Report - nils-holgerson.com/

Report Overview

Submitted URL
nils-holgerson.com/
IP
172.121.89.17
ASN
#18779 EGIHOSTING
Submitted
2023-01-07 02:04:42
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	14 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
dimg04.c-ctrip.com	139731	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	844 B	1.0 MB	104.110.17.24
99887aaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	808 B	1.1 MB	103.170.15.103
zhibo128x.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	768 B	508 kB	154.83.25.141
kzecc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802 B	1.0 MB	13.227.254.13
static.qwahk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	498 B	210.65.162.54
img.9367x.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	182 B	38.54.81.125
www.nils-holgerson.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	4.0 kB	172.121.89.17
zerossl.ocsp.sectigo.com	4049	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	1.2 kB	172.64.155.188
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	292 B	750 B	39.156.68.163
kvezz.com	237784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802 B	453 kB	13.227.254.5
dvcasha2.ocsp-certum.com	71753	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	1.9 kB	95.101.10.107
s2.loli.net	100401	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	374 kB	104.26.0.190
66669aaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	283 B	103.170.15.83
99885aaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	283 B	103.170.15.73
kvegg.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802 B	491 kB	172.83.155.45
ldbbs.ldmnq.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	436 B	1.1 MB	120.52.95.237
kzeoo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	751 B	172.83.155.45
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	718 B	3.8 kB	104.18.20.226
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	349 B	114 B	182.61.201.93
www.jxys16.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	42 kB	173.231.38.6
z4a.net	575468	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	1.9 MB	104.21.234.234
ocsp.digicert.cn	37572	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	1.1 kB	47.246.44.205
nils-holgerson.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	203 B	172.121.89.17
lbfm.lbpictupian.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	71 kB	104.22.12.214
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.218.168.248
img30.360buyimg.com	52988	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	450 B	172 kB	163.171.134.109
66668aaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	863 kB	103.170.15.98
img.9376x.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	182 B	38.54.81.125
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.4 kB	93.184.220.29
jx.tongdoumaoyi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	332 kB	20.239.85.25
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.7 kB	172.64.155.188
hlggimg.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	117 kB	172.247.80.59
xinchacha2dv.ocsp-certum.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	352 B	1.8 kB	95.101.10.107
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.6 kB	23.33.119.27
3p8801.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	345 B	107.148.202.17
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	25 kB	103.235.46.191
3366812ccc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	406 B	748 kB	103.170.15.87
image.tnmvgr.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	411 B	110 kB	47.246.44.206
ocsp.buypass.com	157566	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	11 kB	95.101.11.123
help.ifeng.com	550386	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	572 B	49.51.190.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-07 02:04:24	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-07	medium	66668aaa.com	Sinkholed
2023-01-07	medium	66668aaa.com	Sinkholed
2023-01-07	medium	66668aaa.com	Sinkholed
2023-01-07	medium	3366812ccc.com	Sinkholed
2023-01-07	medium	99887aaa.com	Sinkholed
2023-01-07	medium	99887aaa.com	Sinkholed
2023-01-07	medium	66669aaa.com	Sinkholed

JavaScript (16)

	URL	Size	First Seen	Last Seen
	jx.tongdoumaoyi.com/news/index.php	166 B	2023-03-07	2023-04-05
Pretty URL jx.tongdoumaoyi.com/news/index.php IP 20.239.85.25 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:15 Last Seen2023-04-05 02:05:15 Times Seen271 Hash 148c395b30fc62c19c4e96a387ce5080 aaad892b0553b427438079c39c45c04a4bd26683 3abae3dd940fa31948ccf4348d0b3dd0528808c33a99915e9ea06c6c9faf097c Loading...

	hm.baidu.com/hm.js?fec0eaa8fc52795617f18f518d42aaab	30 kB	2023-03-12	2023-03-12
Pretty URL hm.baidu.com/hm.js?fec0eaa8fc52795617f18f518d42aaab IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 16:29:13 Last Seen2023-03-12 16:29:13 Times Seen1 Hash 29cff5a0c17adb227ef2d85df6761d67 237fffc48e36782f9405ffe8da1ef471ff4e436d 58ce4cc762b7fa0e66c025b607e5ffdb81f63b5b0ad9aa6410d0905437765550 Loading...

	hm.baidu.com/hm.js?ac926d0332f02f4f5a734812940af824	30 kB	2023-03-12	2023-03-12
Pretty URL hm.baidu.com/hm.js?ac926d0332f02f4f5a734812940af824 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 16:29:13 Last Seen2023-03-12 16:29:13 Times Seen1 Hash 28dbed4b5a5037aa33b2a10417501f22 d5f39d1038d36c05fd4a6e14d532816be3ad2f9f b7e142465c4ad7371591c256148d9e81d19f841af2534327decf57f73a76bc18 Loading...

	jx.tongdoumaoyi.com/news/data.php	402 B	2023-03-12	2023-03-12
Pretty URL jx.tongdoumaoyi.com/news/data.php IP 20.239.85.25 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:41:19 Last Seen2023-03-12 21:24:47 Times Seen1 Hash d13c17abc0435469076ec2d90477024a 5c3bb2de3ce816862941060c2c265c28dcec636e 894fcde8a417a27b964e370d5c179ea4a041c3eb36104f5b00cd8ee98a6cc1bc Loading...

	www.nils-holgerson.com/index.php	404 B	2023-03-07	2024-04-26
Pretty URL www.nils-holgerson.com/index.php IP 172.121.89.17 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 13:23:16 Times Seen2980 Hash 91862680df880ab56f799547b01a5900 bd184fe6e0e046873c1a606c89ce2d3eed4b689f 6520359b93c2e43efd5a58f422af308b43c718769a0989344a10f00b345ca0b2 Loading...

	www.nils-holgerson.com/tj.js	520 B	2023-03-07	2023-03-17
Pretty URL www.nils-holgerson.com/tj.js IP 172.121.89.17 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:15 Last Seen2023-03-17 09:44:57 Times Seen1 Hash c641843bbee2dbe645c9de13d8f953ed 1a93b5d7b8540d5acbaae9c8bc00c16926a23588 4604c89ab81e21b0a8e7e762b60c0190dd44643056504ae5c28ebd2b4e739ed7 Loading...

	www.nils-holgerson.com/common.js	1.5 kB	2023-03-09	2023-10-19
Pretty URL www.nils-holgerson.com/common.js IP 172.121.89.17 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:31:50 Last Seen2023-10-19 01:51:07 Times Seen446 Hash 46b458a7218859f9e104d60dfaf1be1e b294e53b5af044e5b0b992c9baf639009d4b2ee7 52b19e0231b1983206d08645bc875476a80cfb274da47cfcd97fd082f8e51531 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-26
Pretty URL push.zhanzhang.baidu.com/push.js IP 39.156.68.163 ASN #9808 China Mobile Communications Group Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 16:09:47 Times Seen19027 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	www.jxys16.xyz/template/m1938pc/html9/ads/zxf.js	1.8 kB	2023-03-12	2023-03-13
Pretty URL www.jxys16.xyz/template/m1938pc/html9/ads/zxf.js IP 173.231.38.6 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:41:19 Last Seen2023-03-13 09:23:26 Times Seen1 Hash 32c5c7081f5d603306ecf34193c69791 0a4d3032ea7cebab8a273a0acd59111654979427 4b2e60905711944df5f69e1f618b5cb668752f6b30a5cd007bd08b9ab80ccb76 Loading...

	www.jxys16.xyz/	254 B	2023-03-07	2023-07-10
Pretty URL www.jxys16.xyz/ IP 173.231.38.6 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:15 Last Seen2023-07-10 02:29:30 Times Seen148 Hash 2b060c01c124335c89db809e88d801f5 4226dea14013c0d2b6a391cebcfafc02e00d9305 46b48e8582d3035db685d90fd6ef29a676ae4f59721521c4025568c81fc43621 Loading...

	hm.baidu.com/hm.js?2ac4a2d34c34a270e029b4996d351332	30 kB	2023-03-12	2023-03-12
Pretty URL hm.baidu.com/hm.js?2ac4a2d34c34a270e029b4996d351332 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 16:29:13 Last Seen2023-03-12 16:29:13 Times Seen1 Hash b712fd994cd0a547d7e2de03d158743c 6d00ccbd4faa5ac08fdb60088e7ad732056f3d2a a8a9e330c7f46e49f2abc6d958e3aac9da0b98a8f9ad575a1a6a79f89d4fefd3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - f73bd51eba81e92528a281ae99e2fa97	479 B	2023-03-09	2023-03-12
Pretty Observations First Seen2023-03-09 17:30:48 Last Seen2023-03-12 20:34:20 Times Seen1 Hash f73bd51eba81e92528a281ae99e2fa97 8304f2deb3dce67554a667b4c04c9b875c34fea8 8f1a9e1a9bd070cb6eb751be78deb00a9154004da24940a848c0ed4412650397 Loading...

		Size	First Seen	Last Seen
	#1 Write - b41c326655a1e61ea6f6dcc70f797eb7	201 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:06:53 Last Seen2024-04-25 20:37:27 Times Seen3762 Hash b41c326655a1e61ea6f6dcc70f797eb7 a416e2affbcd88fe88775b1dd7256dbb7b0e2b87 2d7d346bf62ff160f8d7d20318bedeb9dc7c79d0e2845f6061de5beabda471ca Loading...

	#2 Write - 3a726a17f9f965ca39da639d1e90016e	594 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 14:41:19 Last Seen2023-03-13 23:52:48 Times Seen1 Hash 3a726a17f9f965ca39da639d1e90016e 419b43e6322e0727f968d29117f2d7461f2a68eb 348b154387a2238ee93efc24c478313c47b24816f96c0f94da68406743ebd156 Loading...

	#3 Write - 8eeb3d92c61dde46fa7fa77b570e6023	580 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 14:41:19 Last Seen2023-03-13 09:23:26 Times Seen1 Hash 8eeb3d92c61dde46fa7fa77b570e6023 926b5ce45fb9b988a5243d868d2ee366a3d2004b a8e62d724092600f882c06fefa1aa63f21a151bb2468f312fdcdcf7ec913eaae Loading...

	#4 Write - 6c833aea460a6628e673a60336cd0164	460 B	2023-03-09	2023-03-12
Pretty Observations First Seen2023-03-09 17:30:48 Last Seen2023-03-12 20:34:20 Times Seen1 Hash 6c833aea460a6628e673a60336cd0164 caed6e0312e83971b87a443e0e4d918dcd1d9998 b70985132d97e609f025d7123c07444aadffd4e948399cc5206a275de9c6fd60 Loading...

HTTP Transactions (123)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18457
Expires: Sat, 07 Jan 2023 07:12:06 GMT
Date: Sat, 07 Jan 2023 02:04:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4bdd77c0369662aa71ce2d01fd3edab
0ab1c5857e200e7e7946424c2c844537bfbb9775
a163c19fcc8fcf985e8df6ad4bd7ce73912b3df892d8236c70f9bc80820b26da

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A163C19FCC8FCF985E8DF6AD4BD7CE73912B3DF892D8236C70F9BC80820B26DA"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12514
Expires: Sat, 07 Jan 2023 05:33:03 GMT
Date: Sat, 07 Jan 2023 02:04:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 07 Jan 2023 01:48:05 GMT
content-type: application/json
age: 984
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
600f7ba6e1a6fbbd176cd2df19b1e4d9
cdd72b25fd91ee980aba193b12e890096e4fe852
860214860947dfbe26099f018747154823b175fceb2821a390cc655da191a6d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "860214860947DFBE26099F018747154823B175FCEB2821A390CC655DA191A6D0"
Last-Modified: Thu, 05 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12428
Expires: Sat, 07 Jan 2023 05:31:37 GMT
Date: Sat, 07 Jan 2023 02:04:29 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: jTj49B2OxRJhh1gLR52sfSgVWv0mB/SWhQXvrXRY6WBoRzkfbM5W5EJ/2s7NI6guoRar8b8nj+E=
x-amz-request-id: 5JAVG7PNB06Y33AN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 07 Jan 2023 02:00:13 GMT
age: 256
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:29 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

nils-holgerson.com/

172.121.89.17

301 Moved Permanently

0 B

URL HTTP/1.1
nils-holgerson.com/
IP
172.121.89.17:0
ASN
#18779 EGIHOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: nils-holgerson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 07 Jan 2023 02:04:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.nils-holgerson.com/index.php

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 07 Jan 2023 01:33:39 GMT
age: 1850
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
43c8442b7447debab97b0f6bc973e23a
38a5f1869cff7f6ddbfd3a24e57a3da7851ba3b0
4eb7adc914570287dde1317395d1d95b07271c8fe20b97a8928025c292c47dba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1234
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 02:04:30 GMT
Etag: "63b7e4a8-1d7"
Last-Modified: Sat, 07 Jan 2023 01:43:56 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

www.nils-holgerson.com/index.php

172.121.89.17

200 OK

785 B

URL HTTP/1.1
www.nils-holgerson.com/index.php
IP
172.121.89.17:0
ASN
#18779 EGIHOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Size
785 B (785 bytes)
Hash
449979d226b4709e707902a1275adecd
bc5083da744f7892a81e1a630855e6250b5f3959
235f81865fe0e97383deb1b88df3ba218d51bfc6cedb0ecbf0ad24f7029f1c0c

HTTP Headers

GET /index.php HTTP/1.1
Host: www.nils-holgerson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 02:04:29 GMT
Content-Type: text/html
Content-Length: 785
Connection: keep-alive

www.nils-holgerson.com/tj.js

172.121.89.17

200 OK

520 B

URL HTTP/1.1
www.nils-holgerson.com/tj.js
IP
172.121.89.17:0
ASN
#18779 EGIHOSTING

File type
ASCII text, with CRLF line terminators
Size
520 B (520 bytes)
Hash
c641843bbee2dbe645c9de13d8f953ed
1a93b5d7b8540d5acbaae9c8bc00c16926a23588
4604c89ab81e21b0a8e7e762b60c0190dd44643056504ae5c28ebd2b4e739ed7

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.nils-holgerson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nils-holgerson.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 02:04:30 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive

push.services.mozilla.com/

34.218.168.248

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.218.168.248:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CV8tpkAk+GqS5va76FMhcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xtTCxLMuN0HChig38g66VveH8tU=

www.nils-holgerson.com/common.js

172.121.89.17

200 OK

753 B

URL HTTP/1.1
www.nils-holgerson.com/common.js
IP
172.121.89.17:0
ASN
#18779 EGIHOSTING

File type
HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Size
753 B (753 bytes)
Hash
422fd880589a7fc1a2f9b43c88c64fbe
cd02b22cba108051097edd967d9b4e937386a05f
51ceb85b881f6f3a9a9deea0265b4960a9fd3d7fe698b72c0329332dc91585b9

HTTP Headers

GET /common.js HTTP/1.1
Host: www.nils-holgerson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nils-holgerson.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 02:04:30 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
61adf6dce2ebec8ade148498f953d1f1
183934d791fde6d38b5b679e6f0b700dc0deacce
4ddb6f01741d4603fe6cd24fbfffe21a57d28ae46038418113c7f88502a10b81

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 11 Jan 2023 00:00:29 GMT
ETag: "183934d791fde6d38b5b679e6f0b700dc0deacce"
Last-Modified: Sat, 07 Jan 2023 00:00:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1819
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78591f85effab50c-OSL

www.nils-holgerson.com/favicon.ico

172.121.89.17

200 OK

1.2 kB

URL HTTP/1.1
www.nils-holgerson.com/favicon.ico
IP
172.121.89.17:0
ASN
#18779 EGIHOSTING

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.nils-holgerson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nils-holgerson.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 02:04:30 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Thu, 12 Jan 2023 02:04:30 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
ad58b588213fb95d9802fd918f9b212e
d11084bdc43199fdf79155677238351368581eb9
e3c48962c266832623e3f762427967a08c0774afc4d31779c2e520401b8a4d23

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:31 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 06:23:37 GMT
Expires: Thu, 12 Jan 2023 06:23:36 GMT
Etag: "d11084bdc43199fdf79155677238351368581eb9"
Cache-Control: max-age=446944,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591f8848320b61-OSL

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13818
Expires: Sat, 07 Jan 2023 05:54:49 GMT
Date: Sat, 07 Jan 2023 02:04:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13818
Expires: Sat, 07 Jan 2023 05:54:49 GMT
Date: Sat, 07 Jan 2023 02:04:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13818
Expires: Sat, 07 Jan 2023 05:54:49 GMT
Date: Sat, 07 Jan 2023 02:04:31 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528de87e-4c51-4e2a-90d5-fa6c5a52a300.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528de87e-4c51-4e2a-90d5-fa6c5a52a300.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10420 bytes)
Hash
c3735c87d612da35bd07f0397b95799a
47a017ef6a57d5ec43482308cda3e15f35bfacf6
e075dd0433540b3c35030bd9312273e1ed472ab1a25cfe2912086d35e6019a60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528de87e-4c51-4e2a-90d5-fa6c5a52a300.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10420
x-amzn-requestid: 3feb5ad5-2b7c-48b5-8a0d-f780c780a72e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eP6bPHGNoAMFQYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b63de1-3d6b89744fc025f2770caaf1;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 03:02:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HO5g694cJLUDm7L75ZDxrLYWowwIpwHYyXKEIN9PItTp0PR932AqmQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 04:28:00 GMT
age: 77791
etag: "47a017ef6a57d5ec43482308cda3e15f35bfacf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e9dc28-a1b8-4185-9eb1-6856bb670646.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10695 bytes)
Hash
3c0fd17757d97ed3b4570387623f465f
889b2e3d0db6f9bc03393ff59a5eb7bee816cac3
1035a9d3c973762adfc08529b59642c3839ef95a7e8cfcced63e61ec154ad092

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e9dc28-a1b8-4185-9eb1-6856bb670646.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10695
x-amzn-requestid: ae69c1c3-22f6-49de-91ec-8e7a854e4b27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGCNWFo5IAMFUKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b24a55-75032a3e7ab3eb897382cad4;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 03:07:01 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: kkpb41RwNIWi4GQrpRiCAGUGsFyv9v-lpjPdStHiI1KxfkRi4tFCOQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b2d3922a177f6cecf9222a78a0a1ad32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 21:59:50 GMT
age: 14681
etag: "889b2e3d0db6f9bc03393ff59a5eb7bee816cac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f422f55-b598-4b18-ad6c-d64bb470b0c5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7569 bytes)
Hash
df4dd5fc3111e49a998f6c1c8e8ef049
54c51c4566a514b9d8567a34e5b6f7dfd6614fa6
f05de119c3ddf9ad7bec9189889f9a8ddbd4aa764ce71d8ef8c839163faf5825

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f422f55-b598-4b18-ad6c-d64bb470b0c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7569
x-amzn-requestid: 45c4580d-6e09-4b37-991d-62a479e2f8df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eJ4DGExkIAMF_5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b3d3ad-69ed220f00ec899e1d7852aa;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 07:05:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VEt2UgPgvn8nnbu2YTvxxgpHFqhhuQny_CgH4x3FLZA2pmZVcYqqBQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 13:26:07 GMT
age: 45504
etag: "54c51c4566a514b9d8567a34e5b6f7dfd6614fa6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4459605-f609-4708-9d2f-a9847e75083d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9314 bytes)
Hash
5b9a1ed2794a7736b50852eb3686003c
86eca466bc7f92bf08faa14e0e81689014e956a8
5e5ebb24253d640719db3e8c27d4de71405173004e1be4df49af7c493fb504b8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4459605-f609-4708-9d2f-a9847e75083d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9314
x-amzn-requestid: d7733987-847e-446f-ab4e-8f4022e5ca2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eP6aOH9joAMFzeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b63dda-4b395435357054a273ce94e8;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 03:02:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rQQBSZ09w7R-z2Hq7swh5LQhpSsGpdnmLkTYPa3t_f2sHWgmkdO7Zg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 03:13:29 GMT
age: 82262
etag: "86eca466bc7f92bf08faa14e0e81689014e956a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5578 bytes)
Hash
e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: skIlgzeKmjJ2Wsx2QeubgMvO7chgpPNZYqW4E_xhRgkCtDEhAfBp4w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 07:33:22 GMT
age: 66669
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f88c409-63db-4390-90f5-6c6c8dd31b89.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7923 bytes)
Hash
6630160260bdfbe296d0fffb086f3677
a137158a0837301cd3676a9a13b65be7935b74fa
f0cc89839f0a24de53666338dad8ff0302a3edc014518b1e4c88e18cecb98180

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f88c409-63db-4390-90f5-6c6c8dd31b89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7923
x-amzn-requestid: c0b10d88-c03d-4229-b166-6df35e165165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eVxEpE9PIAMF8AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b89550-11af51761a44ec5049de843b;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 21:40:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 50E7goXB1DnB-t3U9LkBlN62AEmHM6PpM3UfTn9c-6qgC7AEYSGxEw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 21:48:13 GMT
age: 15378
etag: "a137158a0837301cd3676a9a13b65be7935b74fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?fec0eaa8fc52795617f18f518d42aaab

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?fec0eaa8fc52795617f18f518d42aaab
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (616)
Size
11 kB (11254 bytes)
Hash
31438974454acdbe045858769ff34177
8f6827a701f487aefeaf3080497e50df64dc5773
fdcd5bb6385f006c2200109cfc986212811fa7dde189edb37185798284d7cdad

HTTP Headers

GET /hm.js?fec0eaa8fc52795617f18f518d42aaab HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.nils-holgerson.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sat, 07 Jan 2023 02:04:31 GMT
Etag: aebd6a5380335e6db7184edb89334763
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=FABD6FAE444294D6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?ac926d0332f02f4f5a734812940af824

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?ac926d0332f02f4f5a734812940af824
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
e7bbd49f92ff4c15bf521b89ebc77dd2
45c17daa6946f60cfb287d7f5325ede1f5e80e87
f4b66b3e9aad44c76da124fba8af8ef085b0d5735fecf2622168ced43cf9183b

HTTP Headers

GET /hm.js?ac926d0332f02f4f5a734812940af824 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.nils-holgerson.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Sat, 07 Jan 2023 02:04:31 GMT
Etag: 3118a8098513db72fdf89bc59baa0a05
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=301D9FE06DA7CCE4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

push.zhanzhang.baidu.com/push.js

39.156.68.163

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
39.156.68.163:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nils-holgerson.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 07 Jan 2023 02:04:32 GMT
Etag: "4078521116"
Expires: Sun, 07 Jan 2024 02:04:32 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=32AB06711DB8903CF8CE811FD5085432:FG=1; max-age=31536000; expires=Sun, 07-Jan-24 02:04:32 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1114019929&si=fec0eaa8fc52795617f18f518d42aaab&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1114019929&si=fec0eaa8fc52795617f18f518d42aaab&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1114019929&si=fec0eaa8fc52795617f18f518d42aaab&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.nils-holgerson.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 07 Jan 2023 02:04:32 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=064B59F1BE7D1FB9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=216921961&si=ac926d0332f02f4f5a734812940af824&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=216921961&si=ac926d0332f02f4f5a734812940af824&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=216921961&si=ac926d0332f02f4f5a734812940af824&v=1.3.0&lv=1&sn=14046&r=0&ww=1280&u=http%3A%2F%2Fwww.nils-holgerson.com%2Findex.php&tt=%E4%B8%B9%E9%98%B3%E6%9D%80%E5%A7%A8%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.nils-holgerson.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 07 Jan 2023 02:04:32 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=3F6ADED8E8D03184; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc6c07ccc0820d7a8695f5e8fb9eba12
5aa83cbafad19e62402ad1221928a70a7097f85a
84f57c5beef3bd13a715a0e1d1bc674df241b276dcba64f960de08437823ffde

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "84F57C5BEEF3BD13A715A0E1D1BC674DF241B276DCBA64F960DE08437823FFDE"
Last-Modified: Fri, 06 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Sat, 07 Jan 2023 08:03:48 GMT
Date: Sat, 07 Jan 2023 02:04:33 GMT
Connection: keep-alive

api.share.baidu.com/s.gif?l=http://www.nils-holgerson.com/index.php

182.61.201.93

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.nils-holgerson.com/index.php
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.nils-holgerson.com/index.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nils-holgerson.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 07 Jan 2023 02:04:33 GMT

www.jxys16.xyz/template/m1938pc/html9/ads/1.gif

173.231.38.6

200 OK

254 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/html9/ads/1.gif
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type
GIF image data, version 89a, 16 x 17\012- data
Size
254 B (254 bytes)
Hash
b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

HTTP Headers

GET /template/m1938pc/html9/ads/1.gif HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: image/gif
content-length: 254
last-modified: Sat, 02 Apr 2022 12:20:12 GMT
etag: "62483f7c-fe"
expires: Mon, 06 Feb 2023 02:04:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jxys16.xyz/template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff

173.231.38.6

200 OK

13 kB

URL HTTP/2
www.jxys16.xyz/template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type
Web Open Font Format, TrueType, length 13408, version 1.0\012- data
Size
13 kB (13408 bytes)
Hash
99af6debcdaba3e7ffe01b4c3cbccacb
4efda64b06cd7c294f6214623bcb634f3def3bd1
1106aebd6819da7203324abc443186658c8f54180a460ccc5b83553c5ce34f72

HTTP Headers

GET /template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.jxys16.xyz/template/m1938pc/static/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: font/woff
content-length: 13408
last-modified: Fri, 14 Jan 2022 04:47:30 GMT
etag: "61e10062-3460"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jxys16.xyz/

173.231.38.6

200 OK

26 kB

URL HTTP/2
www.jxys16.xyz/
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (335), with CRLF, LF line terminators
Size
26 kB (25678 bytes)
Hash
8cbfd5a75d4aafc867488b55a83d01eb
d7dad06c5c8fdb5f0c10d1edd64bce0640b1f3d8
6032d74ca42af918280882443b7b91e6b4cb84c0d14b9f14a3462f38ff03d70f

HTTP Headers

GET / HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jx.tongdoumaoyi.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=884795871&si=2ac4a2d34c34a270e029b4996d351332&su=https%3A%2F%2Fjx.tongdoumaoyi.com%2F&v=1.3.0&lv=1&sn=14049&r=0&ww=1268&u=https%3A%2F%2Fwww.jxys16.xyz%2F&tt=%E8%81%9A%E9%91%AB%E5%BD%B1%E8%A7%86

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=884795871&si=2ac4a2d34c34a270e029b4996d351332&su=https%3A%2F%2Fjx.tongdoumaoyi.com%2F&v=1.3.0&lv=1&sn=14049&r=0&ww=1268&u=https%3A%2F%2Fwww.jxys16.xyz%2F&tt=%E8%81%9A%E9%91%AB%E5%BD%B1%E8%A7%86
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=884795871&si=2ac4a2d34c34a270e029b4996d351332&su=https%3A%2F%2Fjx.tongdoumaoyi.com%2F&v=1.3.0&lv=1&sn=14049&r=0&ww=1268&u=https%3A%2F%2Fwww.jxys16.xyz%2F&tt=%E8%81%9A%E9%91%AB%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 07 Jan 2023 02:04:35 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=22446E502BC9FA29; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5692997ebee318acc49233ac224a6b0c
cdeef9b8e764067b69cedb7cb4df17ff4ea8665c
5f7c1b34c314bd7bfa7a95422d6e196ad6c0a1da82b23413aa348647136c5c79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1793
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 02:04:36 GMT
Last-Modified: Sat, 07 Jan 2023 01:34:43 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5692997ebee318acc49233ac224a6b0c
cdeef9b8e764067b69cedb7cb4df17ff4ea8665c
5f7c1b34c314bd7bfa7a95422d6e196ad6c0a1da82b23413aa348647136c5c79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1793
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 02:04:36 GMT
Last-Modified: Sat, 07 Jan 2023 01:34:43 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5692997ebee318acc49233ac224a6b0c
cdeef9b8e764067b69cedb7cb4df17ff4ea8665c
5f7c1b34c314bd7bfa7a95422d6e196ad6c0a1da82b23413aa348647136c5c79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1793
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 02:04:36 GMT
Last-Modified: Sat, 07 Jan 2023 01:34:43 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

dimg04.c-ctrip.com/images/0105c12000ae3a0t3DD7A.gif?proc=autoorient

104.110.17.24

200 OK

489 kB

URL HTTP/2
dimg04.c-ctrip.com/images/0105c12000ae3a0t3DD7A.gif?proc=autoorient
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 960 x 80\012- data
Size
489 kB (488987 bytes)
Hash
6a7d54ecdc2d1cce357d304db217ccec
03a803d54b6a1dd16cba5d73bf4e732d8b7be263
7cd4479b97a015f11a04b2d7d94fbe78030a7e0e3de457bf72abdbf53235c7d8

HTTP Headers

GET /images/0105c12000ae3a0t3DD7A.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 488987
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=7720277
expires: Thu, 06 Apr 2023 10:35:53 GMT
date: Sat, 07 Jan 2023 02:04:36 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

dimg04.c-ctrip.com/images/0101k12000ae486x63B3D.gif?proc=autoorient

104.110.17.24

200 OK

529 kB

URL HTTP/2
dimg04.c-ctrip.com/images/0101k12000ae486x63B3D.gif?proc=autoorient
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 960 x 80\012- data
Size
529 kB (528634 bytes)
Hash
d51af10f1a8750247c1dc04aca2d8c30
f20abf7a2162ef5927858a0ee5ef0737e9bb6db3
eccf366128053f6427ec50c21f11c01579a07536cb9e86df7a13043946cbc37c

HTTP Headers

GET /images/0101k12000ae486x63B3D.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 528634
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=7731091
expires: Thu, 06 Apr 2023 13:36:07 GMT
date: Sat, 07 Jan 2023 02:04:36 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7776eb098c90b8f9ef02fb90fb99562
783c6138b5222617435173c8deed6603b6e2fda2
c5698bc921e1396a4137004ebb4bae909cd82da87dfe988919257d8865ff6b1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5698BC921E1396A4137004EBB4BAE909CD82DA87DFE988919257D8865FF6B1C"
Last-Modified: Fri, 06 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11761
Expires: Sat, 07 Jan 2023 05:20:37 GMT
Date: Sat, 07 Jan 2023 02:04:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7776eb098c90b8f9ef02fb90fb99562
783c6138b5222617435173c8deed6603b6e2fda2
c5698bc921e1396a4137004ebb4bae909cd82da87dfe988919257d8865ff6b1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5698BC921E1396A4137004EBB4BAE909CD82DA87DFE988919257D8865FF6B1C"
Last-Modified: Fri, 06 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11761
Expires: Sat, 07 Jan 2023 05:20:37 GMT
Date: Sat, 07 Jan 2023 02:04:36 GMT
Connection: keep-alive

z4a.net/images/2022/12/11/960x60.gif

104.21.234.234

200 OK

169 kB

URL HTTP/2
z4a.net/images/2022/12/11/960x60.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
169 kB (168777 bytes)
Hash
729a348b918f6435c5a38c8938a81587
f82b088813167cd5396bf74feedb4d8e35612dcf
cd580979947876de1d553e460e57bd4d7b432c682097f67c6249b667eb3c6726

HTTP Headers

GET /images/2022/12/11/960x60.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 168777
expires: Mon, 11 Dec 2023 13:56:31 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 2290085
last-modified: Sun, 11 Dec 2022 13:56:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8u%2FzdppzyiCz8OowLTi7234Fy6j%2BWQtO7Bo2aXjRwdAtTd0vocdED80E3gMy9M1KZqwztDT%2F7p1rR4eDr9UGlnooUnnDUN0QVY%2F81NstMc2SgH71xok8eRbU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa2a5371c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

z4a.net/images/2022/12/11/960x603d5ab8438267da4d.gif

104.21.234.234

200 OK

176 kB

URL HTTP/2
z4a.net/images/2022/12/11/960x603d5ab8438267da4d.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
176 kB (176400 bytes)
Hash
790f7ce169b014489226f2bc54fcebdb
8c728b76de39bd04e942af210a6742a2727eedd5
111153d903587269530c51cc32126f82d51a9461b42be47237db3f289f6483c6

HTTP Headers

GET /images/2022/12/11/960x603d5ab8438267da4d.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 176400
expires: Sat, 16 Dec 2023 08:45:29 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 1876747
last-modified: Fri, 16 Dec 2022 08:45:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAnerJUML691CyeyVCy4O8R4TTFlmokx%2BtVdUz%2BphHpt0ThnJFIFid8AxHf8vJzyCRQk7b5JcZ%2BgX4NJFNKatu0JhT%2FS9rnMrhhdkgGHjy3quL%2FrJOPc5uwk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa3a6b71c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

z4a.net/images/2022/12/11/960-60-0.gif

104.21.234.234

200 OK

198 kB

URL HTTP/2
z4a.net/images/2022/12/11/960-60-0.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
198 kB (198523 bytes)
Hash
785b488cd18db17252bbc6e2e90d15fb
733a0183c583aaac34ffd5b1019d4a6ca25434c6
01982c41cd3165a9490c613aee197531461568a26d6691509076dfcb7c5438a4

HTTP Headers

GET /images/2022/12/11/960-60-0.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 198523
expires: Mon, 11 Dec 2023 13:56:41 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 2290075
last-modified: Sun, 11 Dec 2022 13:56:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awP5HHc84gNoHSz%2Bpn%2F4Wm2KQC%2FSREp8xq%2BP7EKE61%2Fzs547C6hTX5DhVA2JqO4xMUlCIUw7l4FtITHsrzZdhbYOL6V20YlIdXCJsSGjM99Ga0jfwxMLODj5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa4a7871c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

z4a.net/images/2022/12/10/960x60.gif

104.21.234.234

200 OK

245 kB

URL HTTP/2
z4a.net/images/2022/12/10/960x60.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
245 kB (245207 bytes)
Hash
0b25bc78e72da9cce4df6f8b35a75247
26e8c59347f9489d5922e92660d3fc2d44c44cbb
8ff60c94afa37237e7746c8095addb9476b20739a25163536a2cd89217089a88

HTTP Headers

GET /images/2022/12/10/960x60.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 245207
expires: Mon, 11 Dec 2023 14:52:57 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 2286699
last-modified: Sun, 11 Dec 2022 14:52:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=taLkdkJZp4TeBHi8sVDoKpwI8TBI974nxe8p2mElGpmoxDplawvhFCSE041QZ4UJYrUuD%2FPQ%2FCrRQfDtYLoEBHscQV5yVS95JR0fIQyH%2BznMABa0Tf%2F8wFxn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa3a6571c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

z4a.net/images/2022/12/21/960x60d39aac802c494f86.gif

104.21.234.234

200 OK

528 kB

URL HTTP/2
z4a.net/images/2022/12/21/960x60d39aac802c494f86.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
528 kB (527657 bytes)
Hash
bc9315952b1de102c2097670f688e43d
2412c6e3aee17d6a271b6f69358ac96dec2afa24
b20477516ad5a2c0daef1e9f3037e32278a3740ca88be3614c1540b90675f396

HTTP Headers

GET /images/2022/12/21/960x60d39aac802c494f86.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 527657
expires: Thu, 21 Dec 2023 12:42:01 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 1430555
last-modified: Wed, 21 Dec 2022 12:42:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uhhEoMbMhx1aNyqX42CXiTDf4viHll9PlIsnz9yqGjPpem%2B8SaBeciJaXF%2FqEYYccQXokY7TLglv4O9ySgIYyhYvdiFBYtWS6b3f8vhJ1Sc%2FnNfpi45QAn5A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa3a6871c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

z4a.net/images/2022/11/20/960x60.gif

104.21.234.234

200 OK

578 kB

URL HTTP/2
z4a.net/images/2022/11/20/960x60.gif
IP
104.21.234.234:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
578 kB (577945 bytes)
Hash
6ae710163cd11c12a73a693024c46410
43041b87b2040371a052bf1f83d401c263a32178
42da405262416c9fbaa04b2718406d4ea93501bfb99774fae4956b6eab7c1831

HTTP Headers

GET /images/2022/11/20/960x60.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:36 GMT
content-type: image/gif
content-length: 577945
expires: Wed, 06 Dec 2023 00:21:24 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 2770992
last-modified: Tue, 06 Dec 2022 00:21:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6kUOX%2FBw2CgmrXJ%2BDdDjp%2B2dZ75tvYmJQ%2BKKokG51OG13BV0MPmDbv5phGC0QAYE4yUOKmt0mqbaV4DMgmBgou9w9VCWuV69z6RK6qCeYuYLH5%2BLJ5C4fxR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78591faa2a5b71c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
8cbeaf04b3548e6b95f7db687eb42b6c
df1bd5aa35af201891a66f899632cb09f69c15aa
f9a1772e4dcc84234545c526d68b9443074d2a3973e8b3ef142be4cda7118b7f

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 11 Jan 2023 00:03:18 GMT
ETag: "df1bd5aa35af201891a66f899632cb09f69c15aa"
Last-Modified: Sat, 07 Jan 2023 00:03:19 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78591fab2921b50c-OSL

img30.360buyimg.com/popXue/jfs/t1/212400/31/24084/171392/63aee9deFde497aa2/6bf6885541a9416c.gif

163.171.134.109

200 OK

171 kB

URL HTTP/2
img30.360buyimg.com/popXue/jfs/t1/212400/31/24084/171392/63aee9deFde497aa2/6bf6885541a9416c.gif
IP
163.171.134.109:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 960 x 100\012- data
Size
171 kB (171392 bytes)
Hash
a13e5953b9b9868e6d79e79de68f86ae
7ce4811b6358d541d17d91521fbf2d18ce889e39
f2cce13596aab83e51968ad821abe6bf86704a9ed4bfe0d2a594f23b47cfb592

HTTP Headers

GET /popXue/jfs/t1/212400/31/24084/171392/63aee9deFde497aa2/6bf6885541a9416c.gif HTTP/1.1
Host: img30.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 171392
expires: Wed, 28 Jun 2023 13:59:02 GMT
server: nginx
cache-control: max-age=15552000
last-modified: Fri, 30 Dec 2022 13:38:38 GMT
via: http/1.1 ORI-CLOUD-ZJ-MIX-193 (jcs [cHs f ]), http/1.1 JN-UNI-2-MIX-14 (jcs [cMsSfW])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1672407518600-0-0-1-10-10;200;200-1672407553481-0-0-0-10-10;200-1672407553489-0-0-0-22-22
age: 648335
x-via: 1.1 PSdgflkfFRA1ox201:3 (Cdn Cache Server V2.0), 1.1 PS-ARN-01C8L93:5 (Cdn Cache Server V2.0)
x-ws-request-id: 63b8d335_PSrdsdgemSTO1sw92_5006-57992
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e9cca88f6651cb4cae732b319a6c81e
9f116f3f8ca5d7eee69812cafb013619338e6e6f
402dde83ad219fd0c4fd43a9044d3155ce5561aa9a2ccd33f29f5aca659d1dcc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402DDE83AD219FD0C4FD43A9044D3155CE5561AA9A2CCD33F29F5ACA659D1DCC"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20531
Expires: Sat, 07 Jan 2023 07:46:48 GMT
Date: Sat, 07 Jan 2023 02:04:37 GMT
Connection: keep-alive

66668aaa.com/137dd6d87688482eb020c1c774325059.185.gif

103.170.15.98

200 OK

149 kB

URL HTTP/1.1
66668aaa.com/137dd6d87688482eb020c1c774325059.185.gif
IP
103.170.15.98:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 320 x 185\012- data
Size
149 kB (149081 bytes)
Hash
ca110f84ebcc10dd498b26dc6c90087b
cfaf975d43693cfc7c2e05305068b0d933748d98
04dff307dc6fdc4da149bad386613e102c1f0e6d2b26974c5666505c7d97ef2e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /137dd6d87688482eb020c1c774325059.185.gif HTTP/1.1
Host: 66668aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "62f2795c-24659"
Date: Fri, 06 Jan 2023 14:18:44 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Tue, 09 Aug 2022 15:12:28 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-28
Content-Length: 149081

66668aaa.com/03f4c91859e345fd8955d5640194ce6e.gif

103.170.15.98

200 OK

161 kB

URL HTTP/1.1
66668aaa.com/03f4c91859e345fd8955d5640194ce6e.gif
IP
103.170.15.98:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 320 x 185\012- data
Size
161 kB (160599 bytes)
Hash
1e6146135f463f9dd5a91b6ec27e6dc6
b4871d778c720ce51a7c0e9fef07230b6ac0935a
ee63a02abc03ac35bb66a8010518568351f9215b346ffdc244f6b8926ff08519

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /03f4c91859e345fd8955d5640194ce6e.gif HTTP/1.1
Host: 66668aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63427f5e-27357"
Date: Thu, 05 Jan 2023 07:08:55 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sun, 09 Oct 2022 07:59:26 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-28
Content-Length: 160599

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2ff8ac149a804642ea87d6dbe3e9a49d
7a7641109fed5a58235daa427145a3beaa19a2f1
96be42ab07cd681531d95c2649766a383c81f15bc9b6882f30cb6631d7a5e2de

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96BE42AB07CD681531D95C2649766A383C81F15BC9B6882F30CB6631D7A5E2DE"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9989
Expires: Sat, 07 Jan 2023 04:51:06 GMT
Date: Sat, 07 Jan 2023 02:04:37 GMT
Connection: keep-alive

jx.tongdoumaoyi.com/news/index.php

20.239.85.25

200 OK

331 kB

URL HTTP/2
jx.tongdoumaoyi.com/news/index.php
IP
20.239.85.25:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
data
Size
331 kB (331375 bytes)
Hash
c28d0c0d4d474c1037dc53febcc18ed8
7cf074a641525bb97dc656ca3f3df679269a6d30
6e1ed708a33759f15f6a4a931172047d3db998f596383fa8703cf0cbd31d8515

HTTP Headers

GET /news/index.php HTTP/1.1
Host: jx.tongdoumaoyi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.nils-holgerson.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.21.6
date: Sat, 07 Jan 2023 02:04:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
x-country: NO
x-cache: HIT@whalem3g7000001
X-Firefox-Spdy: h2

66668aaa.com/73f23e1f7ead40baa32cf579a4bb735b.gif

103.170.15.98

200 OK

553 kB

URL HTTP/1.1
66668aaa.com/73f23e1f7ead40baa32cf579a4bb735b.gif
IP
103.170.15.98:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 960 x 60\012- data
Size
553 kB (552818 bytes)
Hash
097e6fa9314192dc3dd55cb1c5023ee5
c30366c4c910616f1a3c1b773ffb4af967e20eb5
db020d7293807326453f5848c0bf219e2b835f2530468a9d816a3c1c7941023a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /73f23e1f7ead40baa32cf579a4bb735b.gif HTTP/1.1
Host: 66668aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "62f27ac4-86f72"
Date: Thu, 05 Jan 2023 07:08:53 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Tue, 09 Aug 2022 15:18:28 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-28
Content-Length: 552818

kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

13.227.254.5

200 OK

400 kB

URL HTTP/2
kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP
13.227.254.5:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 960 x 60\012- data
Size
400 kB (400264 bytes)
Hash
b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1

HTTP Headers

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 400264
last-modified: Mon, 19 Dec 2022 07:47:20 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 06 Jan 2023 08:44:01 GMT
etag: "b722c3905b96f11823e04826aafdd50e"
x-cache: Hit from cloudfront
via: 1.1 0fa3b62de49c01129844acc24e390b56.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: 8IX9CfHqe6F50gr7rhkGWIkkjcb67hOsq4sKAsr7XWmw1-1XgTabdg==
age: 78052
X-Firefox-Spdy: h2

3366812ccc.com/31bae057f32c4263a5459428dcd9c2c0.gif

103.170.15.87

200 OK

748 kB

URL HTTP/1.1
3366812ccc.com/31bae057f32c4263a5459428dcd9c2c0.gif
IP
103.170.15.87:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 960 x 80\012- data
Size
748 kB (747714 bytes)
Hash
190c632a93b23820398e76a78dccf39b
f156cddcc3d508f21aabaa1c08391a976f84e172
602526a271c67646875cf62980d7c3c4a16360b747ebc2810908ca274a8ca1ad

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /31bae057f32c4263a5459428dcd9c2c0.gif HTTP/1.1
Host: 3366812ccc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63b288d0-b68c2"
Date: Mon, 02 Jan 2023 12:28:17 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 02 Jan 2023 07:33:36 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-17
Content-Length: 747714

kvezz.com/e953bbb6e97dc9683489c4b681b2deb0.gif

13.227.254.5

200 OK

52 kB

URL HTTP/2
kvezz.com/e953bbb6e97dc9683489c4b681b2deb0.gif
IP
13.227.254.5:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 300 x 150\012- data
Size
52 kB (51573 bytes)
Hash
15f013bc483418e6e94193fc49f169fc
c2a73adaf83f727a937dd73a986da8f5be0cb934
50e6a3bfefa0c78e03803c5093ce18527edbd6463ded9b4f704aead1ed627454

HTTP Headers

GET /e953bbb6e97dc9683489c4b681b2deb0.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 51573
last-modified: Mon, 19 Dec 2022 08:24:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 06 Jan 2023 02:50:17 GMT
etag: "15f013bc483418e6e94193fc49f169fc"
x-cache: Hit from cloudfront
via: 1.1 0fa3b62de49c01129844acc24e390b56.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: 41IZi7CntFJNAZ1Sp2DS-kzJweSZXSnq36tXkG2ezQPfjkjcZuiTaQ==
age: 83661
X-Firefox-Spdy: h2

99887aaa.com/161f65b0d6174a0a94c6ba6b2e9c589b.gif

103.170.15.103

200 OK

1.1 MB

URL HTTP/1.1
99887aaa.com/161f65b0d6174a0a94c6ba6b2e9c589b.gif
IP
103.170.15.103:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 980 x 80\012- data
Size
1.1 MB (1066629 bytes)
Hash
709be30700e74aafa715f685cba66b67
1d0ee25014c3d61849625bfc386d6ec370181a7d
93f61a1a835dd1c3203ac05d024fc907d5bd541d3f458d014ced06fafce93e53

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /161f65b0d6174a0a94c6ba6b2e9c589b.gif HTTP/1.1
Host: 99887aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a43809-104685"
Date: Sat, 31 Dec 2022 15:15:23 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 22 Dec 2022 10:57:13 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-33
Content-Length: 1066629

kvegg.com/67a0474849f4ee10ccbe3b0d2cebf337.gif

172.83.155.45

200 OK

250 kB

URL HTTP/2
kvegg.com/67a0474849f4ee10ccbe3b0d2cebf337.gif
IP
172.83.155.45:0
ASN
#201106 Spartan Host Ltd

File type
GIF image data, version 89a, 960 x 60\012- data
Size
250 kB (250112 bytes)
Hash
70726a2c83ff355a82c1438f1f8cd31d
f3f76125f9ba333f1a2f30b633a99baa8df781bd
a2553ce629178b3a4850cd032075da81a2e01313d524caeba5d57c9613f7afff

HTTP Headers

GET /67a0474849f4ee10ccbe3b0d2cebf337.gif HTTP/1.1
Host: kvegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 250112
last-modified: Sun, 18 Dec 2022 07:33:19 GMT
etag: "639ec23f-3d100"
expires: Sat, 07 Jan 2023 14:04:37 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 43545
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ate7nT8CtBd9W30m57gY4%2F%2FFqffLWzf7LsHYD4fRVGX99AJZ0U1hcKiiVhDhdg%2BCoMKjloAYPB3j2oPMGAZiluys3H9cv5EMvVzCfuRpsjGD%2FxOxQ%2B0CUOoNtP4E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 77f48617fb5e8444-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

kvegg.com/32a5b957e230ebec42250e5a4a1cedde.gif

172.83.155.45

200 OK

239 kB

URL HTTP/2
kvegg.com/32a5b957e230ebec42250e5a4a1cedde.gif
IP
172.83.155.45:0
ASN
#201106 Spartan Host Ltd

File type
GIF image data, version 89a, 374 x 126\012- data
Size
239 kB (239313 bytes)
Hash
426267138e320e27a4b0cffc72c52b8f
88180e2539bae08f81a3bd95a67e21bb4b0f1b01
f2221414922c9bcc08485aba237fb88b36151583a6953d5a39483f208637b1a2

HTTP Headers

GET /32a5b957e230ebec42250e5a4a1cedde.gif HTTP/1.1
Host: kvegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 239313
last-modified: Sun, 18 Dec 2022 07:33:00 GMT
etag: "639ec22c-3a6d1"
expires: Sat, 07 Jan 2023 14:04:37 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 167632
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPRsTSKTr9zsuk1yLwpjlNUXdONhaOiPL4zhgoxAPOVJQGM7YFs3yqPvjSAhUfiS4CgoSYEvg2Mpx4MnJhgmN6t4vyRenhoaxMPhY5fO5krV3T7ojH1h2gR0eENS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7815ed606ef261e9-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

image.tnmvgr.cn/oms.1511122.com/1672811127181-960x60.gif

47.246.44.206

200 OK

109 kB

URL HTTP/1.1
image.tnmvgr.cn/oms.1511122.com/1672811127181-960x60.gif
IP
47.246.44.206:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
GIF image data, version 89a, 960 x 60\012- data
Size
109 kB (109246 bytes)
Hash
e573c37ce1ba8b57e8dfb8fcd43368c9
f5da3a1479bfd18c820893899b5b478df5d02d3c
d9f97dfc186d336e8a5da72bffc7b70378bf87f68de9af20d59a8b88ff271d53

HTTP Headers

GET /oms.1511122.com/1672811127181-960x60.gif HTTP/1.1
Host: image.tnmvgr.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/gif
Content-Length: 109246
Connection: keep-alive
Date: Sat, 07 Jan 2023 01:10:35 GMT
x-oss-request-id: 63B8C68B5E8AFF32351119C9
Vary: Origin
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "E573C37CE1BA8B57E8DFB8FCD43368C9"
Last-Modified: Wed, 04 Jan 2023 05:45:27 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5454499210466108819
x-oss-storage-class: Standard
Content-MD5: 5XPDfOG6i1fo37j81DNoyQ==
x-oss-server-time: 5
Ali-Swift-Global-Savetime: 1673053835
Via: cache4.l2de2[0,0,304-0,H], cache2.l2de2[0,0], cache5.se1[0,0,200-0,H], cache1.se1[2,0]
Age: 3242
X-Cache: HIT TCP_MEM_HIT dirn:11:240111674
X-Swift-SaveTime: Sat, 07 Jan 2023 02:01:13 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9516730570778486911e

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dcea7363308d77e9429fc5365754d11e
af0727048f91568bddb62f1fe213141bc2ca0389
9c419fffbf1e0fcc5cf6d26a2a8250f34bafad0da8c03f2699f73c30e7f0193b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C419FFFBF1E0FCC5CF6D26A2A8250F34BAFAD0DA8C03F2699F73C30E7F0193B"
Last-Modified: Fri, 06 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Sat, 07 Jan 2023 08:04:31 GMT
Date: Sat, 07 Jan 2023 02:04:37 GMT
Connection: keep-alive

zhibo128x.xyz/128/318X216.gif

154.83.25.141

200 OK

90 kB

URL HTTP/1.1
zhibo128x.xyz/128/318X216.gif
IP
154.83.25.141:0
ASN
#62587 ANT-CLOUD

File type
GIF image data, version 89a, 318 x 216\012- data
Size
90 kB (89870 bytes)
Hash
fcfb39891df6c04744982e2f8c67f6b7
7a667d860bab955b1e95bce9a455cc5555783076
534db09ef852e7d2de2fe879e2ea4447b28ae30d9093e3854da39ee604db801d

HTTP Headers

GET /128/318X216.gif HTTP/1.1
Host: zhibo128x.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 07 Jan 2023 02:02:44 GMT
Content-Type: image/gif
Content-Length: 89870
Connection: keep-alive
Last-Modified: Sun, 04 Sep 2022 08:04:23 GMT
ETag: "63145c07-15f0e"
Expires: Sat, 31 Dec 2022 05:06:28 GMT
Cache-Control: max-age=2592000
Via: 154.83.25.138
CDN-Cache: HIT
Accept-Ranges: bytes

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
72450c2e5c85904be505a506ca1ab941
aa21c453d1f16e8cbcf0c92b9b10559894778f3e
c549f3743302d8abdd7ac271f8280085facb7673f78493687b3f5436981b36d3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 11:43:07 GMT
Expires: Thu, 12 Jan 2023 11:43:06 GMT
Etag: "aa21c453d1f16e8cbcf0c92b9b10559894778f3e"
Cache-Control: max-age=466108,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb13da7b503-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
bc101dbc6b6119ab0d65be29096efaaf
76510e86f1c30ed52ab05f2ec5dcd2dfa84a87a0
59ce7c6d8d657d16a747cd9aa878b6bbb2c0e40b8633157d8231a912b0b8bba9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 05:34:44 GMT
Expires: Thu, 12 Jan 2023 05:34:43 GMT
Etag: "76510e86f1c30ed52ab05f2ec5dcd2dfa84a87a0"
Cache-Control: max-age=444005,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb14ad7fac0-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
72450c2e5c85904be505a506ca1ab941
aa21c453d1f16e8cbcf0c92b9b10559894778f3e
c549f3743302d8abdd7ac271f8280085facb7673f78493687b3f5436981b36d3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 11:43:07 GMT
Expires: Thu, 12 Jan 2023 11:43:06 GMT
Etag: "aa21c453d1f16e8cbcf0c92b9b10559894778f3e"
Cache-Control: max-age=466108,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb14e2cb52d-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c4c81e1bd346e6eb10182ad4c122a3a0
cbfe887d5e4d738fcdf8f7e34d820963655011c0
66f69e246cf786e13633bc4dcdbba03b6d569af37757c3b915fbceba64bd2434

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 16:50:04 GMT
Expires: Thu, 12 Jan 2023 16:50:03 GMT
Etag: "cbfe887d5e4d738fcdf8f7e34d820963655011c0"
Cache-Control: max-age=484525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb14d5cb505-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d3f45ddaeaa2c1044d7b3582e1d11a64
85d43335dcc50cf8fc409230c61c5c8ca39239d9
5d9a421bde9c9a38fd258830a2934b9e1d25b24672ad0529ae3e3e01d63aed76

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 09:14:26 GMT
Expires: Thu, 12 Jan 2023 09:14:25 GMT
Etag: "85d43335dcc50cf8fc409230c61c5c8ca39239d9"
Cache-Control: max-age=457187,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb14dccb518-OSL

kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif

13.227.254.13

200 OK

864 kB

URL HTTP/2
kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif
IP
13.227.254.13:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 960 x 60\012- data
Size
864 kB (864004 bytes)
Hash
d2c820747a9b9b8c3abaab0775436ab7
99651afd10bd3874fb84d7973845482cd2c81f23
8aa3c7b05ba9bb5176a7155ead2a0ea562b07fb0dd7b27a9cf91c38e95ed43ed

HTTP Headers

GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 864004
last-modified: Mon, 19 Dec 2022 09:06:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 06 Jan 2023 15:30:44 GMT
etag: "d2c820747a9b9b8c3abaab0775436ab7"
x-cache: Hit from cloudfront
via: 1.1 66d851b48249ff71df5688c84f41fec8.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: moNXGC4je5YVbDQzexZOah_aJ_5QglXMrPyzFVXuNcW133Jsy5_sNw==
age: 70923
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c3f39302b08789c901803927879429ba
69d376e3183500a80d809e22200545f6bb663ee3
68a95e0b7db99dc56889c4468f990f2a88cadc810fa76bd57bc8b6a22d77c800

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68A95E0B7DB99DC56889C4468F990F2A88CADC810FA76BD57BC8B6A22D77C800"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7575
Expires: Sat, 07 Jan 2023 04:10:53 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

99887aaa.com/5bcd4bf0b8334404bd4ae2f523a4278a.gif

103.170.15.103

200 OK

47 kB

URL HTTP/1.1
99887aaa.com/5bcd4bf0b8334404bd4ae2f523a4278a.gif
IP
103.170.15.103:0
ASN
#7483 Skycloud Computing co., Ltd.

File type
GIF image data, version 89a, 320 x 185\012- data
Size
47 kB (46862 bytes)
Hash
f7bc8826b4d1fb8058ba712134859f27
3904bda8ed2e2892d338fd0f31a715fafe2d226c
a986f5a6b2fe83b27c3f9bf6cafd6cdadd097eaeb61eb91ea8c782bbd565e259

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /5bcd4bf0b8334404bd4ae2f523a4278a.gif HTTP/1.1
Host: 99887aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a43822-b70e"
Date: Sat, 31 Dec 2022 15:15:24 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 22 Dec 2022 10:57:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-33
Content-Length: 46862

hlggimg.com/1228/960_160.gif

172.247.80.59

200 OK

116 kB

URL HTTP/2
hlggimg.com/1228/960_160.gif
IP
172.247.80.59:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 960 x 160\012- data
Size
116 kB (116355 bytes)
Hash
c80d5aea6b3455b84e22681f8795ed74
76e612bdb50784abb7e43e5f56f0955b25c9d7d4
408fc38a7c6120b647a92fab7aab5cfb7b1c035f1ef36accd99456b1456f16da

HTTP Headers

GET /1228/960_160.gif HTTP/1.1
Host: hlggimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 116355
last-modified: Wed, 28 Dec 2022 10:06:25 GMT
etag: "63ac1521-1c683"
expires: Sun, 05 Feb 2023 15:17:07 GMT
cache-control: max-age=2592000
server: dns1
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
b0b15b3e172b8bdbddbb07ca92b8721f
819678937f962bcf1b8202d05aa957f42bb7193c
212fc5f84d3f252631f3e68045eb41deed763432849ea628631359a223a06d34

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 04 Jan 2023 11:33:07 GMT
Expires: Wed, 11 Jan 2023 11:33:06 GMT
Etag: "819678937f962bcf1b8202d05aa957f42bb7193c"
Cache-Control: max-age=379107,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb18dcbb503-OSL

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c3f39302b08789c901803927879429ba
69d376e3183500a80d809e22200545f6bb663ee3
68a95e0b7db99dc56889c4468f990f2a88cadc810fa76bd57bc8b6a22d77c800

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68A95E0B7DB99DC56889C4468F990F2A88CADC810FA76BD57BC8B6A22D77C800"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7575
Expires: Sat, 07 Jan 2023 04:10:53 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

kzecc.com/e06a35bc848b301fd5c9802d162bdf30.gif

13.227.254.13

200 OK

182 kB

URL HTTP/2
kzecc.com/e06a35bc848b301fd5c9802d162bdf30.gif
IP
13.227.254.13:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 300 x 150\012- data
Size
182 kB (181696 bytes)
Hash
ba9dcd35c39e60e245666e70f85fc335
38630969afd73016363a2f6f41bf36eb947405b2
624d0cce85aeb64c935d38705196c4ea696deaf4f5e1895e8557789b8b01380b

HTTP Headers

GET /e06a35bc848b301fd5c9802d162bdf30.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 181696
last-modified: Mon, 19 Dec 2022 08:54:27 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 06 Jan 2023 13:59:40 GMT
etag: "ba9dcd35c39e60e245666e70f85fc335"
x-cache: Hit from cloudfront
via: 1.1 66d851b48249ff71df5688c84f41fec8.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: IQ0W4PmD_jbK9waO-KbKsToqTfTqREz8DNc0UXLZCs7kYnW5Hh1LFw==
age: 43498
X-Firefox-Spdy: h2

ocsp.buypass.com/

95.101.11.123

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
95.101.11.123:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
1ad5e7db930a4718dbc43e8ffd34af6c
526c16d1f07b440791a778d09d289b1e8c703a80
8535c6654cdc604db34d27ab0fa7a98ba57b9744d1bc07c22b409336dc63dd96

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: e66a7fe7-f534-4242-ab8d-3339b5c8efbe
Content-Length: 1701
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8b2dd817a0de2a608089cea08e996998
04c8c36ff00a2d1ec19ec7b2aff096eec316f86d
ad024510b8039bbec3c0e461db51e8a3d96ca786fcddb025e8c00f3e9af7bbd7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 06 Jan 2023 03:26:08 GMT
Expires: Fri, 13 Jan 2023 03:26:07 GMT
Etag: "04c8c36ff00a2d1ec19ec7b2aff096eec316f86d"
Cache-Control: max-age=522688,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78591fb149c7fab8-OSL

dvcasha2.ocsp-certum.com/

95.101.10.107

200 OK

1.6 kB

URL HTTP/1.1
dvcasha2.ocsp-certum.com/
IP
95.101.10.107:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.6 kB (1599 bytes)
Hash
5b80ca410de0363925be80cd09e4856d
45c652061919d1e125e1dce9be5bb08a8e639408
5e35919254d93df8b3b13d366696ddb46b4ed6683772fa8ed853b1eee0afb6f2

HTTP Headers

POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=851
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive
X-N: S

xinchacha2dv.ocsp-certum.com/

95.101.10.107

200 OK

1.5 kB

URL HTTP/1.1
xinchacha2dv.ocsp-certum.com/
IP
95.101.10.107:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.5 kB (1538 bytes)
Hash
6253b35a90953102edb845743e4a72a6
6ab95edf32fdaaeec3f16d0c347cf24e5d53265c
a80606974705fafab5349ee889d898c2d0c701dd506a040543aeaa83c9b9b0aa

HTTP Headers

POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=865
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive
X-N: S

ocsp.buypass.com/

95.101.11.123

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
95.101.11.123:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
f8582bdb4dfd17d8a0999e1114f4e5c3
6876f717c03b8633d2a231326d3a3b6fb267c338
17994265f06689e4044b4e7b263d5872a1228370c3fae0b35231943302573c9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: cfc1ae70-a927-4c1b-84c0-382995f25ff5
Content-Length: 1701
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

ocsp.buypass.com/

95.101.11.123

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
95.101.11.123:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
f8582bdb4dfd17d8a0999e1114f4e5c3
6876f717c03b8633d2a231326d3a3b6fb267c338
17994265f06689e4044b4e7b263d5872a1228370c3fae0b35231943302573c9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 82826299-9c15-42a5-b205-544f6f8c7aaa
Content-Length: 1701
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

ocsp.buypass.com/

95.101.11.123

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
95.101.11.123:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
f8582bdb4dfd17d8a0999e1114f4e5c3
6876f717c03b8633d2a231326d3a3b6fb267c338
17994265f06689e4044b4e7b263d5872a1228370c3fae0b35231943302573c9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 4a59aa00-5641-47c6-ac5f-3ab135ce73f5
Content-Length: 1701
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8938981dd5081b97b356e3cf7df91ce
b2fadfe1a9414d2bbb5593ab97b48bf77380c5e0
9bac93ef0dab0e5f9dbab37de54ff13fb667906ccb38a6fa8a0e715879a01144

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BAC93EF0DAB0E5F9DBAB37DE54FF13FB667906CCB38A6FA8A0E715879A01144"
Last-Modified: Fri, 06 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18278
Expires: Sat, 07 Jan 2023 07:09:16 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

zhibo128x.xyz/128/960x120.gif

154.83.25.141

200 OK

417 kB

URL HTTP/1.1
zhibo128x.xyz/128/960x120.gif
IP
154.83.25.141:0
ASN
#62587 ANT-CLOUD

File type
GIF image data, version 89a, 960 x 120\012- data
Size
417 kB (417166 bytes)
Hash
13c9b946edcde7ff1343201a30e2fd46
c58983acbb24dfd174e7e033c3054b9e5036cb7b
8e817dd37cc60ddd6de4dab6f55edf1132b6793ed7d391de2dd9200cd215a926

HTTP Headers

GET /128/960x120.gif HTTP/1.1
Host: zhibo128x.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 07 Jan 2023 02:02:44 GMT
Content-Type: image/gif
Content-Length: 417166
Connection: keep-alive
Last-Modified: Wed, 04 Jan 2023 21:11:51 GMT
ETag: "63b5eb97-65d8e"
Expires: Fri, 03 Feb 2023 21:14:05 GMT
Cache-Control: max-age=2592000
Via: 154.83.25.138
CDN-Cache: HIT
Accept-Ranges: bytes

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8938981dd5081b97b356e3cf7df91ce
b2fadfe1a9414d2bbb5593ab97b48bf77380c5e0
9bac93ef0dab0e5f9dbab37de54ff13fb667906ccb38a6fa8a0e715879a01144

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BAC93EF0DAB0E5F9DBAB37DE54FF13FB667906CCB38A6FA8A0E715879A01144"
Last-Modified: Fri, 06 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18275
Expires: Sat, 07 Jan 2023 07:09:13 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
6adfe345f51f4414c4dd3534bcdea96b
6fa990138e49368eb3043e02d4bf4a3177ec5b0b
b04140c921103759e3a9dcba4537341998c710214a401554858af575c391148c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 07 Jan 2023 02:04:38 GMT
Last-Modified: Fri, 06 Jan 2023 21:25:01 GMT
ETag: "63b891ad-1d7"
Expires: Sun, 08 Jan 2023 21:25:01 GMT
Cache-Control: max-age=156023
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1673057078
Via: cache9.l2de2[278,277,200-0,M], cache9.l2de2[279,0], cache3.se1[301,300,200-0,M], cache3.se1[302,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 07 Jan 2023 02:04:38 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716730570780035575e

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
b17c660bd13b838703546825c00722bb
53662ce28a0d99afe9c79d2ac4b0f2ad7a2ffcef
586f6d5e89c9fb1dc4f8e16625870572484a69153f3f58ec1cbb1bb8590e80e2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "586F6D5E89C9FB1DC4F8E16625870572484A69153F3F58EC1CBB1BB8590E80E2"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13503
Expires: Sat, 07 Jan 2023 05:49:41 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
b17c660bd13b838703546825c00722bb
53662ce28a0d99afe9c79d2ac4b0f2ad7a2ffcef
586f6d5e89c9fb1dc4f8e16625870572484a69153f3f58ec1cbb1bb8590e80e2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "586F6D5E89C9FB1DC4F8E16625870572484A69153F3F58EC1CBB1BB8590E80E2"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13398
Expires: Sat, 07 Jan 2023 05:47:56 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
b17c660bd13b838703546825c00722bb
53662ce28a0d99afe9c79d2ac4b0f2ad7a2ffcef
586f6d5e89c9fb1dc4f8e16625870572484a69153f3f58ec1cbb1bb8590e80e2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "586F6D5E89C9FB1DC4F8E16625870572484A69153F3F58EC1CBB1BB8590E80E2"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16249
Expires: Sat, 07 Jan 2023 06:35:27 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
521ca50d200092bf5e8039f9dea7ce16
c621fcc25c021122e29b64e190cd1bafd003b563
54cbec7dbde98b16d6604c4c6192489a4dade8920f64fe379cd6f96adcfa6316

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "54CBEC7DBDE98B16D6604C4C6192489A4DADE8920F64FE379CD6F96ADCFA6316"
Last-Modified: Fri, 06 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16204
Expires: Sat, 07 Jan 2023 06:34:42 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif

120.52.95.237

200 OK

1.1 MB

URL HTTP/1.1
ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif
IP
120.52.95.237:0
ASN
#133119 China Unicom IP network

File type
GIF image data, version 89a, 960 x 120\012- data
Size
1.1 MB (1082384 bytes)
Hash
a2513b4510f6797c4cbe4012fc79c64c
41f15aa49c66eed88a541224dedda5d215f9e7ef
16e775f7ac1e0368c216cdcf70bc3d56d7d952d7653898dbb8093efcd712cc71

HTTP Headers

GET /bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 02:04:36 GMT
Content-Type: image/gif
Content-Length: 1082384
Connection: keep-alive
Server: openresty
Age: 1452285
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "a2513b4510f6797c4cbe4012fc79c64c"
Last-Modified: Wed, 21 Dec 2022 06:06:41 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HElangfang-AREACUCC1-CACHE49[4],CHN-HElangfang-AREACUCC1-CACHE30[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE54[16],CHN-TJ-GLOBAL1-CACHE30[0,TCP_HIT,13]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSFhv2Sr1BDL3xCdwQqA6DE4Gw8YvJHp
x-amz-request-id: 00000185334A8E1F900DAF7A4A1D6950
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes

lbfm.lbpictupian.com/upload/vod/2023/01/j1ouxtcsblf.jpg

104.22.12.214

200 OK

2.9 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/j1ouxtcsblf.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
2.9 kB (2920 bytes)
Hash
f076b7c0ed9c30ca3231147703a508e6
5b5688814aa2b5a7a21c35a1bbcea6f38c6c461e
0d34961a91e0817c59f2a66273048bf2c17b5553995f0c6c82d8924b34b6f7ca

HTTP Headers

GET /upload/vod/2023/01/j1ouxtcsblf.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 2920
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5141
content-disposition: inline; filename="j1ouxtcsblf.webp"
etag: "63b698c7-1415"
last-modified: Thu, 05 Jan 2023 09:30:47 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f62b4ed-OSL
X-Firefox-Spdy: h2

s2.loli.net/2022/12/18/5Z19HedNFCSBiQP.gif

104.26.0.190

200 OK

373 kB

URL HTTP/2
s2.loli.net/2022/12/18/5Z19HedNFCSBiQP.gif
IP
104.26.0.190:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
373 kB (372996 bytes)
Hash
8c9ac15f0b50d53ccbffec36af3a9607
11ff6593819530ecef60355648530649c41359f9
38c6fa07b3f8bc3b22124dc98fee75989e520816532202ba426bd204a8b242bb

HTTP Headers

GET /2022/12/18/5Z19HedNFCSBiQP.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 372996
last-modified: Sun, 18 Dec 2022 09:59:37 GMT
etag: "639ee489-5b104"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kgj41JdRTQ6yhthBBtmuO2UeUTblOson3rFqsDvK%2Bq4Nh49IGD6w5uEg0YMCUwp1ryS%2Fwb3XQzC3aTJJr6HYN%2BN1ETKGhP3cCNNhK09TSmzJg8auM3p2QAv6Zkbo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78591fab8c21fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/ughmczaw1nv.jpg

104.22.12.214

200 OK

6.3 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/ughmczaw1nv.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.3 kB (6260 bytes)
Hash
c9d7a6141a512235303e05be8bd9204e
b345439926190fc0e264b6bb419ee11cb011f918
806d8216e1bb6b0f98c742ca7a0c2d2470d7521b26c27c9c22445e32a9ecc04d

HTTP Headers

GET /upload/vod/2023/01/ughmczaw1nv.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 6260
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7222
content-disposition: inline; filename="ughmczaw1nv.webp"
etag: "63b698d0-1c36"
last-modified: Thu, 05 Jan 2023 09:30:56 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3827
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f64b4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/xuuictby3lo.jpg

104.22.12.214

200 OK

8.0 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/xuuictby3lo.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.0 kB (7976 bytes)
Hash
c3f5f3133f8ab065a49b51b22701d753
1cf13203d5103d4ccc6a526cc8ced5f27015d942
6fb32c2ec8a8001569086f8bce8cc71dae871ecc6e2f98bd6d1d022cca988b91

HTTP Headers

GET /upload/vod/2023/01/xuuictby3lo.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 7976
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9061
content-disposition: inline; filename="xuuictby3lo.webp"
etag: "63b698b2-2365"
last-modified: Thu, 05 Jan 2023 09:30:26 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f5db4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/vjtgzx2rzve.jpg

104.22.12.214

200 OK

8.6 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/vjtgzx2rzve.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.6 kB (8566 bytes)
Hash
7f0fd5adc65a225cf6d02ce25f288fea
c72ac0e8c6b42590b1a80f03aa6c83da6f41a1b8
b30a37e132194c6f064a563a648e1064b3ed8aba380068ffc6f0c0f98453c835

HTTP Headers

GET /upload/vod/2023/01/vjtgzx2rzve.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 8566
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10168
content-disposition: inline; filename="vjtgzx2rzve.webp"
etag: "63b698ba-27b8"
last-modified: Thu, 05 Jan 2023 09:30:34 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f5fb4ed-OSL
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
b17c660bd13b838703546825c00722bb
53662ce28a0d99afe9c79d2ac4b0f2ad7a2ffcef
586f6d5e89c9fb1dc4f8e16625870572484a69153f3f58ec1cbb1bb8590e80e2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "586F6D5E89C9FB1DC4F8E16625870572484A69153F3F58EC1CBB1BB8590E80E2"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4464
Expires: Sat, 07 Jan 2023 03:19:02 GMT
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

lbfm.lbpictupian.com/upload/vod/2023/01/3xdhbzq2xz4.jpg

104.22.12.214

200 OK

8.0 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/3xdhbzq2xz4.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.0 kB (8026 bytes)
Hash
ccb39cce500716ca5131b937008b3c75
d5bfbff335f5d3b075b2668d89e07c645ffc2d98
a4be5fdfc069af093a31034b62e386ec967c65683dccfed582248a90b26db459

HTTP Headers

GET /upload/vod/2023/01/3xdhbzq2xz4.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 8026
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9492
content-disposition: inline; filename="3xdhbzq2xz4.webp"
etag: "63b698b5-2514"
last-modified: Thu, 05 Jan 2023 09:30:29 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f5eb4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/xfygcvk5d0w.jpg

104.22.12.214

200 OK

2.3 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/xfygcvk5d0w.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
2.3 kB (2300 bytes)
Hash
d399bebde18f0e1be9331f46725ea9c7
99ca6c2300b9db583bc92ef43b3b94ede695b0b7
f522e0af89c313626466c1de3f856447d787125cf77e88b43cf4b4ee089c48dd

HTTP Headers

GET /upload/vod/2023/01/xfygcvk5d0w.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 2300
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=4939
content-disposition: inline; filename="xfygcvk5d0w.webp"
etag: "63b698c3-134b"
last-modified: Thu, 05 Jan 2023 09:30:43 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f61b4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/1urivqoqvvt.jpg

104.22.12.214

200 OK

11 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/1urivqoqvvt.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11064 bytes)
Hash
14a947d3810b3629dd027891c8cbfe6e
e51f56f5dc3c284d3eeac8631a2dec7ff39ed79c
0a4ff40a7bc77ccf79393d2724e47196203355e81dc7e9ccb9fc362d365513f2

HTTP Headers

GET /upload/vod/2023/01/1urivqoqvvt.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 11064
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11839
content-disposition: inline; filename="1urivqoqvvt.webp"
etag: "63b698d6-2e3f"
last-modified: Thu, 05 Jan 2023 09:31:02 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3827
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f66b4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/haxucuizveg.jpg

104.22.12.214

200 OK

10 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/haxucuizveg.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 427x320, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Size
10 kB (10064 bytes)
Hash
c44fa67d7b4148e1ba1c8b9388e801aa
c9537ac870da83c77837b7605a8d2be4facd94cb
8315c36056466e29bebbd7fdc7e83b4aa53caa74a143b97673eedad2d54d6519

HTTP Headers

GET /upload/vod/2023/01/haxucuizveg.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/jpeg
content-length: 10064
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10654, status=webp_bigger
etag: "63b698cc-299e"
last-modified: Thu, 05 Jan 2023 09:30:52 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78591fb40f63b4ed-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/54241wxqd1j.jpg

104.22.12.214

200 OK

9.1 kB

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/54241wxqd1j.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Size
9.1 kB (9078 bytes)
Hash
7fc86138fbae2ac96a639bfd5aae8b60
6b21f850d2ba95d85784bbe962058ab1efdd79da
2de9af6327c5c16066aeed66ef9d75e021e421fe9e3276e4498c97e7a87fe492

HTTP Headers

GET /upload/vod/2023/01/54241wxqd1j.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/jpeg
content-length: 9078
cf-bgj: imgq:85,h2pri
cf-polished: origSize=9551, status=webp_bigger
etag: "63b698be-254f"
last-modified: Thu, 05 Jan 2023 09:30:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3828
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78591fb40f60b4ed-OSL
X-Firefox-Spdy: h2

ocsp.buypass.com/

95.101.11.123

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
95.101.11.123:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
af9a17add2be50fb31246417083e3d17
c04f1a7270a6f9c310e6fba42472cdd952b18bd6
3dd3a238d36e5f92321b231bd6c5743dc3e7906d387210ab65be2965b0f0f8f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 107b3ab4-fbba-480a-ba6f-b5065a395039
Content-Length: 1701
Date: Sat, 07 Jan 2023 02:04:38 GMT
Connection: keep-alive

66669aaa.com/2d7b4166a63c4e48bb523d07d45069fb.gif

103.170.15.83

200 OK

0 B

URL HTTP/1.1
66669aaa.com/2d7b4166a63c4e48bb523d07d45069fb.gif
IP
103.170.15.83:0
ASN
#7483 Skycloud Computing co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /2d7b4166a63c4e48bb523d07d45069fb.gif HTTP/1.1
Host: 66669aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6399cb60-3e19b"
Date: Tue, 27 Dec 2022 12:59:22 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 14 Dec 2022 13:10:56 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-13
Content-Length: 254363

img.9376x.com/images/6399c27b56eec67c33ea8921.gif

38.54.81.125

302 Found

0 B

URL HTTP/2
img.9376x.com/images/6399c27b56eec67c33ea8921.gif
IP
38.54.81.125:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/6399c27b56eec67c33ea8921.gif HTTP/1.1
Host: img.9376x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/26c4bd83c03e4572a0da94a24edacb39
X-Firefox-Spdy: h2

help.ifeng.com/datas/feedback/20221217/639d86e9b6b6d.gif

49.51.190.27

200 OK

0 B

URL HTTP/1.1
help.ifeng.com/datas/feedback/20221217/639d86e9b6b6d.gif
IP
49.51.190.27:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /datas/feedback/20221217/639d86e9b6b6d.gif HTTP/1.1
Host: help.ifeng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
server: openresty
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 166673
last-modified: Sat, 17 Dec 2022 09:07:53 GMT
etag: "639d86e9-28b11"
expires: Sun, 22 Jan 2023 02:04:37 GMT
cache-control: max-age=1296000
accept-ranges: bytes

www.jxys16.xyz/template/m1938pc/static/css/mm-content.css

173.231.38.6

200 OK

0 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/static/css/mm-content.css
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /template/m1938pc/static/css/mm-content.css HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: text/css
last-modified: Fri, 14 Jan 2022 04:46:10 GMT
vary: Accept-Encoding
etag: W/"61e10012-1ccb"
expires: Sat, 07 Jan 2023 14:04:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

3p8801.co/11-960x60.gif

107.148.202.17

200 OK

0 B

URL HTTP/2
3p8801.co/11-960x60.gif
IP
107.148.202.17:0
ASN
#54600 PEGTECHINC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /11-960x60.gif HTTP/1.1
Host: 3p8801.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/gif
content-length: 242091
last-modified: Sat, 19 Nov 2022 11:26:07 GMT
etag: "6378bd4f-3b1ab"
expires: Mon, 06 Feb 2023 02:04:38 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

jx.tongdoumaoyi.com/news/data.php

20.239.85.25

200 OK

0 B

URL HTTP/2
jx.tongdoumaoyi.com/news/data.php
IP
20.239.85.25:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /news/data.php HTTP/1.1
Host: jx.tongdoumaoyi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jx.tongdoumaoyi.com/news/list.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.6
date: Sat, 07 Jan 2023 02:04:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
x-country: NO
x-cache: HIT@whalem3g7000001
X-Firefox-Spdy: h2

kzeoo.com/68a7807de3933bf7079116fa9df99e6f.gif

172.83.155.45

200 OK

0 B

URL HTTP/2
kzeoo.com/68a7807de3933bf7079116fa9df99e6f.gif
IP
172.83.155.45:0
ASN
#201106 Spartan Host Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kzeoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Sat, 07 Jan 2023 14:04:38 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 1420381
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwipRCov4sczHTcdIWkv%2FaUrYkMXIXYgzLjnYGeXGYrNTWiFyZ4kN%2FbAl29k5zhUJwdz4MPvR6gOiEVX0jKqomGgljR2%2BFim4H7cs%2FsgE0OBbp%2BdOSiFv8UW13GA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 77f29af56ca4c5f5-SEA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jxys16.xyz/template/m1938pc/static/css/bootstrap.min.css

173.231.38.6

200 OK

0 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/static/css/bootstrap.min.css
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /template/m1938pc/static/css/bootstrap.min.css HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: text/css
last-modified: Fri, 14 Jan 2022 04:46:04 GMT
vary: Accept-Encoding
etag: W/"61e1000c-23816"
expires: Sat, 07 Jan 2023 14:04:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

jx.tongdoumaoyi.com/news/list.php

20.239.85.25

200 OK

0 B

URL HTTP/2
jx.tongdoumaoyi.com/news/list.php
IP
20.239.85.25:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /news/list.php HTTP/1.1
Host: jx.tongdoumaoyi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jx.tongdoumaoyi.com/news/index.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.6
date: Sat, 07 Jan 2023 02:04:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
x-country: NO
x-cache: HIT@whalem3g7000001
X-Firefox-Spdy: h2

img.9367x.com/images/6399c32956eec67c33ea8925.gif

38.54.81.125

302 Found

0 B

URL HTTP/2
img.9367x.com/images/6399c32956eec67c33ea8925.gif
IP
38.54.81.125:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/6399c32956eec67c33ea8925.gif HTTP/1.1
Host: img.9367x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/9e8afd3907294526a42a854b0f4d7560
X-Firefox-Spdy: h2

help.ifeng.com/datas/feedback/20221230/63aeea646e4a1.gif

49.51.190.27

200 OK

0 B

URL HTTP/1.1
help.ifeng.com/datas/feedback/20221230/63aeea646e4a1.gif
IP
49.51.190.27:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /datas/feedback/20221230/63aeea646e4a1.gif HTTP/1.1
Host: help.ifeng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
server: openresty
date: Sat, 07 Jan 2023 02:04:37 GMT
content-type: image/gif
content-length: 115583
last-modified: Fri, 30 Dec 2022 13:40:52 GMT
etag: "63aeea64-1c37f"
expires: Sun, 22 Jan 2023 02:04:37 GMT
cache-control: max-age=1296000
accept-ranges: bytes

static.qwahk.com/960x100.gif

210.65.162.54

200 OK

0 B

URL HTTP/1.1
static.qwahk.com/960x100.gif
IP
210.65.162.54:0
ASN
#3462 Data Communication Business Group

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /960x100.gif HTTP/1.1
Host: static.qwahk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Methods: *
Access-Control-Allow-Orign: *
Content-Length: 763448
Content-Type: image/gif;charset=UTF-8
Date: Tue, 20 Dec 2022 17:36:54 GMT
ETag: "1673055017"
Last-Modified: Sat, 07 Jan 2023 01:30:17 GMT
Server: PWS/8.3.1.0.8
Via: 1.1 PStwtbTPE1rg71:3 (W)
X-Cache: HIT, server, memory
X-Px: ms PStwtbTPE1rg71TPE(origin)
X-Reqid: 201921416722818020221221013654ypkm0zzIsampled
X-Ws-Request-Id: 63a1f2b6_PStwtbTPE1rg71_19026-8036

www.jxys16.xyz/template/m1938pc/static/css/style.css

173.231.38.6

200 OK

0 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/static/css/style.css
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: text/css
last-modified: Fri, 14 Jan 2022 04:46:10 GMT
vary: Accept-Encoding
etag: W/"61e10012-10aff"
expires: Sat, 07 Jan 2023 14:04:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.jxys16.xyz/template/m1938pc/html9/ads/zxf.js

173.231.38.6

200 OK

0 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/html9/ads/zxf.js
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /template/m1938pc/html9/ads/zxf.js HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: application/javascript
last-modified: Mon, 02 Jan 2023 08:55:15 GMT
vary: Accept-Encoding
etag: W/"63b29bf3-6ee"
expires: Sat, 07 Jan 2023 14:04:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2023/01/gqbogicyhif.jpg

104.22.12.214

200 OK

0 B

URL HTTP/2
lbfm.lbpictupian.com/upload/vod/2023/01/gqbogicyhif.jpg
IP
104.22.12.214:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /upload/vod/2023/01/gqbogicyhif.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 07 Jan 2023 02:04:38 GMT
content-type: image/webp
content-length: 7234
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8411
content-disposition: inline; filename="gqbogicyhif.webp"
etag: "63b698da-20db"
last-modified: Thu, 05 Jan 2023 09:31:06 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3827
accept-ranges: bytes
server: cloudflare
cf-ray: 78591fb40f67b4ed-OSL
X-Firefox-Spdy: h2

99885aaa.com/2571b5232e904522b532216679441c82.gif

103.170.15.73

200 OK

0 B

URL HTTP/1.1
99885aaa.com/2571b5232e904522b532216679441c82.gif
IP
103.170.15.73:0
ASN
#7483 Skycloud Computing co., Ltd.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /2571b5232e904522b532216679441c82.gif HTTP/1.1
Host: 99885aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a44177-88c8b"
Date: Fri, 23 Dec 2022 04:58:00 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 22 Dec 2022 11:37:27 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-03
Content-Length: 560267

www.jxys16.xyz/template/m1938pc/static/css/swiper.min.css

173.231.38.6

200 OK

0 B

URL HTTP/2
www.jxys16.xyz/template/m1938pc/static/css/swiper.min.css
IP
173.231.38.6:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /template/m1938pc/static/css/swiper.min.css HTTP/1.1
Host: www.jxys16.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jxys16.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 02:04:34 GMT
content-type: text/css
last-modified: Fri, 14 Jan 2022 04:46:06 GMT
vary: Accept-Encoding
etag: W/"61e1000e-456d"
expires: Sat, 07 Jan 2023 14:04:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations