4650D6B2E4B2823"
Last-Modified: Mon, 21 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18128
Expires: Tue, 22 Nov 2022 15:52:28 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
151.101.85.229200 OK 2.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /npm/select2@4.1.0-rc.0/dist/css/select2.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.1.0-rc.0
x-jsd-version-type: version
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 10:50:20 GMT
age: 20534727
x-served-by: cache-fra19146-FRA, cache-bma1669-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2162
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
151.101.85.229200 OK 21 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65317)
Hash b5ae87c0e4dd241b533e67053b0b719d
6b7b568694a95d81a94dea9ef7a85d1317d448dc
5bae5997fbca925ac6e52be8163ca897e751fcc9331552e0f77a22dd35b64521
GET /npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 6.1.1
x-jsd-version-type: version
etag: W/"189ae-CRAs/GDvtDCiXul87ppqNd9t/Fk"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 10:50:20 GMT
age: 6105750
x-served-by: cache-fra19168-FRA, cache-bma1669-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20556
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 10:08:53 GMT
cache-control: public,max-age=3600
age: 2487
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2db0ebb9efcf3be3c92f23b61de5c065
dd830565723f18a7944c26d24b0fb142d06a71a5
8615316184c4d1d64db923a5364363bbb3d25e146a042c5fbd5bf0cfcec8effb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6534
Cache-Control: max-age=86728
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Etag: "637b3fae-1d7"
Expires: Wed, 23 Nov 2022 10:55:48 GMT
Last-Modified: Mon, 21 Nov 2022 09:06:54 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3e4b1e2088f4a6d1052981adc8626e40
571d0bea248dc908bbc70f6ffc967dd005797463
93ca688ca5923b0de99c8eb9fbb1f58e2654f2e1b00701491122bd56741fc44d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "93CA688CA5923B0DE99C8EB9FBB1F58E2654F2E1B00701491122BD56741FC44D"
Last-Modified: Sun, 20 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13393
Expires: Tue, 22 Nov 2022 14:33:33 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b54269a4cdc82c5d8ea001c23f892ea2
c202c6bc43d920284c484ed39060098b61c35d4d
55874a28bbf1dfbb1b0767f35d64f08acac90399ab86802b570313180f85ec7d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "55874A28BBF1DFBB1B0767F35D64F08ACAC90399AB86802B570313180F85EC7D"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9752
Expires: Tue, 22 Nov 2022 13:32:52 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b26582db0cbccfe965db0a2325a47f38
d01138e66a2b95728f2136a572e1c195c108caeb
408c9c6a058c6bb444e96b26b96347a6217f9627faef8cf775b7dfb4db2b45e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "408C9C6A058C6BB444E96B26B96347A6217F9627FAEF8CF775B7DFB4DB2B45E7"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8892
Expires: Tue, 22 Nov 2022 13:18:32 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnkey.net/upload/Sharon%20Kalifa.jpg
104.21.60.169200 OK 26 kB URL HTTP/2 cdnkey.net/upload/Sharon%20Kalifa.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 23c9827b9aebc5b81df47764d1e0d911
5930d34351242bec181f07f2f3a8f00b80a39dd2
dd02eeb72de57c36cf71017c3f79ae3b4dac32d3752a5ebf8d453a8697840235
GET /upload/Sharon%20Kalifa.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 25800
x-guploader-uploadid: ADPycds4v8V6u50LJ-BpA8unnwQWFxd7zZ12Jz-b_APL2KQulopkcsvxA0GBjPjLGKZLW_Jqtbw94QaG2HpiJe8fLaImBrjqLHq-
expires: Tue, 22 Nov 2022 11:05:22 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:41 GMT
etag: "23c9827b9aebc5b81df47764d1e0d911"
x-goog-generation: 1662378641087615
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 25800
x-goog-hash: crc32c=pVNA5w==, md5=I8mCe5rrxbgd9Hdk0eDZEQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDhpX%2BZgEcRTG7FV012pZkKrzpTykUCF1y6y9t2aSLl9EBX6rdWQy5SWdFMbVOeVDioA%2FqaYepjYlLRZubhMxcZ5ywPGMU5dTohPnWELDL%2Bkrk5kXR9%2B10ftymT6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86ae281c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/Ashley%20Benson.jpg
104.21.60.169200 OK 32 kB URL HTTP/2 cdnkey.net/upload/Ashley%20Benson.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 9f1e9f0170ba7483cc7ce810bbe78e1f
1dc7ab4b8e5734180e22190f0cc6e7123586f244
da41a6d0acadbb94a5d939a2b245838d613ea21ce39bb1dd6b70595322f73043
GET /upload/Ashley%20Benson.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 31801
x-guploader-uploadid: ADPycdt3xWVtXEnUBEvomrS6dNBmEkLWHGVGK9vjM_eFvQlJqPI-MgdSY4M-0bEMqETLphPlLWTB571tE3_TTl-UuoxnnYEviRLP
expires: Tue, 22 Nov 2022 10:06:35 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:42 GMT
etag: "9f1e9f0170ba7483cc7ce810bbe78e1f"
x-goog-generation: 1662378642090884
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 31801
x-goog-hash: crc32c=ikFAgQ==, md5=nx6fAXC6dIPMfOgQu+eOHw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YyXs0KN8JMwxmG8BJZ7BnftfSCimWpgy7c5O3d5K%2BvUPbxjuG0idPlFUpf6AEJHVcMPK8kuAP6k47zQyVza8rhHlRRG9JWItgCaRVSrSaXey3SbftbiDgLTlXJ4K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86ae2c1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/Sasha%20Pieterse.jpg
104.21.60.169200 OK 32 kB URL HTTP/2 cdnkey.net/upload/Sasha%20Pieterse.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash d9cc3b86152bb84447f2c4f3ead72edd
2f8259daa028a7ac3fa7bba75cb318661c206249
8f63316250888fe7082064217ce59dfd7bd1afa8db430cf9c52ed698fe9c4d00
GET /upload/Sasha%20Pieterse.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 31593
x-guploader-uploadid: ADPycdusxMQdQP6sypnu8UWGQJbQUzYerIT56STiOJFoCOqwtEo7fTxe6OXZBd_BjBFDK5_Gq2YcYzQxLDf4XMkSh3n5BelC7jjo
expires: Tue, 22 Nov 2022 10:15:33 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:41 GMT
etag: "d9cc3b86152bb84447f2c4f3ead72edd"
x-goog-generation: 1662378641062323
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 31593
x-goog-hash: crc32c=2IdMGw==, md5=2cw7hhUruERH8sTz6tcu3Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I4ojP2avuIJaYMipjpZALo97FxjFqejhiMN9EVeNCbGcQ6xgQUsYNCZGXon7h0wetKPNh5s89T3YimH5W16dc%2BMS6lXvs3iuaaVkBNcKC4hTXUKCr1qEtn0z00cp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86ae2a1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/R%C3%A9gis%20Laurencin.jpg
104.21.60.169200 OK 37 kB URL HTTP/2 cdnkey.net/upload/R%C3%A9gis%20Laurencin.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 297x300, components 3\012- data
Hash bdb898e634c09b5780ce35699139cbf4
fde6d594d1ea63e51a323b2e24e4a568220308dd
509599676e6812591ba1dfa66039d44520db43f495404415819947d40b5b7081
GET /upload/R%C3%A9gis%20Laurencin.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 37056
x-guploader-uploadid: ADPycdtazXbdmzd-cjDbwmXrv67Y7EXxKXZOI2DnNJ4G32BasShfKFB8J8fM3RiF0SaVOGedGvPbK0TwJrLnuCchW5Mo7klT0eJh
expires: Tue, 22 Nov 2022 10:58:28 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:40 GMT
etag: "bdb898e634c09b5780ce35699139cbf4"
x-goog-generation: 1662378639971154
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 37056
x-goog-hash: crc32c=GQMV+g==, md5=vbiY5jTAm1eAzjVpkTnL9A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMmDK9yzfm6srwSCc5el%2FvxFHOUrbrjFlLpjo63St00Y5m9j6ZD6bn%2F%2BCSAd%2BVg37Lz3rjJ%2B2JbtjJIMrgNvsWVl39t3BR%2F%2BDBx4%2BlhH33muQPd0Hpgs7DHeZJlI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86ae2b1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53415067dfacc117465635b58e940580
1444e70d56f13a2ec3ab4c54c3d0e3057a3a5e43
ca9d114d6843df06e6832be4c86d5dec95f1c685163a73d00279282eb06fecac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CA9D114D6843DF06E6832BE4C86D5DEC95F1C685163A73D00279282EB06FECAC"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9676
Expires: Tue, 22 Nov 2022 13:31:36 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
cdnkey.net/upload/hu.jpg
104.21.60.169200 OK 27 kB IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 9127e0230475268801040ce72ba6245c
c42bfd66c701225ba788bf96ab72822e381c9c89
d5b1138f638a041d31e26a44dfc74134f1a466fd5252c328ba504e52f54e6f2e
GET /upload/hu.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 27112
x-guploader-uploadid: ADPycdt8MFY-zDlqCWGjBedPfdEmYFBsk-GLJlEMAB3M2sNi4w1j9uio10GhpCg5cS0g8aTqQgRPmz90j1xESrvliTN6_Yf3mMva
expires: Tue, 22 Nov 2022 10:47:27 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:38 GMT
etag: "9127e0230475268801040ce72ba6245c"
x-goog-generation: 1662378638813534
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 27112
x-goog-hash: crc32c=i4EeUQ==, md5=kSfgIwR1JogBBAznK6YkXA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i0%2BdZ70Vz%2Fsvd17kvhPawV9Hz4z38eOJ4xBpSv7JUuHFvR%2FmJsrKPjdwjVDzKsJYOVKZu0D%2BogjgiFMjMoawVE9%2BWuVkqiC32asl5gF2%2F3pUK7clCDkqiGevujxs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86de461c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53415067dfacc117465635b58e940580
1444e70d56f13a2ec3ab4c54c3d0e3057a3a5e43
ca9d114d6843df06e6832be4c86d5dec95f1c685163a73d00279282eb06fecac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CA9D114D6843DF06E6832BE4C86D5DEC95F1C685163A73D00279282EB06FECAC"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9676
Expires: Tue, 22 Nov 2022 13:31:36 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
cdnkey.net/upload/Lisa%20Medina.jpg
104.21.60.169200 OK 36 kB URL HTTP/2 cdnkey.net/upload/Lisa%20Medina.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 4bd77e3ff3ee8b51b5629f1e8c1ff918
39f72588e628585e791661fa931d8b189af3cbf1
6d208d57ec5b3d4262efceeaf20f828d825d62b2a1fd10b8ab2302887432062d
GET /upload/Lisa%20Medina.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 35911
x-guploader-uploadid: ADPycdvl2KECsVdwiMoD0AtIE3Om0QZSxAlN_UpI-h7oXC7Y0yrgSd5sUrdllFGlFxABZDZOg-AlvhU-L24tEm7oozkqDIU8LTvu
expires: Tue, 22 Nov 2022 10:25:39 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:39 GMT
etag: "4bd77e3ff3ee8b51b5629f1e8c1ff918"
x-goog-generation: 1662378639908000
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35911
x-goog-hash: crc32c=f5osLQ==, md5=S9d+P/Pui1G1Yp8ejB/5GA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 592
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9ShsQMsgrrnWnZTWniagrxlB8DU3jneG5igaM0J97Akr9JAilea0m4g%2FQXoXDEjwL08tbwBkrHbHyJltYc4LN8LUtBfRjQvDgyDHqvHtNyPGXfXptPqguHjvU20"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86fe5d1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnkey.net/upload/Pierre%20Renaudin.jpg
104.21.60.169200 OK 22 kB URL HTTP/2 cdnkey.net/upload/Pierre%20Renaudin.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 8f63e05228dc94b4f5091a84c9b4168d
4b2d1fe92d6461bb7e39415cf3c8af4fa104791e
9fbff31d3ad789f22276cc030afe35e67e10928db0ff2f384fcedc30ab48ae21
GET /upload/Pierre%20Renaudin.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 21791
x-guploader-uploadid: ADPycdvZbYAyaU0QP3B5ibQ1V19jY_fkV01JrZ14oPNuH-yz31ztvnGyQKBf5n1D1QS7CZ_q88TWH5lwuvdCgfqrDcmmbTsv5bml
expires: Tue, 22 Nov 2022 10:01:21 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:39 GMT
etag: "8f63e05228dc94b4f5091a84c9b4168d"
x-goog-generation: 1662378639925450
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21791
x-goog-hash: crc32c=bXAAZg==, md5=j2PgUijclLT1CRqEybQWjQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 267
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o7rXxYhvyg3YEhRYs1z58pQ6jAxjbDG%2FymWav5jvkoaPBgxJ5eSIw%2BtyFuIF4%2FVHY0OMIHM%2FUBjj7tQ5dIyfz0S%2BxRIDoLqdzO1RDZgpjGDT1q9RfEY1j6nOTTfV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86ee561c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53415067dfacc117465635b58e940580
1444e70d56f13a2ec3ab4c54c3d0e3057a3a5e43
ca9d114d6843df06e6832be4c86d5dec95f1c685163a73d00279282eb06fecac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CA9D114D6843DF06E6832BE4C86D5DEC95F1C685163A73D00279282EB06FECAC"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9676
Expires: Tue, 22 Nov 2022 13:31:36 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53415067dfacc117465635b58e940580
1444e70d56f13a2ec3ab4c54c3d0e3057a3a5e43
ca9d114d6843df06e6832be4c86d5dec95f1c685163a73d00279282eb06fecac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CA9D114D6843DF06E6832BE4C86D5DEC95F1C685163A73D00279282EB06FECAC"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9676
Expires: Tue, 22 Nov 2022 13:31:36 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
cdnkey.net/upload/L%C3%A9a%20Fenet.jpg
104.21.60.169200 OK 38 kB URL HTTP/2 cdnkey.net/upload/L%C3%A9a%20Fenet.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 6a0ee2d82e9e2e4a63af4bd8ec9df5a5
414f34e24d67e585298128249813d2cb54e6ed5d
4da5f51a7c92309a3b29ebf422e5460dc307e5d75e2cf83b486d8703abb2b97a
GET /upload/L%C3%A9a%20Fenet.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 38178
x-guploader-uploadid: ADPycdu-TOMquUxM8Xr9a6kM_Nw2xW2v0ZMtU7g-Tl529PFV226_2d9meqEpuiWT2f46uCx21u_QzOeHu0LZGVlx8AEJvmBovCck
expires: Tue, 22 Nov 2022 09:48:56 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:38 GMT
etag: "6a0ee2d82e9e2e4a63af4bd8ec9df5a5"
x-goog-generation: 1662378638779924
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 38178
x-goog-hash: crc32c=qUuqiw==, md5=ag7i2C6eLkpjr0vY7J31pQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 592
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jx%2BPG7AUtsCp9H%2FoREMN%2FhWtmzYzCquThRx3aCsfMcoGXtqxKG0wqLu7VwsIu%2FLenU8sHk5qXP32J8asUiyyfhVjtLCUZ%2FYJwB%2FcLkVdQRz3JcetcbEhkDK9nsgM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a870e731c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP 142.250.74.168:0
File type ASCII text, with very long lines (19102)
Hash dd72980c7c7b67a806b3f5e034769dc2
7d19a40d7824585fc9fcf4a906f67358bb7cc8ff
25f694f7acca570b0736fc52da5a00f76e3372a25cae3e678be0e5cb9ae74d6c
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 10:50:20 GMT
expires: Tue, 22 Nov 2022 10:50:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75948
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdnkey.net/upload/Sarah%20Belli.jpg
104.21.60.169200 OK 16 kB URL HTTP/2 cdnkey.net/upload/Sarah%20Belli.jpg
IP 104.21.60.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash a0a0a8e5df2a3013b2a9c46045f4d1e5
5de61b171986a6739fc18ff2dbc159ef14b716ed
4f5fdc4238663f38e62a441654ba94baeb21a0f5145a2dadb4d89c80afe12732
GET /upload/Sarah%20Belli.jpg HTTP/1.1
Host: cdnkey.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 16424
x-guploader-uploadid: ADPycduPz-YAsOFiWEGKrYe6Wjz0crei4cAesqLCjMpwYMwgG9XW0pWGAp17VVlVZWy-W31em3tC1dkOrYpL_6KNwPNp3Zh2b7bT
expires: Tue, 22 Nov 2022 10:35:06 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Sep 2022 11:50:40 GMT
etag: "a0a0a8e5df2a3013b2a9c46045f4d1e5"
x-goog-generation: 1662378640959698
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 16424
x-goog-hash: crc32c=g7EkQA==, md5=oKCo5d8qMBOyqcRgRfTR5Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 592
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZFiIsUYxx1GdquOQiSGeJm166h3cnABXw1QQqYPlJ83OFKZ4CdQYRZtS01AnjNjIY%2F3NzFVw%2FbccIbXbt8pxRQoXujpX0rTh5XFg3Zr0Hq76xpg94ZZSS57y7Vt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a86fe661c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP 142.250.74.168:0
File type ASCII text, with very long lines (19102)
Hash 25c4b8c84b0c0a00e654747ccec7dd71
024b8f44af2a8bf63b09f1d16082b677eff66b27
f59b3367513959e47d629270b5f7742364a6cbc7ee849c72887d06e3df9846ec
GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 10:50:20 GMT
expires: Tue, 22 Nov 2022 10:50:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75966
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.69.181.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.69.181.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WLiJgLkwiUDI4rgcSttpsQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ae0pYk7JyzahYZyUXVTKANV+BAk=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 08fb143dfd9a3b59cfdc0248ad9f5482
bee979149e99e01b543881991a121a637e9ceb70
94ec72f114ab4f9b26c352e15f0920d2ab8bde8d72ac3fb95fe4a0627246a148
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 08fb143dfd9a3b59cfdc0248ad9f5482
bee979149e99e01b543881991a121a637e9ceb70
94ec72f114ab4f9b26c352e15f0920d2ab8bde8d72ac3fb95fe4a0627246a148
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b54269a4cdc82c5d8ea001c23f892ea2
c202c6bc43d920284c484ed39060098b61c35d4d
55874a28bbf1dfbb1b0767f35d64f08acac90399ab86802b570313180f85ec7d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "55874A28BBF1DFBB1B0767F35D64F08ACAC90399AB86802B570313180F85EC7D"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9752
Expires: Tue, 22 Nov 2022 13:32:52 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 80cd655b3a85a44b228c802ff1e5b824
cbafe7bf289cc02192ef0c496c428a84b6a7399f
ae7db2e9052aea03eb7f6d41fc8d6b9a8592c67755a9e794f68c2fff3c5255d2
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:20 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "8172F0350B678198AD39C2C74B6194F814547B9D"
Expires: Tue, 22 Nov 2022 22:00:00 GMT
Last-Modified: Tue, 22 Nov 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 552
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e11a87ccf9b515-OSL
cdnbun.com/upload/qatarenergy-right.png
172.67.159.172200 OK 1.1 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-right.png
IP 172.67.159.172:0
File type PNG image data, 24 x 362, 8-bit/color RGBA, non-interlaced\012- data
Hash bb161b460e433b26ffb68638ca0adb8d
416b047eda1160187e5e478bac2563db5d8ee0a9
3d407bed83e9df19e17dee2c4b803871da1f1022249dbcedc595ae5c6137decb
GET /upload/qatarenergy-right.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 1059
x-guploader-uploadid: ADPycdsawyFzgHTX5osDZxukr9WkDkGlQWaRFXF8hEMDeixWKtR6mCSBVa6PKefSLXRw0sXwkGV0m4tGSWyUtW2Hu91TnQ
expires: Tue, 22 Nov 2022 11:28:35 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:17 GMT
etag: "bb161b460e433b26ffb68638ca0adb8d"
x-goog-generation: 1667645537431350
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1059
x-goog-hash: crc32c=bdNcaA==, md5=uxYbRg5DOyb/toY4ygrbjQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ep42%2BHiCB7m5J9QdQT%2FgW%2F5xt5BfZtOjwwuJnOpp%2FfGlvqnTa14lucyI1t2H1bArKLmUom0GmwIsrolYGdo4IDdeVihW2L8RKrT3iipUPldk0bbOA92aaIhTFYR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87b9121c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/qatarenergy-m.png
172.67.159.172200 OK 14 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-m.png
IP 172.67.159.172:0
File type PNG image data, 176 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 3797dd4ea3025f87b73a2876ac7ad778
13ba1b2a4d0223dc04a1a59d0b2d454ea69547e9
92d612636101647fd54743897c4724ba6fde5076aa6b67be0d9b47803a3c6b0e
GET /upload/qatarenergy-m.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 13973
x-guploader-uploadid: ADPycdsPiZsIl0FRvcnnnbNm1jE0gVZYLKKqOYvm0VSSjQcRx9wnkaMMSsOQWsOt8YmDWpDohLv2KR-ty_bYLeGLKaxXBA
expires: Tue, 22 Nov 2022 11:25:27 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:16 GMT
etag: "3797dd4ea3025f87b73a2876ac7ad778"
x-goog-generation: 1667645536391169
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13973
x-goog-hash: crc32c=o3GEjA==, md5=N5fdTqMCX4e3Oih2rHrXeA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yATjKPv1FVfMOGKMWcblt%2BMLn8MVZ%2Fk3vu3cT26%2FoBuk2KnrBSKCCYHt0ySBximJ%2B1GkYA%2F1SVTU%2BYEUV5oaRx2RYMxpRmxOZUyoMYO8KMG7GpODZPiq4gKRpRj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87b90d1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/qatarenergy-box1.png
172.67.159.172200 OK 23 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-box1.png
IP 172.67.159.172:0
File type PNG image data, 300 x 214, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a74bfe3b667994d0c05f07aea26a710
5cce6645be280fe336833126c75ca173e2b60837
c22f97a87d9cb24b06ebcd7786f4a10ca9f80cd43568e6ec29e4cb66827ff6cc
GET /upload/qatarenergy-box1.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 22887
x-guploader-uploadid: ADPycdthy44q0s2SOe2MKxFw2OLQgp7oS3FXwJmLY-goalIc_Yivn0SYuNwCx1LOMwytbUqxkIDdp1j84M3vHdtDJXNx9A
expires: Tue, 22 Nov 2022 11:49:51 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:15 GMT
etag: "3a74bfe3b667994d0c05f07aea26a710"
x-goog-generation: 1667645535218858
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 22887
x-goog-hash: crc32c=y7jdCA==, md5=OnS/47ZnmU0MBfB66ianEA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R55xCYEW3plba5cfKLMwhGlXpLlE2e%2Fx42jXLdzABBYuemDt41gN33jZ4sxGzq4wgDdBv73uiz9L4sUh5UddQbuQq9tfW2V745pLMYsL6RLnLyYFBuEte4IliSzl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87c9181c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/qatarenergy-box3.png
172.67.159.172200 OK 31 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-box3.png
IP 172.67.159.172:0
File type PNG image data, 300 x 214, 8-bit/color RGBA, non-interlaced\012- data
Hash a2a1c83eb50bf6f35cd2aab05c5f25a8
ecaaa2f58c2b230a8a25216dfe7eb076a0e2fbc0
f99a12c4ed8458aa3e29395d549a5a4aecadfcfa765dde4192113aff961d7df1
GET /upload/qatarenergy-box3.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 30949
x-guploader-uploadid: ADPycdtMNvamHbLJ7yQRRO1_f-gR853fBP2ubbYQruxzR-Qhg4THMTiRyE7FtzXffcq4ljyWdkj5pabDWmzP5y4_8Aa6Ag
expires: Tue, 22 Nov 2022 11:48:02 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:15 GMT
etag: "a2a1c83eb50bf6f35cd2aab05c5f25a8"
x-goog-generation: 1667645535251004
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 30949
x-goog-hash: crc32c=uImQIQ==, md5=oqHIPrUL9vNc0qqwXF8lqA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgnnXVUvY67HUfeMR5mBbco%2FW0zeXmHo8MGZwJvwYARXpmwokuUm7MZaoxF%2F9Ds5eB%2Bc92u5GEmNMSAxj2sH5K%2Ftu%2FZ30e%2BBICC0qm6QbfMrHlqQEbNWMx6a0zaX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87b9151c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/qatarenergy-box2.png
172.67.159.172200 OK 7.4 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-box2.png
IP 172.67.159.172:0
File type PNG image data, 300 x 214, 8-bit/color RGBA, non-interlaced\012- data
Hash 352ff4eaa0bf44666cfd114362241a9c
1805c6fc51e0c9542c54cca2faaf7fd1ac8b198b
fc8d23f74557a0732d9e54221715625e3c6836a60bac2677662f41f303ed14d5
GET /upload/qatarenergy-box2.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 7399
x-guploader-uploadid: ADPycdt8tRd3RxHbQVsAQDOsmBR5d7TZMktnJ_1sFaz_Ir4DWK36H8acrtY8n3cA9q58O2PIJsGLzJH_OhhY4Pj8SYF4yQ
expires: Tue, 22 Nov 2022 11:49:52 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:15 GMT
etag: "352ff4eaa0bf44666cfd114362241a9c"
x-goog-generation: 1667645535101972
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7399
x-goog-hash: crc32c=iTjdDg==, md5=NS/06qC/RGZs/RFDYiQanA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JgzEks98nb6TeRk6kpnO%2ButizoVDZMLRXJQcdnkfUoYP377DQ%2FmOl4Hu4Ul7lhoDvYBENNt%2F7%2BcjwOnt87JUv9MVZ%2FDdxDMq3fBgEk%2Ff0sP08f77yEqLJV1eNp5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87c9191c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnbun.com/upload/qatarenergy-show.jpg
172.67.159.172200 OK 62 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-show.jpg
IP 172.67.159.172:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x310, components 3\012- data
Hash 404ce4d3d5bbac79548d3ef2ba5f3ea9
736dc2f950a64cb557399469a88b7ffaa2ff8e08
b12286611f01f45f43a4dd71e14cc29677e2fa435ce5bf58c84ed94f2bf11321
GET /upload/qatarenergy-show.jpg HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/jpeg
content-length: 61641
x-guploader-uploadid: ADPycdscanhhaYDp0sKVh9C8tBtZLfqbde8kfTyuPItlPxoU3DRbqvEih6tlT6HspvUn6_2g5b5ecs9u1Y0Lpaq0EzfmjQ
expires: Tue, 22 Nov 2022 11:28:35 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:17 GMT
etag: "404ce4d3d5bbac79548d3ef2ba5f3ea9"
x-goog-generation: 1667645537471393
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 61641
x-goog-hash: crc32c=NZxmaQ==, md5=QEzk09W7rHlUjT7yul8+qQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIc1ml%2F7HQExQ7qPc1vWYuY%2BoZmvF5ZHW9b8bdX4LwDzcHeudcUCMO03hxstwFF3TUBULk3UFDen8rfjPrDsANvKQ8HRkmTCtjmZ6Jzb7%2FoGo3ILHX2%2Fy2xa7wCa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87b9161c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/qatarenergy-left.png
172.67.159.172200 OK 1.1 kB URL HTTP/2 cdnbun.com/upload/qatarenergy-left.png
IP 172.67.159.172:0
File type PNG image data, 24 x 362, 8-bit/color RGBA, non-interlaced\012- data
Hash b06430398a4767c50b0cbe117c701157
f8312ecf47d0b42112be6086f537f853d5ee173b
f2a18c3b7d8a316c52eef518fafd4e1dd8b6f4f3518bcc1fba98f2fdc1544ff7
GET /upload/qatarenergy-left.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: image/png
content-length: 1059
x-guploader-uploadid: ADPycdvBk1CU56V_t4vRJCowEIZAoyRql7E5hlaoMxcad2Cxmtk5owAceCCo9Bx9fVKDjSjPjQmrFRhKfAjFNeEVOev94g
expires: Tue, 22 Nov 2022 10:51:34 GMT
cache-control: public, max-age=14400
last-modified: Sat, 05 Nov 2022 10:52:16 GMT
etag: "b06430398a4767c50b0cbe117c701157"
x-goog-generation: 1667645536329126
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1059
x-goog-hash: crc32c=67PNFQ==, md5=sGQwOYpHZ8ULDL4RfHARVw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7di%2FrtRFgytbWZVcb5SqEk63AzCs9hL%2BrwnIMayN8VUWm8%2BfvmzSNSarNjIAmAlfdVDTGbI7sc%2BW9X0AIDj8c1lleRborNaszOowpwoWkRHvx8mNd7sFZbxqZTE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a87b90f1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
142.250.74.161200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP 142.250.74.161:0
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:50:20 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
etag: "v630"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53415067dfacc117465635b58e940580
1444e70d56f13a2ec3ab4c54c3d0e3057a3a5e43
ca9d114d6843df06e6832be4c86d5dec95f1c685163a73d00279282eb06fecac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CA9D114D6843DF06E6832BE4C86D5DEC95F1C685163A73D00279282EB06FECAC"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9676
Expires: Tue, 22 Nov 2022 13:31:36 GMT
Date: Tue, 22 Nov 2022 10:50:20 GMT
Connection: keep-alive
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
142.250.74.161200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP 142.250.74.161:0
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:50:20 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
etag: "v632"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 08fb143dfd9a3b59cfdc0248ad9f5482
bee979149e99e01b543881991a121a637e9ceb70
94ec72f114ab4f9b26c352e15f0920d2ab8bde8d72ac3fb95fe4a0627246a148
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 10:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LW7434MYMN>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibfmuqs.cn
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ibfmuqs.cn
date: Tue, 22 Nov 2022 10:50:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0C230YDF7G>m=2oeb90&_p=1818467618&cid=911746831.1669114221&ul=en-us&sr=1280x1024&_s=1&sid=1669114220&sct=1&seg=0&dl=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663&dr=http%3A%2F%2Flifemidst.cn%2F&dt=&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibfmuqs.cn
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ibfmuqs.cn
date: Tue, 22 Nov 2022 10:50:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash dadc83965763f59a4bf14341a3a5835f
70e89d528c4603d18341774a7c1a926c4578bbdf
df69485ee4e03abfda770a7c0f038fc3c5b8464cd0be842348c69375e91db04a
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 26 Nov 2022 08:12:39 GMT
ETag: "70e89d528c4603d18341774a7c1a926c4578bbdf"
Last-Modified: Tue, 22 Nov 2022 08:12:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 483
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e11a8f4ebab515-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash dadc83965763f59a4bf14341a3a5835f
70e89d528c4603d18341774a7c1a926c4578bbdf
df69485ee4e03abfda770a7c0f038fc3c5b8464cd0be842348c69375e91db04a
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 10:50:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 26 Nov 2022 08:12:39 GMT
ETag: "70e89d528c4603d18341774a7c1a926c4578bbdf"
Last-Modified: Tue, 22 Nov 2022 08:12:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 483
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e11a8f5ed0b515-OSL
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
104.21.0.245200 OK 20 kB URL HTTP/2 cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP 104.21.0.245:0
File type ASCII text, with very long lines (48058), with CRLF line terminators
Hash 01740703ad432413d627ee95a29ce0fd
00eafa06423cbdfe0b4119b7451b524757ccf2a5
f3c59f2187c5949db93cc4b4595bd3a95e5a7085ba993d054085d952c3a78e66
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycds_5oPtcr3KFpC_u7Lnvdlqz8VeCGxAgHcXFP3zMljDMh6Q0ifyAwrLV7e0dbEbUBwQbF9kY0g0GrHWdqicRh8
expires: Tue, 22 Nov 2022 09:49:20 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3489
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vc1QiavEaf4wFWV%2BbNvoMZFZPmHjTK73LvaLuadfpoTW4olNitzm5SiGlVSJSIx0tB2ffDRb7bNSWZYhtIG%2B3Selc6aV%2BL0d7vVp4yNe7lelZq%2BLEZGFXrRtpeoLA0et%2B8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a84dfccb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5110
Expires: Tue, 22 Nov 2022 12:15:32 GMT
Date: Tue, 22 Nov 2022 10:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5110
Expires: Tue, 22 Nov 2022 12:15:32 GMT
Date: Tue, 22 Nov 2022 10:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5110
Expires: Tue, 22 Nov 2022 12:15:32 GMT
Date: Tue, 22 Nov 2022 10:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5110
Expires: Tue, 22 Nov 2022 12:15:32 GMT
Date: Tue, 22 Nov 2022 10:50:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8365a642-a490-4221-8f9f-867864b12d62.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8365a642-a490-4221-8f9f-867864b12d62.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 528d729159d8b08ed1fe05472dc65ce4
b7d570a7a095e127fd408b8272b93a52c5038b46
d6404764bcc3f2e7c4462b6b31fbc0e315c9cbf51b7424194c2bc6f4a21a33de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8365a642-a490-4221-8f9f-867864b12d62.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9862
x-amzn-requestid: 02281c2f-2a42-4891-97af-8d21a4cd0d2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrJEdYIAMFijQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee47-7c96415239d22bfc219f53f6;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nyT50MW4_CxOyrrPcWgPokRPAoPOH1M21Py4zB5DGlVuFRbk7sr0oQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:01:37 GMT
age: 46125
etag: "b7d570a7a095e127fd408b8272b93a52c5038b46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dafd9e17dc0023e71ae513c6025e4b80
12e2654db1f384bb04f5c5042848b25dda86b710
e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z_LKFsiB_s81UenxBOVg9_qX_7vBHUZix7XF8YguDCytRn5opLkLRA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:01:10 GMT
age: 46152
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: StZ9dxgY8W0WwUUqsxyeISFnbm_WGGcm_AMuo9dzfhF9Yp7wM0TMMg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 08:17:57 GMT
age: 9145
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4db9b106-0a0e-4fae-92b6-a8812d365210.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4db9b106-0a0e-4fae-92b6-a8812d365210.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ccd43a87165914b33d3d0abf4daac17
495bc194d9cf043cad38e9aab650a3e74a542c68
3e95928493b984c636a5fa77b22c29b3245ba4bba7d730a8545145b17a5986f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4db9b106-0a0e-4fae-92b6-a8812d365210.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8075
x-amzn-requestid: 5d8d5076-abee-484e-98e6-e2f8641133e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IqUGXnIAMF4gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee41-3c973b4d2d40cbaa2c5df221;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: T0RMlGqGin5SFk8QxAiY8UwJEGnkwtuJLKqnTMrx8h7qJbI5MeQ11g==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:48:15 GMT
age: 46927
etag: "495bc194d9cf043cad38e9aab650a3e74a542c68"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed6b76d15fc8d6295acdb6fb47461d3
b8c928f93a8d82b48491448d811a95ad99dc6aef
de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:02:46 GMT
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
content-type: image/jpeg
age: 46056
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 04:39:13 GMT
age: 22269
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 5fb5c55fe6cac83aa3bee5c5e20a0d20
bd744aed72923163a6cec2d2da6f338278cf09ff
bec2d5d64d16ef1c0a05bc53d8e6f89e51c9d6dd549e8dda358e50fc3dde6dd2
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11333
Content-Type: application/javascript
Date: Tue, 22 Nov 2022 10:50:22 GMT
Etag: 9a01fa7b7281465aebbd14948c9f129b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=2EB62FB43FDAF3ED; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?b521817f22507716e364b3fe28644f8b
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?b521817f22507716e364b3fe28644f8b
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (657)
Hash b0ec7e0b5da7f0e6dfb13af28a3ad348
058665da1fc11503edcac93a86b4213d71955318
9b5144685fec215f96377ea9892a362ce49b2c3d15c712b317e42c96228363a2
GET /hm.js?b521817f22507716e364b3fe28644f8b HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11370
Content-Type: application/javascript
Date: Tue, 22 Nov 2022 10:50:22 GMT
Etag: 88ba285079a933154ccf7d8117ca38f2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=6375B1434BE19080; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 828eca2e19c6ed431da2c178675cbbb4
b186da4b521c79d62aec436687415fcc6784f793
490fe82bbdf4013f5c9dab86a903fd7bfaebf479d929d16c5a90d16ffe8124f7
GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11342
Content-Type: application/javascript
Date: Tue, 22 Nov 2022 10:50:22 GMT
Etag: 9db23bb8a3cca68d8e30c8d51aea64ac
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=899FE61A6CA842F6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?0eb6b087e2d8a70137a275e27f22aaa3
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?0eb6b087e2d8a70137a275e27f22aaa3
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (671)
Hash 1ee62f265db8cc5a2f24a23fe62ccf0b
92b6b3fbbe250ca0a2238c29fb5f594380d76b37
66db02cdf37d80f935432b3a6685301b21f663febba080e9ebc2295093eee9ed
GET /hm.js?0eb6b087e2d8a70137a275e27f22aaa3 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11384
Content-Type: application/javascript
Date: Tue, 22 Nov 2022 10:50:22 GMT
Etag: 6ef72242848b43d11d7f1bb31f8f8251
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=9BFD92A9C2AD7D50; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=960989032&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=960989032&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=960989032&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 22 Nov 2022 10:50:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=BBF760D5FAD4078D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=906570633&si=b521817f22507716e364b3fe28644f8b&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=906570633&si=b521817f22507716e364b3fe28644f8b&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=906570633&si=b521817f22507716e364b3fe28644f8b&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 22 Nov 2022 10:50:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=394FD59717E0581A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=461985849&si=0eb6b087e2d8a70137a275e27f22aaa3&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=461985849&si=0eb6b087e2d8a70137a275e27f22aaa3&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=461985849&si=0eb6b087e2d8a70137a275e27f22aaa3&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 22 Nov 2022 10:50:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=476068C439A38D28; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=801936448&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=801936448&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=801936448&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flifemidst.cn%2F&v=1.2.97&lv=1&sn=3308&r=0&ww=1280&ct=!!&u=https%3A%2F%2Fibfmuqs.cn%2Fteetofw5%2Fqatarenergy-2022%2F%3F_t%3D1669114219663%231669114220992 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 22 Nov 2022 10:50:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=991D51EBAB70B907; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
bonepa.com/4fe48aebd6/4f59451604/?placementName=Pop&is_first=true&randomA=0_4178&maxw=0
185.66.201.42200 OK 3.0 kB URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Pop&is_first=true&randomA=0_4178&maxw=0
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16298), with no line terminators
Hash 8980d5bf3ba480e0f734393f7c7512fe
457a95e5236fd0ee47569708891c8b966f87bef9
ce5bf13ca0fc95b17e57237164e46d9b9ff16159d810d4adf76010e96957e3a6
GET /4fe48aebd6/4f59451604/?placementName=Pop&is_first=true&randomA=0_4178&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 10:50:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Wed, 23-Nov-2022 10:50:23 GMT; Max-Age=86400; secure; SameSite=None
used_ad2706762=1; expires=Wed, 23-Nov-2022 04:59:59 GMT; Max-Age=65376; path=/; secure; SameSite=None
total_impressions=1; expires=Wed, 23-Nov-2022 04:59:59 GMT; Max-Age=65376; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
ibfmuqs.cn/teetofw5/qatarenergy-2022/?_t=1669114219663
172.67.201.194200 OK 0 B URL HTTP/2 ibfmuqs.cn/teetofw5/qatarenergy-2022/?_t=1669114219663
IP 172.67.201.194:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /teetofw5/qatarenergy-2022/?_t=1669114219663 HTTP/1.1
Host: ibfmuqs.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lifemidst.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pType=mo; expires=Tue, 22-Nov-2022 11:02:19 GMT; Max-Age=720; path=/; domain=ibfmuqs.cn
qatarenergy-2022-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.ibfmuqs.cn
qatarenergy-2022-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.ibfmuqs.cn
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAkWYubAD6Mx1MRAzPYuA0XPMTMhxpoBX9PC%2Bndfovu%2BCagzwz%2BHQpc4d8mDFlb8X5HXOsOy4%2B%2Bd8yoPkvDHsSMs9ToE1ro6xu5ruXZsZ57H0tnrlU4ufORiZz6i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e11a82882ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP 104.21.0.245:0
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Tue, 22 Nov 2022 10:07:40 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3489
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o7c72LgcjD9btCyS76mOfr2MNV1Fv7yJLDZ9afJh0ow9T2m5R8t1bFe%2BBYEqoU5iCbh7dSRfEAVsKmgt7Tt4IKK6GS6kLO9bIaPdzQz5%2Fdo7eXgOxCZdASe5X8j6Mm%2BY5C8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a84af93b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP 104.21.0.245:0
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Tue, 22 Nov 2022 09:39:34 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3489
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fMqVeI8Nxt39eMbkcaQIyns1Nb1OwvvjkjB5w2sI4%2BFjBqd%2FgAhNFXvBuyLFYq9O2L2UdjVEHtgvnBt49Z4y4RrLpzJbx1gc4eOpjXBne3KK4PuN4P6XgdCi3BTBE8qTBiU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a84bf9bb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 104.21.0.245:0
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Tue, 22 Nov 2022 10:17:44 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3489
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Grq7v5edmg9x9PVhtcavhohhZYf%2F1emEKEgJOWxnDaKs5Ed3SgR2ppxwD7LHkDElMrMQNojJomKxDNhKqi4SZMJPEbA1oKBEjift1BUUFAkn88rSZADxMfFc719uoyRMUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a84cfc4b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bonepa.com/js/responsive.js
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/js/responsive.js
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 104.21.0.245:0
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/css
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Tue, 22 Nov 2022 10:14:20 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3489
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAA11p4QA%2BAvgjFlqTFGcW1fzC%2BHIzjcrRw6KEIp5W0Dw%2FaDlHyNJUmIeJWiq%2BSdQCf6w6VE3u1vlle4UlI9WMjAAxojtjw864%2FHDtG51EdKBu1piVt2AsUeXSM9%2FggAf5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e11a84af8ab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
Analyzer Verdict Alert quad9 Sinkholed
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: application/javascript
expires: Tue, 22 Nov 2022 10:50:20 GMT
last-modified: Tue, 22 Nov 2022 10:50:20 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166911422093430&xtt=8257464
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166911422093430&xtt=8257464
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
Analyzer Verdict Alert quad9 Sinkholed
GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166911422093430&xtt=8257464 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibfmuqs.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 10:50:20 GMT
content-type: text/html; charset=UTF-8
expires: Tue, 22 Nov 2022 10:50:20 GMT
last-modified: Tue, 22 Nov 2022 10:50:20 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2