r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13485
Expires: Sun, 29 Jan 2023 15:11:36 GMT
Date: Sun, 29 Jan 2023 11:26:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13235
Expires: Sun, 29 Jan 2023 15:07:26 GMT
Date: Sun, 29 Jan 2023 11:26:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 10:43:08 GMT
content-type: application/json
age: 2623
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16683
Expires: Sun, 29 Jan 2023 16:04:54 GMT
Date: Sun, 29 Jan 2023 11:26:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3SlVnfyjNXffkNcmfbhU1DfmkWgQ12jdndEXen/n0JempgzraesiAUd4sd/6zBGzYbAZ/+nRBHA=
x-amz-request-id: BBNZSNBCMFC0EWT5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 11:21:22 GMT
age: 329
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:52 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.millatnews.com/file/login.php
156.240.205.22200 OK 796 B URL HTTP/1.1 www.millatnews.com/file/login.php
IP 156.240.205.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash 9b09042a988d9a9b46c8f7b3d0efbe96
c8a838f881ee9abaa63ec97c3e657167ec35502d
f3478f506a79d502e1d2d5ef93e2d44b8bf02e2cad5e6cbe4c8d32d70c6fd9c2
Analyzer Verdict Alert fortinet Phishing
GET /file/login.php HTTP/1.1
Host: www.millatnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:27:02 GMT
Content-Type: text/html
Content-Length: 796
Connection: keep-alive
www.millatnews.com/common.js
156.240.205.22200 OK 697 B URL HTTP/1.1 www.millatnews.com/common.js
IP 156.240.205.22:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (443), with CRLF line terminators
Hash 8779796e498388b84af0a9850b4a91e3
704d44df06804ac51326513ea7208701a66fb2fc
d6f0fed757da89a04d8ec551dde3a3ac2658992cce7009a83afff1122e1c5c5d
Analyzer Verdict Alert fortinet Phishing
GET /common.js HTTP/1.1
Host: www.millatnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/file/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:27:03 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.millatnews.com/tj.js
156.240.205.22200 OK 214 B IP 156.240.205.22:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 734004ff257a26c55a3646814876a96d
7d296134d0198c63329cb9e02070738dddd6f0e7
461b709217a5776e4eb76ac30e7506b08020aa92476a821f7e4c0ff31cf4d1ff
Analyzer Verdict Alert fortinet Phishing
GET /tj.js HTTP/1.1
Host: www.millatnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/file/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:27:03 GMT
Content-Type: application/x-javascript
Content-Length: 214
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 10:49:04 GMT
age: 2268
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11761
Expires: Sun, 29 Jan 2023 14:42:53 GMT
Date: Sun, 29 Jan 2023 11:26:52 GMT
Connection: keep-alive
push.zhanzhang.baidu.com/push.js
39.156.68.163200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sun, 29 Jan 2023 11:26:52 GMT
Etag: "4078521116"
Expires: Mon, 29 Jan 2024 11:26:52 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=AA407A6C69910C5F3438F8B02D2DF547:FG=1; max-age=31536000; expires=Mon, 29-Jan-24 11:26:52 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
push.services.mozilla.com/
35.155.161.242101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.161.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Co/tBfKmFqCAvcyRzMFPGg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r/WSdG7Jxa50GUYBSIkGRNDctok=
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 8ed5b69adc29aa7cd5145ce0cefea036
f84ccefa05ae06e9f059feb6c24c71dc879e26d7
ff1d75e07bf2db52bd5186d6e586cf152f2a416715104a8952d52b4c351b0010
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 02 Feb 2023 09:39:08 GMT
ETag: "f84ccefa05ae06e9f059feb6c24c71dc879e26d7"
Last-Modified: Sun, 29 Jan 2023 09:39:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 798
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79119d8e79380b51-OSL
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 8ed5b69adc29aa7cd5145ce0cefea036
f84ccefa05ae06e9f059feb6c24c71dc879e26d7
ff1d75e07bf2db52bd5186d6e586cf152f2a416715104a8952d52b4c351b0010
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 02 Feb 2023 09:39:08 GMT
ETag: "f84ccefa05ae06e9f059feb6c24c71dc879e26d7"
Last-Modified: Sun, 29 Jan 2023 09:39:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 798
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79119d8e89470b51-OSL
api.share.baidu.com/s.gif?l=http://www.millatnews.com/file/login.php
39.156.68.163200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.millatnews.com/file/login.php
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.millatnews.com/file/login.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sun, 29 Jan 2023 11:26:53 GMT
js.users.51.la/21418051.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21418051.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash ee83aa63e6e5aec33cde80fbb33e02df
3f6beae89b19eb8714eeb8f123d7a6d6c797019f
a64075cc03850440e10b204bc5de921f85f946ae27fb5894a68685a5e19700dc
GET /21418051.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.millatnews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:53 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=1fcbf1a250e8aad7d27; path=/
HWWAFSESTIME=1674991612741; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
js.users.51.la/21467687.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21467687.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 3e7d9b7ab0e18c2847ad1bfdc08fbd8b
cd6e0ee63e77aab5f19091967844710842dc875a
b198b51d13d951b14d695dc230d0f9520b7b628c1f713b67921e8f4e1b5414e3
GET /21467687.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.millatnews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:53 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=20a496610244c626c27; path=/
HWWAFSESTIME=1674991608863; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16678
Expires: Sun, 29 Jan 2023 16:04:52 GMT
Date: Sun, 29 Jan 2023 11:26:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16678
Expires: Sun, 29 Jan 2023 16:04:52 GMT
Date: Sun, 29 Jan 2023 11:26:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 64258
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 44066
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 21765
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:57:16 GMT
age: 73778
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df8e551-afc5-4ea3-a9ef-8af42c4cbea5.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df8e551-afc5-4ea3-a9ef-8af42c4cbea5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 47514f1386d4e6962ac2c931647f60f4
c8da685b6a5aee80c98d4173ffe226b672f054c3
474d462b5d4dbd15b7f759457fe1ed084819cea563ef7c1285028dad9a4a404c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df8e551-afc5-4ea3-a9ef-8af42c4cbea5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7201
x-amzn-requestid: ba830369-3a5f-45bc-9af9-5ad9ee58f43f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbvRREJqIAMF8Uw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4926e-6983a44e506dcd4d203c2688;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 03:11:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZ3Kbsx37Dlb1Jv23XJcbmrv45SlUiEv9nGAjmjseS6Rk-vZd22O7A==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 01:14:26 GMT
age: 54081
etag: "c8da685b6a5aee80c98d4173ffe226b672f054c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cbbc57c4e469baec1bda006407877cc
e988f007b1f9ec2327e7817f38cf56202096aeae
5237a8a8a7aa1fe59548582abf726fe77ad9e1fad8535bb5f88519dc6e779a86
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6158
x-amzn-requestid: 034023e1-bd96-4c41-aa48-cccf5fa7b366
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feLdTEXToAMF5Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d58c54-5390c17952d82d9108bdd3f8;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 20:57:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ACe_e899vrvXgDH3SKhGkebo6EgwW3c97aiFsr_p0g0cyWhl0XmjIg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 00:04:06 GMT
etag: "e988f007b1f9ec2327e7817f38cf56202096aeae"
content-type: image/jpeg
age: 40968
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.millatnews.com/favicon.ico
156.240.205.22200 OK 1.2 kB URL HTTP/1.1 www.millatnews.com/favicon.ico
IP 156.240.205.22:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.millatnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/file/login.php
Cookie: __tins__21467687=%7B%22sid%22%3A%201674991620899%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201674993420899%7D; __51cke__=; __51laig__=2; __tins__21418051=%7B%22sid%22%3A%201674991620906%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201674993420906%7D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:27:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Fri, 03 Feb 2023 11:27:04 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
164.88.139.190/nar/756.html
164.88.139.190200 OK 697 B URL HTTP/1.1 164.88.139.190/nar/756.html
IP 164.88.139.190:0
ASN #137951 Clayer Limited
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 50b4991a2fe2450ff64bbfb7c8f7b6d5
5fff04b2d92c4d6e29e230fa6c4747a004abf198
03a0f99294eec422e7dcfbe7b067de29c02821f20cea0169471946aa66f3c17a
Analyzer Verdict Alert quad9 Sinkholed
GET /nar/756.html HTTP/1.1
Host: 164.88.139.190
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:54 GMT
Content-Type: text/html
Content-Length: 697
Last-Modified: Sat, 28 Jan 2023 13:55:25 GMT
Connection: keep-alive
ETag: "63d5294d-2b9"
Accept-Ranges: bytes
ia.51.la/go1?id=21467687&rt=1674991620899&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1674991620899&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21467687&rt=1674991620899&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1674991620899&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21467687&rt=1674991620899&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1674991620899&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/
HTTP/1.1 200
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:54 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=66858130f4cfe4120d91; path=/
HWWAFSESTIME=1674991610855; path=/
ia.51.la/go1?id=21418051&rt=1674991620906&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1674991620906&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21418051&rt=1674991620906&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1674991620906&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21418051&rt=1674991620906&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1674991620906&tt=%25E5%25BF%25BB%25E5%25B7%259E%25E9%2585%2589%25E5%258C%2595%25E4%25BF%25A1%25E6%2581%25AF%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.millatnews.com%252Ffile%252Flogin.php&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.millatnews.com/
HTTP/1.1 200
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:54 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=18c01eb1652ae2da7c; path=/
HWWAFSESTIME=1674991614130; path=/
164.88.136.141/0.532396922966503
164.88.136.141404 Not Found 146 B URL HTTP/1.1 164.88.136.141/0.532396922966503
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /0.532396922966503 HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.139.190/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 29 Jan 2023 11:26:54 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
164.88.136.141/
164.88.136.141200 OK 9.6 kB IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (7282), with CRLF line terminators
Hash 90a8997220fce1c27df6af0dce4ba855
42a7568e165cf8e66ee2fc70e04841d9c0c79ab1
ad2462f2b15116bf9cb48b15eef5d600eaa0bc992c4ef6447f666dbcbcf9885b
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.139.190/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: text/html;Charset=utf-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=6rift450i392c5soe6c310p9g1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fa9eef4758bf3ae5732cff40f04ec44
daa8ad4d751234bca724efbac7a7493a690cd12c
355b79de292e1ef9ae4aa11fc1eb9ffbfd10c2eb3629621fc641537a323b9381
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "355B79DE292E1EF9AE4AA11FC1EB9FFBFD10C2EB3629621FC641537A323B9381"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Sun, 29 Jan 2023 15:21:48 GMT
Date: Sun, 29 Jan 2023 11:26:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fa9eef4758bf3ae5732cff40f04ec44
daa8ad4d751234bca724efbac7a7493a690cd12c
355b79de292e1ef9ae4aa11fc1eb9ffbfd10c2eb3629621fc641537a323b9381
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "355B79DE292E1EF9AE4AA11FC1EB9FFBFD10C2EB3629621FC641537A323B9381"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Sun, 29 Jan 2023 15:21:48 GMT
Date: Sun, 29 Jan 2023 11:26:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fa9eef4758bf3ae5732cff40f04ec44
daa8ad4d751234bca724efbac7a7493a690cd12c
355b79de292e1ef9ae4aa11fc1eb9ffbfd10c2eb3629621fc641537a323b9381
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "355B79DE292E1EF9AE4AA11FC1EB9FFBFD10C2EB3629621FC641537A323B9381"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Sun, 29 Jan 2023 15:21:48 GMT
Date: Sun, 29 Jan 2023 11:26:55 GMT
Connection: keep-alive
lbfm.lbpictupian.com/upload/vod/2023/01/yiys02t2zcx.jpg
104.22.13.214200 OK 7.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/yiys02t2zcx.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3d5794ad74a5ee4b071193db7ff5b35b
8efb6291c7b9f42268392b54b9d8d49139edc5f5
31c80a40a92f392c6fb505cb92dccfc63a3567b6e5fa89c5e108e7aa45d48731
GET /upload/vod/2023/01/yiys02t2zcx.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 7406
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8733
content-disposition: inline; filename="yiys02t2zcx.webp"
etag: "63d3afb0-221d"
last-modified: Fri, 27 Jan 2023 11:04:16 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf95a0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/05jlal3ddzn.jpg
104.22.13.214200 OK 3.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/05jlal3ddzn.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b68dfe9f96bbe74c2120e2700228bf8a
f352a3c23f9b8ee6da42c07fda03953627e3ebe6
bf194a7308e4cd0963afffd6718abe1ce1ce8a23797972f1556d4ba9e1fcd51a
GET /upload/vod/2023/01/05jlal3ddzn.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 3658
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5597
content-disposition: inline; filename="05jlal3ddzn.webp"
etag: "63d3afb8-15dd"
last-modified: Fri, 27 Jan 2023 11:04:24 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf95d0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/3b3wf1qi0r2.jpg
104.22.13.214200 OK 4.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/3b3wf1qi0r2.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3499be9d807e2cc56b60202eecd19857
e22d5d9fcae046c4b54009ad92210102eea5503c
bf8d5324a05136c8be1433ce8d7bfb78546a280a54c0262c2ba5ff4884da7201
GET /upload/vod/2023/01/3b3wf1qi0r2.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 4874
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6312
content-disposition: inline; filename="3b3wf1qi0r2.webp"
etag: "63d3afb4-18a8"
last-modified: Fri, 27 Jan 2023 11:04:20 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf95c0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/y31xei0bneh.jpg
104.22.13.214200 OK 17 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/y31xei0bneh.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 6ea8db423ba4a3684dc54aed287da3cc
438b63929360dbd21adbff10b7434be4599bac47
a99c55d3c16d4d668ae0efa9af86727c36f70a7caa93f70184ef1190951b3071
GET /upload/vod/2023/01/y31xei0bneh.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/jpeg
content-length: 16921
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=17694, status=webp_bigger
etag: "63d3afc6-451e"
last-modified: Fri, 27 Jan 2023 11:04:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119d9bf9610afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/iitadlom2gs.jpg
104.22.13.214200 OK 5.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/iitadlom2gs.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b1b0115af17224e60a7c21f45963a2a3
ee2e395e65145c545579f621d7fe2af0434af5a8
e2e248c31704f0bc7713dd962ce21b565fc079c1f784f4bdf6b0baf6a8c34c52
GET /upload/vod/2023/01/iitadlom2gs.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 5808
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7125
content-disposition: inline; filename="iitadlom2gs.webp"
etag: "63cf3062-1bd5"
last-modified: Tue, 24 Jan 2023 01:12:02 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9660afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/2ddlnoo02or.jpg
104.22.13.214200 OK 11 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/2ddlnoo02or.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 812223dad3010435d2634c8ca4f75b0d
9bc5b33c597b35facfee82ef9b35707edcdd636a
4747ca43d5f983a166b3707ae994663cc993fb6ddfb56d68ac6f7c10bd44698f
GET /upload/vod/2023/01/2ddlnoo02or.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 11364
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=12744
content-disposition: inline; filename="2ddlnoo02or.webp"
etag: "63d3af95-31c8"
last-modified: Fri, 27 Jan 2023 11:03:49 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9630afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/p55al551rlz.jpg
104.22.13.214200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/p55al551rlz.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 49e2e8284fc2c72face06e6ce9cd9992
7162e517f1a83004b90b40d73d5063ce5c967cce
b321b8752b4edb268804b98e61fcedf85bcfbfbea1912072313932cbc5e214eb
GET /upload/vod/2023/01/p55al551rlz.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 10148
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11221
content-disposition: inline; filename="p55al551rlz.webp"
etag: "63d3af99-2bd5"
last-modified: Fri, 27 Jan 2023 11:03:53 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9670afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/4njbqp4ttqp.jpg
104.22.13.214200 OK 5.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/4njbqp4ttqp.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a74d1d17cd0cd0b1273b483f1261e374
17f3df02d38477d19d6d3008ff92707da8b48cab
1834d1c9ff7933c684f96e10095d3cadbe175f4466b718e05604d374ef82149d
GET /upload/vod/2023/01/4njbqp4ttqp.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 5718
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8382
content-disposition: inline; filename="4njbqp4ttqp.webp"
etag: "63cf305e-20be"
last-modified: Tue, 24 Jan 2023 01:11:58 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9650afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/1urjs5lddps.jpg
104.22.13.214200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/1urjs5lddps.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1ba3962421e18898a714f9bc7e13f91f
90f98e324029c9b51d7f58f82045707bd3bb0fb9
b1372fbbcf745b7be2e730997c3f3123b0d18c3a0b246fa0d64a13dd8331a86c
GET /upload/vod/2023/01/1urjs5lddps.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 10502
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11699
content-disposition: inline; filename="1urjs5lddps.webp"
etag: "63d3af91-2db3"
last-modified: Fri, 27 Jan 2023 11:03:45 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9620afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/2l32wtd1p1a.jpg
104.22.13.214200 OK 3.6 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/2l32wtd1p1a.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2fa3edc904078c501dd6bfcd4d63a9c0
5e01619c290f106c67b9aaf6027babb80a5f0eb8
591e51a163649ca2faa523d296f29ae3e5b26e4a9d9e4316aa3b65bfb468dc27
GET /upload/vod/2023/01/2l32wtd1p1a.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 3606
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7300
content-disposition: inline; filename="2l32wtd1p1a.webp"
etag: "63d3afc2-1c84"
last-modified: Fri, 27 Jan 2023 11:04:34 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9600afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/m4akvunz0ul.jpg
104.22.13.214200 OK 14 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/m4akvunz0ul.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash f96efe87484c7f6714a3e44d33b3663c
5ed2d374bf9de14842562cb7f02fd20ea59ce339
6f1837b0bb2fce7af1f236ecd969995e1d001723ecdbdd2051bf2d93daaf7be7
GET /upload/vod/2023/01/m4akvunz0ul.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/jpeg
content-length: 14419
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=15311, status=webp_bigger
etag: "63d3afca-3bcf"
last-modified: Fri, 27 Jan 2023 11:04:42 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119d9bf9640afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/efyq5ssmvmf.jpg
104.22.13.214200 OK 11 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/efyq5ssmvmf.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 04153559853dde0c992619fa16eb5dd0
c309941038c640c6aa1ff36628ade98fc85dad5e
daeba2f1ade807cd69eff1799c1bef411204f0290b9f2785168eca98926391f8
GET /upload/vod/2023/01/efyq5ssmvmf.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 10898
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11651
content-disposition: inline; filename="efyq5ssmvmf.webp"
etag: "63d3afbd-2d83"
last-modified: Fri, 27 Jan 2023 11:04:29 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf95f0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/0d3wjqibpo3.jpg
104.22.13.214200 OK 13 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/0d3wjqibpo3.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 22cf3452182bf1f2fb2d190434786822
f0378c750b21e1f5dec5203c0527d7b453ed40e3
b6680ddfa53ec44a728aae4e0d47a392a3a4558975f8afbac927999a845a254c
GET /upload/vod/2023/01/0d3wjqibpo3.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 12618
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=13212
content-disposition: inline; filename="0d3wjqibpo3.webp"
etag: "63d3af9d-339c"
last-modified: Fri, 27 Jan 2023 11:03:57 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9680afe-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fa9eef4758bf3ae5732cff40f04ec44
daa8ad4d751234bca724efbac7a7493a690cd12c
355b79de292e1ef9ae4aa11fc1eb9ffbfd10c2eb3629621fc641537a323b9381
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "355B79DE292E1EF9AE4AA11FC1EB9FFBFD10C2EB3629621FC641537A323B9381"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Sun, 29 Jan 2023 15:21:48 GMT
Date: Sun, 29 Jan 2023 11:26:55 GMT
Connection: keep-alive
lbfm.lbpictupian.com/upload/vod/2023/01/u0quk0gw3lr.jpg
104.22.13.214200 OK 11 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/u0quk0gw3lr.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 34x45, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 69a4143cba5acd74eab89bf427fcbbfa
e6c61e31c37723bf749b2813fbe192229859ee10
ce12fff985400012bbcb4ecc2da273eb417455096d2ff6b41024839e572ae92f
GET /upload/vod/2023/01/u0quk0gw3lr.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/jpeg
content-length: 10663
cf-bgj: imgq:85,h2pri
cf-polished: origSize=11231, status=webp_bigger
etag: "63d3afac-2bdf"
last-modified: Fri, 27 Jan 2023 11:04:12 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119d9bf9700afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/otihiy4q1uh.jpg
104.22.13.214200 OK 9.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/otihiy4q1uh.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e75825d0c7e623640da8058423399a57
206cb6b3b4b983aadc819a91edd21e7fcc4deedc
b69be3cb1f68e3c70920e25a514280806130aef99fc12b41369cd1af79a4b3b1
GET /upload/vod/2023/01/otihiy4q1uh.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 9876
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=12005
content-disposition: inline; filename="otihiy4q1uh.webp"
etag: "63d3afa8-2ee5"
last-modified: Fri, 27 Jan 2023 11:04:08 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf96f0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/y3thzdzgpjc.jpg
104.22.13.214200 OK 6.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/y3thzdzgpjc.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8bc3f0c61bbdb15598aa5eb0a4fba7b3
562f261e9c126bf57c51224c5218aa253790273b
30a3bef67e54b254c4f1702a67e111b8ee334e3dfb179fd9b7871f997e284ceb
GET /upload/vod/2023/01/y3thzdzgpjc.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 6100
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7158
content-disposition: inline; filename="y3thzdzgpjc.webp"
etag: "63cf3067-1bf6"
last-modified: Tue, 24 Jan 2023 01:12:07 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf9690afe-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fa9eef4758bf3ae5732cff40f04ec44
daa8ad4d751234bca724efbac7a7493a690cd12c
355b79de292e1ef9ae4aa11fc1eb9ffbfd10c2eb3629621fc641537a323b9381
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "355B79DE292E1EF9AE4AA11FC1EB9FFBFD10C2EB3629621FC641537A323B9381"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Sun, 29 Jan 2023 15:21:48 GMT
Date: Sun, 29 Jan 2023 11:26:55 GMT
Connection: keep-alive
lbfm.lbpictupian.com/upload/vod/2023/01/gwmbm0b3pnq.jpg
104.22.13.214200 OK 5.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/gwmbm0b3pnq.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7c45aaea0f739d3a763db10058875014
abf63197fcddf44bafdc137821d997e4165b0dbf
0a7af11abbcbbe347ce162ad073e985a054df01f7578cb848138dda4ee35abbb
GET /upload/vod/2023/01/gwmbm0b3pnq.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 5736
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7004
content-disposition: inline; filename="gwmbm0b3pnq.webp"
etag: "63cf306f-1b5c"
last-modified: Tue, 24 Jan 2023 01:12:15 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf96b0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/kexc2wffze1.jpg
104.22.13.214200 OK 8.5 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/kexc2wffze1.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c8988f607f89bfeffb5c69692d75203e
c59307820860e2f848673da795bf14c00ac79927
93308636e37c38434369cd60dd4ee6163b4583382e120b816e338d3c2cb72fb2
GET /upload/vod/2023/01/kexc2wffze1.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 8548
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11257
content-disposition: inline; filename="kexc2wffze1.webp"
etag: "63d3afa4-2bf9"
last-modified: Fri, 27 Jan 2023 11:04:04 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf96e0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/wagbdfc2ttl.jpg
104.22.13.214200 OK 7.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/wagbdfc2ttl.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash aa8e6e7d013ad64209c50a31f768c029
954f958ed7843e8c07ddd6e9a0eeb92632413b1b
200d26a469e205dbef3b679440e0d142cecbd39ebd846f78051b85165905188c
GET /upload/vod/2023/01/wagbdfc2ttl.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/jpeg
content-length: 7748
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8265, status=webp_bigger
etag: "63cf306b-2049"
last-modified: Tue, 24 Jan 2023 01:12:11 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119d9bf96a0afe-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/01/hsukoegkzsj.jpg
104.22.13.214200 OK 8.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/01/hsukoegkzsj.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d2135db4157ebf701695014f31202be3
b7dec20fef09c6de555c8672dff896bba384dd74
9d8c775b0f135d2c1278765788071fd97d04868c50eb782decb141d2adf12ee6
GET /upload/vod/2023/01/hsukoegkzsj.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/webp
content-length: 8238
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10954
content-disposition: inline; filename="hsukoegkzsj.webp"
etag: "63d3afa1-2aca"
last-modified: Fri, 27 Jan 2023 11:04:01 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7
accept-ranges: bytes
server: cloudflare
cf-ray: 79119d9bf96d0afe-OSL
X-Firefox-Spdy: h2
164.88.136.141/template/m1938/css/ate.css
164.88.136.141200 OK 6.0 kB URL HTTP/1.1 164.88.136.141/template/m1938/css/ate.css
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type ASCII text, with CRLF line terminators
Hash 251de3a6c1f48287067d6e9884f7888f
d0d01ad05609d705df6dc86c14d7911aab71b8f2
256f80b2d6f2d004ddba641a773690bae0c70094d68d2ea3fa5b3893ff4ecb94
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/css/ate.css HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: text/css
Last-Modified: Sun, 07 Mar 2021 04:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6044558a-126e5"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
js.users.51.la/21285107.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21285107.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 2a62068128af7ac1e9295a6aa9288681
34e7db7d16d30ebe5b5aad07e667df21d9a2945a
4106736f2422718c5c5c49f1176be5432993ccce430a2445d6ec2839758dd35c
GET /21285107.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=5a6c827dc178c161a03; path=/
HWWAFSESTIME=1674991613889; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
45.199.22.3/ssiq/sq.js
45.199.22.3200 OK 913 B IP 45.199.22.3:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text
Hash 50c4ea5361abc2876d17bd097ac1886b
5adb9b8645197d11f3df50451a0f68df198336d8
7c65d3c68ae7605a73a46482ee721e3799cc99ebc33fcd3d6f81148063be37ce
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/sq.js HTTP/1.1
Host: 45.199.22.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Sat, 28 Jan 2023 08:46:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d4e0cf-d97"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.2/ssiq/tj.js
45.199.22.2200 OK 0 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/tj.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Wed, 20 Jul 2022 03:19:47 GMT
Connection: keep-alive
ETag: "62d77453-0"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
45.199.22.2/ssiq/tz.js
45.199.22.2200 OK 722 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, ASCII text, with very long lines (678), with CRLF line terminators
Hash 0696879ced2222a686d998946a24a6d9
9796dc4494499a5056f14c4fee681632319817ea
13c791160ef6a7660a846ecf5041e7eef025b919c796327cb8d9f27a9eda50fb
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/tz.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Sat, 07 Jan 2023 12:06:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b9605a-893"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.3/ssiq/sp1.js
45.199.22.3200 OK 659 B IP 45.199.22.3:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text
Hash e0e1d405121375272c0a0acc317aa749
865bd1e4bf0d03ed76893a8bc274156bfd84de5d
d80cc76a54f0959d915065269323dfefe0a19d6114fcc7eff9fc0c573c05c5e6
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/sp1.js HTTP/1.1
Host: 45.199.22.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Jan 2023 08:21:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d23810-73d"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.2/ssiq/dh.js
45.199.22.2200 OK 1.6 kB IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
Hash ef70332e7502ba3ec1c0810874fb2486
ccf868533bff9e818ad6071ea3db1098d579e820
f6b1fb60b14a562765641930dc0714287aa268b703a47dd2f998c3970dbaf4b5
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/dh.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Sat, 28 Jan 2023 06:45:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d4c470-3096"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.2/ssiq/qq2.js
45.199.22.2200 OK 2.1 kB IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text, with very long lines (302)
Hash a270bbfe0ce0dc1ad25582044dba8171
3d151ff3b2de1b8170a57c40dc965c7858eb3594
aff41d092d0d3e0d82f49d2690186fdd16b580abbc213e4a217b23b266fe91f2
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/qq2.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Sat, 28 Jan 2023 08:52:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d4e241-2455"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.2/ssiq/dl.js
45.199.22.2200 OK 0 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/dl.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Wed, 16 Mar 2022 16:11:12 GMT
Connection: keep-alive
ETag: "62320c20-0"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
45.199.22.2/ssiq/qq3.js
45.199.22.2200 OK 979 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text
Hash 0c31eba09905b7c69d330e04babc2aee
3d588b06839a66acd23e24c0c544aaa71277ff78
a30c0d450e4e348579b542539db1d542a0f7c9810a33fe4ff4712f9de367b89c
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/qq3.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Wed, 25 Jan 2023 10:21:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d102b3-1e09"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
164.88.136.141/template/m1938/css/zui.css
164.88.136.141200 OK 22 kB URL HTTP/1.1 164.88.136.141/template/m1938/css/zui.css
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
Hash 989119441b99dc00d29481edf802fef3
c3141b9d2c5e3d82f2a3a2e6abd747b198cbc7ea
4d49f5f5cd38ba825d17e7d76c9592e824c495b3d1a01246454cfa72029598fd
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/css/zui.css HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Apr 2022 16:48:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"624b214a-17838"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
js.users.51.la/21481107.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21481107.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash bf21d1c7769c2a14bd910ae21ae1d68e
205b103838a383a22ae4869b053d8d20546bbebd
f843ce4be057b27ca449aac019bafa3fa2d08100c97dee30f1703f8875565954
GET /21481107.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=0bf21217a1d53989d67; path=/
HWWAFSESTIME=1674991614287; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
45.199.22.2/ssiq/qq1.js
45.199.22.2200 OK 1.3 kB IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash ed80c975f7177cad4d10e9844d6622cf
15bc8e164b79a693fd247647283a872b111cb911
e75ec9021273669f72d91f46835b7e20909863f2808108fbe1ce18d7b646d3b6
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/qq1.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: application/javascript
Last-Modified: Sat, 28 Jan 2023 14:01:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63d52aa9-1f97"
Expires: Sun, 29 Jan 2023 23:26:55 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
45.199.22.2/ssiq/dht.js
45.199.22.2404 Not Found 146 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/dht.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash c3664d3ac928db8e9f86559b17a5d028
777dc01a04927815118b953e711b05b65e1cd131
2b3ece4e9b3ed42055357e7e5d7045a56e288a3968022bb7c3e58ef8dc563a3f
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 11:26:56 GMT
Ali-Swift-Global-Savetime: 1674991616
Via: cache9.l2de2[46,46,200-0,M], cache9.l2de2[47,0], cache1.se1[69,69,200-0,M], cache1.se1[70,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 29 Jan 2023 11:26:56 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9516749916159508980e
164.88.136.141/template/m1938/images/1.gif
164.88.136.141200 OK 254 B URL HTTP/1.1 164.88.136.141/template/m1938/images/1.gif
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/images/1.gif HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: image/gif
Content-Length: 254
Last-Modified: Mon, 04 Apr 2022 14:58:52 GMT
Connection: keep-alive
ETag: "624b07ac-fe"
Expires: Tue, 28 Feb 2023 11:26:55 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d3b4588db59f1609caf7a3147071d2a
94be326215e5ba67f126f1f7a8ec39428a6a239c
63d0c0d5893d244eb310c8e4010110d20078c561655f6f5ce6a4f0476719e576
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "63D0C0D5893D244EB310C8E4010110D20078C561655F6F5CE6A4F0476719E576"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:56 GMT
Date: Sun, 29 Jan 2023 11:26:56 GMT
Connection: keep-alive
si1.go2yd.com/get-image/0yFVWR9AM6k
163.171.140.79200 OK 140 kB URL HTTP/2 si1.go2yd.com/get-image/0yFVWR9AM6k
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 750 x 376\012- data
Size 140 kB (140259 bytes)
Hash 4125d9bf66b1a755f42abaea805ee9af
17232f64827beb19e2a717d1bdbf384b3e938249
d3c1b29a4d2c0fa6fc41d308d6c110eeb868276c2a74697766283838ebe1f732
GET /get-image/0yFVWR9AM6k HTTP/1.1
Host: si1.go2yd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 140259
x-application-context: application
x-kss-request-id: 42be03856f37421d8d1834ac0d22900d
etag: "4125d9bf66b1a755f42abaea805ee9af"
content-md5: QSXZv2axp1X0KrrqgF7prw==
last-modified: Mon, 28 Feb 2022 07:48:08 GMT
accept-ranges: bytes
server: KS3
age: 1
x-via: 1.1 PSbjwjBGP2vu136:9 (Cdn Cache Server V2.0), 1.1 PSzjnbsxsy229:10 (Cdn Cache Server V2.0), 1.1 PS-KHH-015lO119:3 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1vj92:14 (Cdn Cache Server V2.0)
x-ws-request-id: 63d65800_PShlamstdAMS1vj92_1897-55290
access-control-allow-origin: *
ws-s2h-acc-level: 1
X-Firefox-Spdy: h2
tupkku.top/logotp/hgsbtr01.gif
104.21.51.97200 OK 1.6 MB URL HTTP/2 tupkku.top/logotp/hgsbtr01.gif
IP 104.21.51.97:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /logotp/hgsbtr01.gif HTTP/1.1
Host: tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 1626999
last-modified: Sun, 31 Jul 2022 13:10:59 GMT
etag: "62e67f63-18d377"
expires: Sat, 25 Feb 2023 14:12:26 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 249145
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqHpnixcfiVt5gCY9YUKJAIxgk8q92zcWa8ksVt%2BYvxt1SaTGjY9El0ro7pujtQqBSC0SYq0eY9sy%2BO66hrlOZdD%2BZve%2BNxFd3sTTgf1B2j5DnGr3N3zXAd59Oli"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119da09885b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
164.88.136.141/template/m1938/images/video-play.png
164.88.136.141200 OK 1.6 kB URL HTTP/1.1 164.88.136.141/template/m1938/images/video-play.png
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938/images/video-play.png HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/template/m1938/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: image/png
Content-Length: 1567
Last-Modified: Fri, 29 May 2020 05:44:40 GMT
Connection: keep-alive
ETag: "5ed0a148-61f"
Expires: Tue, 28 Feb 2023 11:26:55 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 500259d6742e020108f0d17f4c070e9f
d0a008537c96333bb12f941aaf4de08e1749bca8
ebddeecc016cdc334bf5be9bbb1dfc11c51374f2a1c05eba0efc7b8c447068d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBDDEECC016CDC334BF5BE9BBB1DFC11C51374F2A1C05EBA0EFC7B8C447068D9"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4674
Expires: Sun, 29 Jan 2023 12:44:50 GMT
Date: Sun, 29 Jan 2023 11:26:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d3b4588db59f1609caf7a3147071d2a
94be326215e5ba67f126f1f7a8ec39428a6a239c
63d0c0d5893d244eb310c8e4010110d20078c561655f6f5ce6a4f0476719e576
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "63D0C0D5893D244EB310C8E4010110D20078C561655F6F5CE6A4F0476719E576"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:56 GMT
Date: Sun, 29 Jan 2023 11:26:56 GMT
Connection: keep-alive
i.postimg.cc/fRZzGw2K/0103d120009h1026r1-BFC.gif
162.19.88.68200 OK 873 kB URL HTTP/2 i.postimg.cc/fRZzGw2K/0103d120009h1026r1-BFC.gif
IP 162.19.88.68:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 873 kB (873044 bytes)
Hash 4afba97a5491e68fcca4cdee4b87d629
09e1dddabf60e12cbd368c2df9d6474f703d7a2f
23861d601f540f738c33eebd6821fef3a74e1f6d5540d939d8a07c08f40bcd19
GET /fRZzGw2K/0103d120009h1026r1-BFC.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:55 GMT
content-type: image/gif
content-length: 873044
last-modified: Sun, 18 Dec 2022 14:49:31 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 19b5baa9b517a1c32c4011b9be784c22
59e8f2532fbda31bb6617f7921885c0b9c17856f
a4f5f6acd49c59afa867ef57f29ca3e474bcff7cf41e1c5a1eee9ed9284d8d2f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F5F6ACD49C59AFA867EF57F29CA3E474BCFF7CF41E1C5A1EEE9ED9284D8D2F"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11286
Expires: Sun, 29 Jan 2023 14:35:02 GMT
Date: Sun, 29 Jan 2023 11:26:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c6ca1e76480ee36908c5b54c3b4ecdd7
e299d753b5f72023b0b3e8e39a34a75555ea3b1f
306b68bb6f75261e72fdd595150b81a2e4108ef5249bf90b9628b890bb980015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306B68BB6F75261E72FDD595150B81A2E4108EF5249BF90B9628B890BB980015"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Sun, 29 Jan 2023 17:26:22 GMT
Date: Sun, 29 Jan 2023 11:26:56 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash a6dfd060ee5dd6ce8cdc8ab6fcfa77f6
1bb200a0d23a7c437a140b1ba20aa3a041aaea68
3f351ffbf0fc31c125371c8a19a02c9dd6d41d574218d3d29b80e2e50f35f2c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4622
Cache-Control: max-age=97019
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:26:56 GMT
Etag: "63d51ded-2d7"
Expires: Mon, 30 Jan 2023 14:23:55 GMT
Last-Modified: Sat, 28 Jan 2023 13:06:53 GMT
Server: ECS (amb/6BBE)
X-Cache: HIT
Content-Length: 727
164.88.136.141/template/m1938//images/1.png
164.88.136.141200 OK 43 kB URL HTTP/1.1 164.88.136.141/template/m1938//images/1.png
IP 164.88.136.141:0
ASN #137951 Clayer Limited
File type PNG image data, 350 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 00d985bcfda2fff5a222ca4f40d78f88
0ee6b80d0cd8c697c5692b231a9e1669aad183ce
55a9a5f94728aeabefe15240204b3210175e24a18df03aad3f4f2b8fdba89afd
Analyzer Verdict Alert quad9 Sinkholed
GET /template/m1938//images/1.png HTTP/1.1
Host: 164.88.136.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:26:55 GMT
Content-Type: image/png
Content-Length: 43176
Last-Modified: Sun, 10 Apr 2022 13:53:00 GMT
Connection: keep-alive
ETag: "6252e13c-a8a8"
Expires: Tue, 28 Feb 2023 11:26:55 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 005bba03ff5d183d0b8c49a4be1bcdb6
427e8b502f225f8e1cbf771650b203488b4647cc
be2fd631eeb7f8eb703ea807e9653f96644055f1b8528785b0e69a7d2fe4adbf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 09:16:29 GMT
Expires: Fri, 03 Feb 2023 09:16:28 GMT
Etag: "427e8b502f225f8e1cbf771650b203488b4647cc"
Cache-Control: max-age=423571,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119da26fd1b518-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 2957173d55c5c82c643ca82635848799
fcececc10bfa78ed377cff46f8df518754c4a2a9
bb28b3ef9389761355ea56926b9fecd3316708a6d7de594341d4a60231efc240
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Thu, 02 Feb 2023 09:34:41 GMT
ETag: "fcececc10bfa78ed377cff46f8df518754c4a2a9"
Last-Modified: Sun, 29 Jan 2023 09:34:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1568
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79119da3dd67b512-OSL
img.krkfp.com/img/1.jpg
172.247.222.51200 OK 16 kB IP 172.247.222.51:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 352x198, components 3\012- data
Hash 332e372126585ebcb1a39313b52cd63f
68588752c6a07c6ea01369754556a5386c2c5134
82950ea6f845b5ee30278736b468ddbe848191c37caae800d385282814c5bd35
GET /img/1.jpg HTTP/1.1
Host: img.krkfp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:24:58 GMT
Content-Type: image/jpeg
Content-Length: 16459
Last-Modified: Thu, 08 Dec 2022 11:52:30 GMT
Connection: keep-alive
ETag: "6391cffe-404b"
Expires: Tue, 28 Feb 2023 11:24:58 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
kzeoo.com/923940ff234392da5ad2e1e002570163.gif
172.83.155.45200 OK 133 kB URL HTTP/2 kzeoo.com/923940ff234392da5ad2e1e002570163.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 190 x 120\012- data
Size 133 kB (133230 bytes)
Hash 25345ad7a9509fb9f9ac5908d8aa375c
ca500c88905e72c255129ae4990eb74209d8c6b8
21f1f13b446590b41bce1a74f4ad848c4a427f9c12e2145079bdad382e4f659d
GET /923940ff234392da5ad2e1e002570163.gif HTTP/1.1
Host: kzeoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 133230
last-modified: Tue, 16 Aug 2022 11:18:28 GMT
etag: "62fb7d04-2086e"
expires: Sun, 29 Jan 2023 23:26:56 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 15760
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkjUf0%2BwfFjg20aWeGJEZBcYmqt2bsx%2FNtkkvCQSlNketKJt61Zpr5OPHV5%2BSwc%2BH1gLiJks3v5t7qnBanzWAtkznCsqEPJOivn%2BrtXqdwZE5KalysebkceeFnN2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-ray: 7875d5cd581fec88-SEA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/sDmq2sfK/290299ed48d84c7b99d8fbd8a96a254c.gif
162.19.88.68200 OK 186 kB URL HTTP/2 i.postimg.cc/sDmq2sfK/290299ed48d84c7b99d8fbd8a96a254c.gif
IP 162.19.88.68:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 186 kB (186342 bytes)
Hash c4aec2fc715ed9100d40a15aa4b82c28
c147669e2e7bffdbff992edf4b8ab2b146040dce
b349c187657aac001daafe636bf8c97f2c81c13f526886cb3fc9bafc0b8cb6df
GET /sDmq2sfK/290299ed48d84c7b99d8fbd8a96a254c.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 186342
last-modified: Sun, 18 Dec 2022 14:50:51 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
ia.51.la/go1?id=21285107&rt=1674991623880&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623880&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21285107&rt=1674991623880&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623880&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21285107&rt=1674991623880&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623880&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:56 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=72dfa1129bee98a2c820; path=/
HWWAFSESTIME=1674991613181; path=/
ia.51.la/go1?id=21481107&rt=1674991623885&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623885&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21481107&rt=1674991623885&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623885&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21481107&rt=1674991623885&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E5%25A6%2582%25E6%2582%25A8%25E6%259C%25AA%25E6%25BB%25BF%25E5%258D%2581%25E5%2585%25AB%25E6%25AD%25B2%25E6%2588%2596%25E7%2595%25B6%25E5%259C%25B0%25E6%25B3%2595%25E5%25BE%258B%25E8%25A8%25B1%25E5%258F%25AF%25E4%25B9%258B%25E5%25B9%25B4%25E9%25BD%25A1%25E3%2580%2581%25E4%25BA%25A6%25E6%2588%2596%25E8%2580%2585%25E6%2582%25A8%25E5%25B0%258D%25E6%259C%25AC%25E7%25AB%2599%25E5%2586%2585%25E5%25AE%25B9%25E5%258F%258D%25E6%2584%259F%25EF%25BC%258C&ing=1&ekc=&sid=1674991623885&tt=756AV%25E5%25BD%25B1%25E8%25A7%2586&kw=756AV%25E5%25BD%25B1%25E8%25A7%2586&cu=http%253A%252F%252F164.88.136.141%252F&pu=http%253A%252F%252F164.88.139.190%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200
Server: CloudWAF
Date: Sun, 29 Jan 2023 11:26:56 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=72dfa1135bee98a2c820; path=/
HWWAFSESTIME=1674991613181; path=/
img.krkfp.com/img/3.jpg
172.247.222.51200 OK 49 kB IP 172.247.222.51:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 856x480, components 3\012- data
Hash fe9e2793b36a3ab5986dab1606df351a
e8417e0b1c8d20538043e379ab492c40da19015d
8928fdfa84bbfb16663052f844c4fc37363aa2e2caa6f0a7d93de39a159de03a
GET /img/3.jpg HTTP/1.1
Host: img.krkfp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 11:24:58 GMT
Content-Type: image/jpeg
Content-Length: 48860
Last-Modified: Thu, 08 Dec 2022 11:52:29 GMT
Connection: keep-alive
ETag: "6391cffd-bedc"
Expires: Tue, 28 Feb 2023 11:24:58 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 44525527c181a727eefa02a4e7ff1053
f43045a5e4cda55f5ede04be0b0fd42bbdf898ba
eaea670303ac29377639856d56c0a18117fecf41b180cf6316ae8c8fa3c41e04
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EAEA670303AC29377639856D56C0A18117FECF41B180CF6316AE8C8FA3C41E04"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9420
Expires: Sun, 29 Jan 2023 14:03:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a481dee4c20c5dac35c974ab4cc87cc9
636d4b8287d5f7a612df0b068b70b7326d31dd20
105eb68106033fb86f14335c81dba27fc0065a1f7d10cc1f4a32e36828894ddd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3489
Cache-Control: max-age=157058
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:26:57 GMT
Etag: "63d60ce2-117"
Expires: Tue, 31 Jan 2023 07:04:35 GMT
Last-Modified: Sun, 29 Jan 2023 06:06:26 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
kvegg.com/32a5b957e230ebec42250e5a4a1cedde.gif
172.83.155.45200 OK 239 kB URL HTTP/2 kvegg.com/32a5b957e230ebec42250e5a4a1cedde.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 374 x 126\012- data
Size 239 kB (239313 bytes)
Hash 426267138e320e27a4b0cffc72c52b8f
88180e2539bae08f81a3bd95a67e21bb4b0f1b01
f2221414922c9bcc08485aba237fb88b36151583a6953d5a39483f208637b1a2
GET /32a5b957e230ebec42250e5a4a1cedde.gif HTTP/1.1
Host: kvegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 239313
last-modified: Sun, 18 Dec 2022 07:33:00 GMT
etag: "639ec22c-3a6d1"
expires: Sun, 29 Jan 2023 23:26:56 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 6693
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fValP9qS2Vnw5LNsw9Zv2oDQM8I7tzsHhCbAf3WUlMx6QbH1qEXekk9FCKJyjC4jD%2B%2FCmLqlZxVTS4pZqf0kjuWsVD%2BqLxc%2BDihip3DzXnTMTRhtShTTdHboYuvI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 78769c0ba95b8411-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
aooacctp.vip/logotp/xfb63.gif
172.67.161.53200 OK 801 kB URL HTTP/2 aooacctp.vip/logotp/xfb63.gif
IP 172.67.161.53:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 801 kB (800906 bytes)
Hash b67d8e3b2e6a17ef65cca5924479bcaf
170f0e54f86d9fe303bca99f7524cee878289a3f
2b6a9b53114e36c800d36b460001279b5b27d86ad0b0f79d71bd5157d7d2ba8c
GET /logotp/xfb63.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 800906
last-modified: Sun, 14 Aug 2022 07:55:32 GMT
etag: "62f8aa74-c388a"
expires: Sun, 19 Feb 2023 01:26:41 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 813506
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S0eB8f7lCDPSpZkiKU80PurvlV0UdBf8C4w4zjlhR7bhcvPt61wck80TufSWNXo3s4XQ9MkEbptZf6Udn1rxB3cQR0NPJ2HSqTObpxYT29ACjxplhE%2FuDTVhr3nowM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119da76ae6b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 44525527c181a727eefa02a4e7ff1053
f43045a5e4cda55f5ede04be0b0fd42bbdf898ba
eaea670303ac29377639856d56c0a18117fecf41b180cf6316ae8c8fa3c41e04
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EAEA670303AC29377639856D56C0A18117FECF41B180CF6316AE8C8FA3C41E04"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9420
Expires: Sun, 29 Jan 2023 14:03:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
45.199.22.2/ssiq/dht.js
45.199.22.2404 Not Found 146 B IP 45.199.22.2:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert quad9 Sinkholed
GET /ssiq/dht.js HTTP/1.1
Host: 45.199.22.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://164.88.136.141/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 29 Jan 2023 11:26:57 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
cdn-jinjutupian-cdn.com/jj/ce-AjuY.gif
172.247.80.60200 OK 925 kB URL HTTP/2 cdn-jinjutupian-cdn.com/jj/ce-AjuY.gif
IP 172.247.80.60:0
File type GIF image data, version 89a, 480 x 270\012- data
Size 925 kB (924689 bytes)
Hash 0e11450181933e0af68acede56915d20
7ad90c8cab580c0354fe9542eddafac37cbf43b1
569dc8df068a0ec4c77ab73704b63f0335ea7eaffa89c76b1f0fb2025d8b84a0
GET /jj/ce-AjuY.gif HTTP/1.1
Host: cdn-jinjutupian-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 924689
last-modified: Wed, 28 Dec 2022 16:38:44 GMT
etag: "63ac7114-e1c11"
expires: Mon, 27 Feb 2023 18:53:29 GMT
cache-control: max-age=2592000
server: dns1
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0101312000ae3dzr08E27.gif?proc=autoorient
104.110.17.24200 OK 63 kB URL HTTP/2 dimg04.c-ctrip.com/images/0101312000ae3dzr08E27.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 80\012- data
Hash 419573857f8eb1ef0362ea8e353c0b0e
b71294e20c82d9932989a9d88eab91d889a68611
be6e0321941d5d21535621aae7f59bd0fc4c5de90b5575b17ccff9d5725062c3
GET /images/0101312000ae3dzr08E27.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 62773
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=5890362
expires: Fri, 07 Apr 2023 15:39:39 GMT
date: Sun, 29 Jan 2023 11:26:57 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
kvegg.com/6a7f2c62aa4859d952d4eda2b7a35c2e.gif
172.83.155.45200 OK 433 kB URL HTTP/2 kvegg.com/6a7f2c62aa4859d952d4eda2b7a35c2e.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 433 kB (432752 bytes)
Hash 02ac1a8ca79387680c42b79fc76e7a39
82b3bcc75394e33b1ad91610a3b2185a8964bde9
fe1ab300319bb861ed9b0fa7972ac31f77b22f2f74b41f1558f21604015e60f0
GET /6a7f2c62aa4859d952d4eda2b7a35c2e.gif HTTP/1.1
Host: kvegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 432752
last-modified: Sun, 18 Dec 2022 07:33:20 GMT
etag: "639ec240-69a70"
expires: Sun, 29 Jan 2023 23:26:57 GMT
cache-control: max-age=43200
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SkL46Z9jgoAXjOPRZDKkjoK2wTqSAhUK69g9CpbK8A33ubDKkbK0Z%2BfQzPTdaBDpLSCCqMn%2F0xZXnEi8sIC7q9%2BGxtbUxCOE33aXsY64rfmsNCyB9YhK%2FOkh%2BNk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 78769c24f9f4f4ae-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
kzeoo.com/68a7807de3933bf7079116fa9df99e6f.gif
172.83.155.45200 OK 366 kB URL HTTP/2 kzeoo.com/68a7807de3933bf7079116fa9df99e6f.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 366 kB (366444 bytes)
Hash 86371c51bf2086f3a40f0e438246b662
9da793de9c620485ee91b88413b256c69dc774c5
8155b44efd09301dca9ec4bdab8e3e6445d1564fe580edd5f7575c9289843ccf
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kzeoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Sun, 29 Jan 2023 23:26:57 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2BaLj49CfH3ByuP74R9BYje6jkEqtdt75NiSGnCn369KcUXQ7yCKSZ1qU8aoOt3WQIwk3oI9sL1wPgqDU4yOPyBycguKRycKJnwQOf7TDQveuzoygsaxRzP36Gs%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7876714a4d9e6841-SEA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 307757a2d563ebc3877c19ec0b42af23
055f3f324ed5daec70feccc030d5c61f0fcc304a
b757673b685f7d5c3bc82530d3ba985a9c9811ca17893b6eea3239cbb3f8d56b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B757673B685F7D5C3BC82530D3BA985A9C9811CA17893B6EEA3239CBB3F8D56B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 307757a2d563ebc3877c19ec0b42af23
055f3f324ed5daec70feccc030d5c61f0fcc304a
b757673b685f7d5c3bc82530d3ba985a9c9811ca17893b6eea3239cbb3f8d56b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B757673B685F7D5C3BC82530D3BA985A9C9811CA17893B6EEA3239CBB3F8D56B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 307757a2d563ebc3877c19ec0b42af23
055f3f324ed5daec70feccc030d5c61f0fcc304a
b757673b685f7d5c3bc82530d3ba985a9c9811ca17893b6eea3239cbb3f8d56b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B757673B685F7D5C3BC82530D3BA985A9C9811CA17893B6EEA3239CBB3F8D56B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 21b33c4f49126a1464bbac73d02115ef
2ef2c27123c499fb7482f1b505990db96ec41274
c12b2df918954bf135befb713cce9c7f06399f2350169e02c451ba4ae7f95833
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C12B2DF918954BF135BEFB713CCE9C7F06399F2350169E02C451BA4AE7F95833"
Last-Modified: Fri, 27 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 29 Jan 2023 17:26:57 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
120.52.95.238200 OK 678 kB URL HTTP/2 p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
IP 120.52.95.238:0
ASN #133119 China Unicom IP network
File type GIF image data, version 89a, 270 x 160\012- data
Size 678 kB (677521 bytes)
Hash 94051cb1d1b77200b4462281a864b96e
e5b468a1b2f4bbdda1b6a3a0df2dcce6b3de7e06
d44d0d2dd188024b60ec38cb3f3ea10c080690175e923f90c9c2a2e862670c84
GET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: image/gif
content-length: 677521
server: openresty
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
server-timing: cdn-cache;desc=HIT, edge;dur=3
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
via: CHN-HElangfang-AREACUCC1-CACHE49[3],CHN-HElangfang-AREACUCC1-CACHE35[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE60[39],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,36]
x-hcs-proxy-type: 1
x-ccdn-cachettl: 31536000
nginx-hit: 1
cache-control: max-age=31536000
age: 18863271
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d2495f5ffdce18335e97a3b61599c4f
27a4eccd20441f98ae6ca5baefc2fdcb35ae64cf
107f91109bc19f074b35f1ce6e44d0270851e7d5df9423b2ff9cd582b10d81da
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "107F91109BC19F074B35F1CE6E44D0270851E7D5DF9423B2FF9CD582B10D81DA"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20965
Expires: Sun, 29 Jan 2023 17:16:22 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
ggtupian.qqdaishuawang.com/6446/960.120se.gif
188.114.97.1200 OK 1.4 MB URL HTTP/2 ggtupian.qqdaishuawang.com/6446/960.120se.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.4 MB (1439322 bytes)
Hash 0360c78b6c2a5f514dec38658ced6a12
153a8ceba82d0f4bf1c287652fc22d4964ac240f
db4e5efe3858e5ce98fdde2161521b3b28d5f0b239883b0492194d75740fcd99
GET /6446/960.120se.gif HTTP/1.1
Host: ggtupian.qqdaishuawang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 1439322
last-modified: Thu, 20 Oct 2022 10:47:39 GMT
etag: "6351274b-15f65a"
expires: Fri, 17 Feb 2023 11:36:22 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 924262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=de5WY1edyd2Bc9FN%2FWJ78iwfDm4qz7tIgXrMtGYH8qHN6pYX%2Blhv9To59VMWE9ADVTZwoCbP8hslMvn9dT5ESL7NlqagcQDU6z%2FbwbJQRWHshRrJO%2Buaj80NZP4Tso44omVkEi6fRGKC%2FSLNaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79119dabec5bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d2495f5ffdce18335e97a3b61599c4f
27a4eccd20441f98ae6ca5baefc2fdcb35ae64cf
107f91109bc19f074b35f1ce6e44d0270851e7d5df9423b2ff9cd582b10d81da
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "107F91109BC19F074B35F1CE6E44D0270851E7D5DF9423B2FF9CD582B10D81DA"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20965
Expires: Sun, 29 Jan 2023 17:16:22 GMT
Date: Sun, 29 Jan 2023 11:26:57 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 117e7b014b53d446368e97c2350d19c8
13f062b52180d1bc99df5d865deed977d30fe417
9c0be07084f6594204313856169776bb6561ec2a1395f461850ee9d8efcc5b0f
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Thu, 02 Feb 2023 08:48:06 GMT
ETag: "13f062b52180d1bc99df5d865deed977d30fe417"
Last-Modified: Sun, 29 Jan 2023 08:48:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 946
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79119dad3946b512-OSL
api.nn.ci/tgp/file/e79a079870c6586c555c7.gif
34.111.162.173200 OK 232 kB URL HTTP/2 api.nn.ci/tgp/file/e79a079870c6586c555c7.gif
IP 34.111.162.173:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 232 kB (231752 bytes)
Hash 07b15fa5e69cbdc673bd89d69bb7d3f9
3de719b410f8bbdff6d2f5fd3a408a56009faadd
2e27a86c01a0e898cfd917474f5312a8f89ba523a6278efbb974ff703ad2def3
GET /tgp/file/e79a079870c6586c555c7.gif HTTP/1.1
Host: api.nn.ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=2592000, public
content-encoding: gzip
content-type: image/gif
date: Sun, 29 Jan 2023 11:26:57 GMT
etag: "439d8c5e10c765c5765b9f4c6941831cea0a84f0"
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
expires: Tue, 28 Feb 2023 11:26:57 GMT
replit-cluster: teams
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
content-length: 231752
X-Firefox-Spdy: h2
api.nn.ci/tgp/file/d967234d9b5889069df8c.gif
34.111.162.173200 OK 376 kB URL HTTP/2 api.nn.ci/tgp/file/d967234d9b5889069df8c.gif
IP 34.111.162.173:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 376 kB (375929 bytes)
Hash 04e54ce866dd132de3521140b0d762aa
2d83c0d3f89fa8a2a3f32b88c56555ff5830f145
645587d1c953b0af88b6ad8cb55e5d2ba9a8afec0b9716227843fbf3fe4a9fdc
GET /tgp/file/d967234d9b5889069df8c.gif HTTP/1.1
Host: api.nn.ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=2592000, public
content-encoding: gzip
content-type: image/gif
date: Sun, 29 Jan 2023 11:26:57 GMT
etag: "010ef84bef74bdbcee9c2e5e54762af85a5396f1"
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
expires: Tue, 28 Feb 2023 11:26:57 GMT
replit-cluster: teams
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
content-length: 375929
X-Firefox-Spdy: h2
dvcasha2.ocsp-certum.com/
23.36.79.10200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 23.36.79.10:0
ASN #20940 Akamai International B.V.
Hash 259f72ac650d9c6d5bfc4176e1496a36
a002f7b43d463b5c24782c375f8a036489ee4756
eda1f31a2cf15f33fe49a8ae8775e23bfb79d8b35b52273e529e3784cde0c170
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=143
Date: Sun, 29 Jan 2023 11:26:58 GMT
Connection: keep-alive
X-N: S
api.nn.ci/tgp/file/6414e0dfd059721a14759.gif
34.111.162.173200 OK 706 kB URL HTTP/2 api.nn.ci/tgp/file/6414e0dfd059721a14759.gif
IP 34.111.162.173:0
File type GIF image data, version 89a, 900 x 200\012- data
Size 706 kB (705652 bytes)
Hash 41a86327c1fe7b14a2a09ea535b154e9
3730c0c7858c2aad35e835b13c969eea1d80051c
5b429a6bda501622320de74e05ac465d38540a86a0ccc4c2e286667fe2981eaa
GET /tgp/file/6414e0dfd059721a14759.gif HTTP/1.1
Host: api.nn.ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=2592000, public
content-encoding: gzip
content-type: image/gif
date: Sun, 29 Jan 2023 11:26:57 GMT
etag: "1a258a609723af45e0d48568c704570a19cd6405"
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
expires: Tue, 28 Feb 2023 11:26:57 GMT
replit-cluster: teams
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
content-length: 705652
X-Firefox-Spdy: h2
api.nn.ci/tgp/file/6b5f8bdf060ae098b49d5.gif
34.111.162.173200 OK 536 kB URL HTTP/2 api.nn.ci/tgp/file/6b5f8bdf060ae098b49d5.gif
IP 34.111.162.173:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 536 kB (536049 bytes)
Hash ff7b78dc703c95ee0a55f39fd57cd397
19834172e826dba5745fded5d0166dbcba69813c
2101815d35199dd6f60746c4198f98aa5e4331459fa25cdfc8ee452c14dc8cdc
GET /tgp/file/6b5f8bdf060ae098b49d5.gif HTTP/1.1
Host: api.nn.ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=2592000, public
content-encoding: gzip
content-type: image/gif
date: Sun, 29 Jan 2023 11:26:57 GMT
etag: "7a02f956041d11128d6ee4177e61628a511cebd5"
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
expires: Tue, 28 Feb 2023 11:26:57 GMT
replit-cluster: teams
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
content-length: 536049
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash bf15b2f97822b8d1d7ced4ac7dd3359f
c408c9084e5976ab02e78f31b15e43de6dd314e2
dc71cdc231367f628ff701a488bdacc0edece1e9bf7f625a6fa33f62716dd7b7
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93388
Date: Sun, 29 Jan 2023 11:26:58 GMT
Etag: "63d51c9f-1d7"
Expires: Mon, 30 Jan 2023 13:23:26 GMT
Last-Modified: Sat, 28 Jan 2023 13:01:19 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: z0MhLbagGG377o9R0Y6SUs-C-laXD4jvn50xVR3Zm8F0YwE3NJIxhQ==
Age: 1327
8881img.com/xcsj/960x80-5.gif
54.230.111.26200 OK 523 kB URL HTTP/2 8881img.com/xcsj/960x80-5.gif
IP 54.230.111.26:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 523 kB (522889 bytes)
Hash d8c74f4c27d5be4113fdf1a4ad695c13
2d6b8a3355ba0a67c3db6f2dec0521d385735cd9
233a63ef3df2519470299524bb5054df03e13804c38410ee797eabaa50bc9091
GET /xcsj/960x80-5.gif HTTP/1.1
Host: 8881img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 522889
server: nginx
date: Tue, 10 Jan 2023 19:54:26 GMT
last-modified: Sat, 07 Jan 2023 12:58:09 GMT
etag: "63b96c61-7fa89"
expires: Thu, 09 Feb 2023 19:54:26 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Kzo_fyIrxZLLiKKSTrqP20gpTrmgc1ZEdsoY4EV-LvuoKSp7XkFEWQ==
age: 1611152
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 525
Cache-Control: max-age=124619
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:26:58 GMT
Etag: "63d599c0-2d7"
Expires: Mon, 30 Jan 2023 22:03:57 GMT
Last-Modified: Sat, 28 Jan 2023 21:55:12 GMT
Server: ECS (amb/6BA4)
X-Cache: HIT
Content-Length: 727
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash bf15b2f97822b8d1d7ced4ac7dd3359f
c408c9084e5976ab02e78f31b15e43de6dd314e2
dc71cdc231367f628ff701a488bdacc0edece1e9bf7f625a6fa33f62716dd7b7
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98260
Date: Sun, 29 Jan 2023 11:26:58 GMT
Etag: "63d51c9f-1d7"
Expires: Mon, 30 Jan 2023 14:44:38 GMT
Last-Modified: Sat, 28 Jan 2023 13:01:19 GMT
Server: ECS (dcb/7F3C)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kS8CYe8TCOEaRziDsccNmWFaSh7J_2iQ06OpjL0KqZuzOq96326Bmw==
Age: 6200
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b5610320b88c26c1bbaaad0f0f4fc235
a28f6b1a8c18585cb7e2147683ede6a40a983b50
1d1d116407420db68874a206e6f44d77c7b5a5ee1c22b7d5d1f180d675e24e81
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 03:27:10 GMT
Expires: Sun, 05 Feb 2023 03:27:09 GMT
Etag: "a28f6b1a8c18585cb7e2147683ede6a40a983b50"
Cache-Control: max-age=575410,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db19b64b518-OSL
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:26:58 GMT
Last-Modified: Sun, 29 Jan 2023 10:28:03 GMT
Server: ECS (amb/6BC5)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1123
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:26:58 GMT
Last-Modified: Sun, 29 Jan 2023 11:08:15 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 727
p3.douyinpic.com/obj/tos-cn-i-dy/ba1620b405d44705a4209faa31918c24
47.246.44.225200 OK 490 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/ba1620b405d44705a4209faa31918c24
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 490 kB (490156 bytes)
Hash 419dc441741ba19c36eca52843799cea
51cebd28999b31c7fd4c8e970e9b9f5ec58b0206
e23848de59265ae9a791a8b9402752f76ff954425c952c407d765c6634c14980
GET /obj/tos-cn-i-dy/ba1620b405d44705a4209faa31918c24 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 490156
date: Sat, 28 Jan 2023 07:23:14 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 28 Jan 2023 07:01:46 GMT
nw-session-id: 20230128150146B5B2E2B1493E320C1AABtx76k01dy
nw-session-trace: 2023-01-28T15:01:46.54431085+08:00 49
x-bdcdn-cache-status: TCP_HIT
x-length: 490156
x-powered-by: ImageX
x-response-date: Sat, 28 Jan 2023 15:01:46 GMT
x-tt-logid: 20230128150146B5B2E2B1493E320C1AAB
via: n204-099-053, cache16.l2de2[0,0,206-0,H], cache11.l2de2[0,0], cache11.l2de2[0,0], cache4.se1[0,0,200-0,H], cache3.se1[1,0]
x-request-ip: fdbd:dc01:26:318::66
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 013b82a6cc4e56726502dad9d2330d2f932f31d3dcb92b3b9fb8af3938b845e0e3e75c8cbc217cec6bceb8ed55543491f15503b16886c152aaef3faa4ab6ad32a7c4f96af2fdce2a163f7e1a415155cce3a1c1784a3ffdc5d5736c4eb0cd0622c2
x-response-lb: image
ali-swift-global-savetime: 1674890594
age: 101024
x-cache: HIT TCP_MEM_HIT dirn:11:383742203
x-swift-savetime: Sat, 28 Jan 2023 07:28:46 GMT
x-swift-cachetime: 31535668
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9716749916188215885e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/4c11aeb8c50b4c9d8cb92f25fbe81a21
47.246.44.225200 OK 353 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/4c11aeb8c50b4c9d8cb92f25fbe81a21
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 500 x 280\012- data
Size 353 kB (352997 bytes)
Hash 622e16bb2d3ad62e69c43ed107e2ea3a
e65f89f4054f70bf1d35b135521da2130f36e5e8
6795f709072f7a07cb565e2c99a59aebe22cef839963621405d4916ae4a6e7ea
GET /obj/tos-cn-i-dy/4c11aeb8c50b4c9d8cb92f25fbe81a21 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 352997
date: Sat, 28 Jan 2023 08:50:17 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 28 Jan 2023 07:43:48 GMT
nw-session-id: 202301281543484AFD7CC35208250624109dtfn03dy
nw-session-trace: 2023-01-28T15:43:48.13344855+08:00 33
x-bdcdn-cache-status: TCP_HIT
x-length: 352997
x-powered-by: ImageX
x-response-date: Sat, 28 Jan 2023 15:43:48 GMT
x-tt-logid: 202301281543484AFD7CC3520825062410
via: n204-097-238, cache4.l2de2[0,0,206-0,H], cache11.l2de2[1,0], cache11.l2de2[1,0], cache5.se1[0,0,200-0,H], cache3.se1[0,0]
x-request-ip: fdbd:dc01:27:681::36
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=0
x-tt-trace-host: 0123a3f5923e5ff89010c96be95f370ed22d3aa205a1f9c2aa4d00243f346ead966e83eefbb7876a0bc33001db491a9021e974d9e76520362632300adf8c6c61d6f33c9723193904395a8c58084de8621e519313ab5455d730e2499304bff373a9
x-response-lb: image
ali-swift-global-savetime: 1674895818
age: 95800
x-cache: HIT TCP_MEM_HIT dirn:4:225618866
x-swift-savetime: Sat, 28 Jan 2023 10:12:19 GMT
x-swift-cachetime: 31531079
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9716749916188545921e
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 65c3d48561f76167b67392d787395630
5688be235964682351d2aa024673c3140ece8c19
f061eca1f44071101f5a931c7f9957adbaa34cd81c4f86f8fecf5f653de7a230
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 09:52:05 GMT
Expires: Fri, 03 Feb 2023 09:52:04 GMT
Etag: "5688be235964682351d2aa024673c3140ece8c19"
Cache-Control: max-age=425705,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db1cdcb0b31-OSL
img.1135555.com/images/63a2c881f6e21f2f8a585bc0.gif
3.36.126.81302 Found 34 kB URL HTTP/2 img.1135555.com/images/63a2c881f6e21f2f8a585bc0.gif
IP 3.36.126.81:0
File type GIF image data, version 89a, 220 x 145\012- data
Hash 4d860862cdb297ae09c9a5ef2d2e6892
0db25d1ed21776f24db7ed31a367192c1b346b26
7480a7f149e608892186b9d0e65e85b0447d8efea0f6001e6ef281f4affc35a7
GET /images/63a2c881f6e21f2f8a585bc0.gif HTTP/1.1
Host: img.1135555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/323da7ceadf44706981c54e2af0242b9
X-Firefox-Spdy: h2
d.dfghaqea.xyz/ty/C0F12FE7-FF3A-16807-33-EAD2272B414B.alpha
23.225.154.19200 OK 150 kB URL HTTP/2 d.dfghaqea.xyz/ty/C0F12FE7-FF3A-16807-33-EAD2272B414B.alpha
IP 23.225.154.19:0
Size 150 kB (149776 bytes)
Hash c049d217be095d0a0c79701416c0d005
69c64944e0809e8df3f599b8f85653de7f49552d
71c85588603271a6ee5f574b7eb3a2187891c9f4eb731f40fe564c1a3323c763
Analyzer Verdict Alert quad9 Sinkholed
GET /ty/C0F12FE7-FF3A-16807-33-EAD2272B414B.alpha HTTP/1.1
Host: d.dfghaqea.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Sun, 29 Jan 2023 11:26:56 GMT
expires: Sun, 29 Jan 2023 11:41:56 GMT
cache-control: max-age=900
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5472e3c87fbcc582dcdeb8bf777ac395
9617489a54097e53f9706606b635880cd0d2e743
c5f84204c175bedc59e78ac3a59035d54f9a567984e7861648c3bd403a550d0d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 17:17:40 GMT
Expires: Sat, 04 Feb 2023 17:17:39 GMT
Etag: "9617489a54097e53f9706606b635880cd0d2e743"
Cache-Control: max-age=538839,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db1fe66b51d-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 14f8f02ce865652f9654ff0110758e3c
e80fe9973367fb4828e5275b83b3b4bc5ecce23f
4a4279b64e6f29f02fb34fefa0cc5f517f809eefb47343d97cb7b8e3b9330c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 03:08:19 GMT
Expires: Sat, 04 Feb 2023 03:08:18 GMT
Etag: "e80fe9973367fb4828e5275b83b3b4bc5ecce23f"
Cache-Control: max-age=487878,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db1ebf5b518-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2ad599d5fb02b2dc546025666924f4f3
260d7cbdb2496cc7367761488fd41d8c5e8e70f4
fcb3ee671af2ac8cc755a5998635971bf555e08dc0cb2ddccd65397523281eba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 13:10:41 GMT
Expires: Sat, 04 Feb 2023 13:10:40 GMT
Etag: "260d7cbdb2496cc7367761488fd41d8c5e8e70f4"
Cache-Control: max-age=524020,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db20e70b51d-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d611b1ea1df80d2215a3a07475093cfb
1291c61b0335539cf88ce858ba2695584b48eb07
dbd2c8707763e05ad136b62a9bf3f24b6d59d1dace243d6cb53d7a17a07b57c3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 05:12:51 GMT
Expires: Thu, 02 Feb 2023 05:12:50 GMT
Etag: "1291c61b0335539cf88ce858ba2695584b48eb07"
Cache-Control: max-age=322550,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79119db22e1c0b31-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 022140f10fa2821df9b9170f263f0434
55b96cb76a28f3cbcb7c0822ccfa6e48b08c20c7
d6b27174bedfa2e8710acfa57958f776c9b6f6714c8d070488303303e81c718b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6B27174BEDFA2E8710ACFA57958F776C9B6F6714C8D070488303303E81C718B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sun, 29 Jan 2023 17:26:50 GMT
Date: Sun, 29 Jan 2023 11:26:59 GMT
Connection: keep-alive
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
13.227.254.6200 OK 902 kB URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP 13.227.254.6:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 902313
last-modified: Thu, 15 Dec 2022 02:17:25 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 04:17:05 GMT
etag: "8b4a95ea7cfbb7fb4d2b18efca5145f3"
x-cache: Hit from cloudfront
via: 1.1 1d57d3cbfc5a5b868b460784e4cd7888.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: J_oQEHMwfkTPzAM2JtXeaYK6aP9rhy78EVkkaesKnbXkucLCeU0Grw==
age: 25794
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
47.246.44.225200 OK 489 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 489 kB (488987 bytes)
Hash 6a7d54ecdc2d1cce357d304db217ccec
03a803d54b6a1dd16cba5d73bf4e732d8b7be263
7cd4479b97a015f11a04b2d7d94fbe78030a7e0e3de457bf72abdbf53235c7d8
GET /obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 488987
date: Sun, 08 Jan 2023 17:06:37 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 08 Jan 2023 17:06:30 GMT
nw-session-id: 20230109010630237CE87A1B921E9239855b2gs03dy
nw-session-trace: 2023-01-09T01:06:30.090734007+08:00 32
x-bdcdn-cache-status: TCP_HIT
x-length: 488987
x-powered-by: ImageX
x-response-date: Mon, 09 Jan 2023 01:06:30 GMT
x-tt-logid: 20230109010630237CE87A1B921E923985
via: n150-050-052, cache4.l2de2[0,0,206-0,H], cache17.l2de2[0,0], cache17.l2de2[1,0], cache4.se1[0,0,200-0,H], cache3.se1[1,0]
x-request-ip: fdbd:dc02:20:277::30
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 016ce8fa9a4734806856c36302115b4d3b62e2f46a5e22340a9e0afd68f42535f61b40eb4c87b4eb4d08a76657d3a06f06c194c2fa0f2a8796bc9ed45e4b03583aa8472a5bf216acbaf65500914d0b34d0a0dc701fd8b2ff6e1948ab36c3d97f4f
x-response-lb: image
ali-swift-global-savetime: 1673197598
age: 1794021
x-cache: HIT TCP_MEM_HIT dirn:4:51830946
x-swift-savetime: Sun, 08 Jan 2023 17:16:00 GMT
x-swift-cachetime: 31535438
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9716749916196186509e
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
43.154.254.32200 OK 1.4 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.4 MB (1362871 bytes)
Hash b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Sun, 29 Jan 2023 11:26:57 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 666 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: 03ed664c-805f-402e-8cb2-aa6cc637459c
X-Firefox-Spdy: h2
99997aaa.com/9a4adf46da5b405db4a02c7d645e86aa.gif
103.170.15.72200 OK 32 kB URL HTTP/1.1 99997aaa.com/9a4adf46da5b405db4a02c7d645e86aa.gif
IP 103.170.15.72:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Hash d03e7fd71c21c8991645f3f2552344eb
a0ccc1f3460dbf473b7ec6eb80a6d2109be46840
793823bfbca32a947c656f58430fd960a9e63c8819df888cfe4deb3a30a38172
Analyzer Verdict Alert quad9 Sinkholed
GET /9a4adf46da5b405db4a02c7d645e86aa.gif HTTP/1.1
Host: 99997aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63ac0e79-7dee"
Date: Fri, 20 Jan 2023 16:40:03 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 28 Dec 2022 09:38:01 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-02
Content-Length: 32238
287335kmu.com/d408cd44ac6b4add92fe94f78d7f66e5.gif
45.61.212.227200 OK 1.0 MB URL HTTP/1.1 287335kmu.com/d408cd44ac6b4add92fe94f78d7f66e5.gif
IP 45.61.212.227:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.0 MB (1020091 bytes)
Hash b3aedc862671b2fa2e2922fadaa38add
8134113e40aa47b7b0508e81c447ccea8c10e7c0
d60a38f60cbd8cc782d6ecaf7c076dea16bf5eddfdc064d0aa4c03a440d236aa
Analyzer Verdict Alert quad9 Sinkholed
GET /d408cd44ac6b4add92fe94f78d7f66e5.gif HTTP/1.1
Host: 287335kmu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635ba188-f90bb"
Date: Sun, 22 Jan 2023 13:04:01 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 09:31:52 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-27
Content-Length: 1020091
701.oss-cn-hongkong.aliyuncs.com/gg/150X150-2.gif
47.75.19.46200 OK 303 kB URL HTTP/1.1 701.oss-cn-hongkong.aliyuncs.com/gg/150X150-2.gif
IP 47.75.19.46:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 204 x 204\012- data
Size 303 kB (302941 bytes)
Hash 849d3b77a87512fb8e63de7fe770a145
7257e8ddd72330f7a2f47b86f479e1afca446948
dae2cf0264685acac5a0568c4ff2f4ad162158e367a78542e41255539c2365aa
GET /gg/150X150-2.gif HTTP/1.1
Host: 701.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sun, 29 Jan 2023 11:26:58 GMT
Content-Type: image/gif
Content-Length: 302941
Connection: keep-alive
x-oss-request-id: 63D658020E14E4363521AC62
Accept-Ranges: bytes
ETag: "849D3B77A87512FB8E63DE7FE770A145"
Last-Modified: Tue, 21 Jun 2022 08:13:57 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12517348424964693894
x-oss-storage-class: Standard
Content-MD5: hJ07d6h1EvuOY95/53ChRQ==
x-oss-server-time: 2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 64c1de1ad7913cc8d387313adbda764e
1dd3429d23298122a24e9c01ffffa36a0e377676
946d63faeeb2c05da4f88a4241168c55bcd024f8070fa2a644204de62c3b50e6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "946D63FAEEB2C05DA4F88A4241168C55BCD024F8070FA2A644204DE62C3B50E6"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Sun, 29 Jan 2023 17:26:46 GMT
Date: Sun, 29 Jan 2023 11:27:00 GMT
Connection: keep-alive
595tuchuang.com/960x120.gif
183.255.106.42200 OK 339 kB URL HTTP/1.1 595tuchuang.com/960x120.gif
IP 183.255.106.42:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type GIF image data, version 89a, 960 x 120\012- data
Size 339 kB (338572 bytes)
Hash 497ec973bccb9f68caabc1801b42057f
210fd7feea2126d002d3c8e77a9d31d3f6f90623
1eb10e6d757e0422d2244e4d4623eb008b0114f9fd22731278310e57bb9d36eb
GET /960x120.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:58 GMT
Content-Type: image/gif
Content-Length: 338572
Connection: keep-alive
Last-Modified: Sun, 01 Jan 2023 16:53:32 GMT
ETag: "63b1ba8c-52a8c"
Expires: Wed, 15 Feb 2023 09:33:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
66667aaa.com/9fbd206985734ad1bf9909bdfda127ee.gif
103.170.15.72200 OK 192 kB URL HTTP/1.1 66667aaa.com/9fbd206985734ad1bf9909bdfda127ee.gif
IP 103.170.15.72:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 120 x 120\012- data
Size 192 kB (192308 bytes)
Hash ebe898ff3b2e9d74405ec7cb21cf3849
30c43670b11153e97a38c697d6707ffd23225ab8
f7a6f4a627429f8aa0cfab204c81b1e10077a5a363c7bed4418d8733996e628e
Analyzer Verdict Alert quad9 Sinkholed
GET /9fbd206985734ad1bf9909bdfda127ee.gif HTTP/1.1
Host: 66667aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a2ca3b-2ef34"
Date: Fri, 27 Jan 2023 09:41:45 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 21 Dec 2022 08:56:27 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-02
Content-Length: 192308
88995aaa.com/69a245f275554acba6c8a88a46605bad.gif
45.61.212.58200 OK 584 kB URL HTTP/1.1 88995aaa.com/69a245f275554acba6c8a88a46605bad.gif
IP 45.61.212.58:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 584 kB (584025 bytes)
Hash ebf4ee75bbd43b703e1b1b861ba166e2
c241029604f77ad6b4f56894bc51decfededfde7
d6655adbfa7089435d168e9b1432e524f0bf11be8b80ddc499bef69bd5a376ea
Analyzer Verdict Alert quad9 Sinkholed
GET /69a245f275554acba6c8a88a46605bad.gif HTTP/1.1
Host: 88995aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a2fc5b-8e959"
Date: Sat, 28 Jan 2023 03:20:26 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 21 Dec 2022 12:30:19 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-28
Content-Length: 584025
267827wnc.com/a455af4f310f4cb78c567eafc6d017a5.gif
103.170.15.97200 OK 792 kB URL HTTP/1.1 267827wnc.com/a455af4f310f4cb78c567eafc6d017a5.gif
IP 103.170.15.97:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 120\012- data
Size 792 kB (792073 bytes)
Hash 2816c79b455d9e6a7422c4672783bfc2
5a25b2bffd6319852ae2519dd26067bcd5d2406d
10316406e8574d5f3152aad8a4f60c2f87e1b0154ac2c5049cc2f9f5dce416fb
Analyzer Verdict Alert quad9 Sinkholed
GET /a455af4f310f4cb78c567eafc6d017a5.gif HTTP/1.1
Host: 267827wnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b91cb-c1609"
Date: Tue, 10 Jan 2023 04:42:06 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:24:43 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-27
Content-Length: 792073
img.shifangshike.com/gif22.gif
154.84.8.34200 OK 52 kB URL HTTP/1.1 img.shifangshike.com/gif22.gif
IP 154.84.8.34:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 1f7893d58efcf5b8c822202cc0d5c652
a8979ed9efeaa9fec04c387f321bffacf127b941
9f896727915f20bcbd163f833b3a7f90ebbae39483805897b86a4c18d9bb28ac
GET /gif22.gif HTTP/1.1
Host: img.shifangshike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:26:59 GMT
Content-Type: image/gif
Content-Length: 51613
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 14:19:12 GMT
ETag: "630784e0-c99d"
Expires: Sat, 25 Feb 2023 02:59:54 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
img.8578a.com/images/63d4e0301eff8f93601b03a6.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.8578a.com/images/63d4e0301eff8f93601b03a6.gif
IP 3.36.126.81:0
GET /images/63d4e0301eff8f93601b03a6.gif HTTP/1.1
Host: img.8578a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/ba1620b405d44705a4209faa31918c24
X-Firefox-Spdy: h2
d.dfghaqea.xyz/ty/C75A8818-E170-17439-34-C939A0D1EB9B.alpha
23.225.154.19200 OK 0 B URL HTTP/2 d.dfghaqea.xyz/ty/C75A8818-E170-17439-34-C939A0D1EB9B.alpha
IP 23.225.154.19:0
Analyzer Verdict Alert quad9 Sinkholed
GET /ty/C75A8818-E170-17439-34-C939A0D1EB9B.alpha HTTP/1.1
Host: d.dfghaqea.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:26:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Sun, 29 Jan 2023 11:26:56 GMT
expires: Sun, 29 Jan 2023 11:41:56 GMT
cache-control: max-age=900
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
qp.ezfxpuo.cn/960X120.gif
218.66.171.96200 OK 0 B URL HTTP/2 qp.ezfxpuo.cn/960X120.gif
IP 218.66.171.96:0
GET /960X120.gif HTTP/1.1
Host: qp.ezfxpuo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: NgxFence
date: Sun, 29 Jan 2023 11:27:00 GMT
content-type: image/gif
content-length: 343540
x-oss-request-id: 63A4A4F3FC567C3433B988B2
etag: "08039628F9A83344699D3AF12B5D6035"
last-modified: Tue, 29 Nov 2022 08:27:10 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10633121899703716531
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: CAOWKPmoM0RpnTrxK11gNQ==
x-oss-server-time: 1
x-cache: HIT
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2
link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
3.36.126.81302 Found 0 B URL HTTP/2 link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
IP 3.36.126.81:0
GET /images/63ba73b1a92cd2097e833f9d.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
X-Firefox-Spdy: h2
img.3852a.com/images/63d4e0481eff8f93601b03a8.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.3852a.com/images/63d4e0481eff8f93601b03a8.gif
IP 3.36.126.81:0
GET /images/63d4e0481eff8f93601b03a8.gif HTTP/1.1
Host: img.3852a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://164.88.136.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/4c11aeb8c50b4c9d8cb92f25fbe81a21
X-Firefox-Spdy: h2