mettlenergy.com/
206.233.154.34 0 B IP 206.233.154.34:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 04 Jun 2023 13:54:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /byf.php
206.233.154.34 1.0 kB IP 206.233.154.34:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (527), with CRLF line terminators
Hash 7f51a6ba0178fac31d7cd62bc89949c5
fef5e0289b01c9227c59a855789dc3e48304d961
3bf8841e55c464ead8b99906eae3902a48e98ce276cde4dc5a20a3e9c0f5d3f6
NIDS Severity Alert suricata medium ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017
suricata medium ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017
GET /byf.php HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Jun 2023 13:54:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
mettlenergy.com/product/wujiaqu_hsx
206.233.154.34 0 B URL User Request GET mettlenergy.com/product/wujiaqu_hsx
IP 206.233.154.34:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /product/wujiaqu_hsx HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 04 Jun 2023 13:54:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /byf.php
206.233.154.34 1.0 kB IP 206.233.154.34:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (527), with CRLF line terminators
Hash 7f51a6ba0178fac31d7cd62bc89949c5
fef5e0289b01c9227c59a855789dc3e48304d961
3bf8841e55c464ead8b99906eae3902a48e98ce276cde4dc5a20a3e9c0f5d3f6
NIDS Severity Alert suricata medium ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017
suricata medium ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017
GET /byf.php HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Jun 2023 13:54:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
mettlenergy.com/js/jquery.js
206.233.154.34200 OK 447 B URL GET HTTP/1.1 mettlenergy.com/js/jquery.js
IP 206.233.154.34:80
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
Requested by http://mettlenergy.com/byf.php
File type HTML document, ASCII text
Hash 862c3f4b31a391af9d4a0a31333b3e8a
28f283c3adf37668e1404b37aa58092346dcb64e
22b3aff1d3aae76dd4944a76bcfc5a74fce8dcbc19688c0de37b47d83ad7c410
GET /js/jquery.js HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/byf.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Jun 2023 13:54:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 05 Jun 2023 01:54:32 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.14.101 471 B IP 104.18.14.101:0
Hash 45815fedd41b47eb2e00213b8a7d2db7
71b66479829852f5778b31a50bfebb5d280363c8
03f91c54a9c6065defd9aeb0bbab04f8fce9132338ee4094442abde902cfbc94
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Jun 2023 13:54:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Jun 2023 07:31:55 GMT
Expires: Fri, 09 Jun 2023 07:31:54 GMT
Etag: "71b66479829852f5778b31a50bfebb5d280363c8"
Cache-Control: max-age=408441,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d20ab1bcaf6b4ee-OSL
www.boyingfa.vip/gg.js
67.21.72.252200 OK 490 B IP 67.21.72.252:443
Requested by http://mettlenergy.com/byf.php
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (462)
Hash 0ebce535dc1ef3831e87851a5a6ce694
b8b2c01d18fcace2a0f3ccb68d2aa503d61fba73
620dd37c3fb6591efec7249d1ef392b9738d6085555f88842bb75ab4233d9db6
GET /gg.js HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: application/javascript
content-length: 490
last-modified: Thu, 05 Jan 2023 15:17:09 GMT
etag: "63b6e9f5-1ea"
expires: Mon, 05 Jun 2023 01:54:33 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
push.zhanzhang.baidu.com/push.js
182.61.201.94200 OK 227 B URL GET HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.94:80
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://mettlenergy.com/byf.php
File type ASCII text, with no line terminators
Hash 1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sun, 04 Jun 2023 13:54:32 GMT
Etag: "4078521116"
Expires: Mon, 03 Jun 2024 13:54:32 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=088824AB434BCD043FFDD582315C5FB8:FG=1; max-age=31536000; expires=Mon, 03-Jun-24 13:54:32 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
mettlenergy.com/favicon.ico
206.233.154.34200 OK 9.7 kB URL GET HTTP/1.1 mettlenergy.com/favicon.ico
IP 206.233.154.34:80
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
Requested by http://mettlenergy.com/byf.php
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 85c388eb8979fbba56ac386d69e172ba
272e6985d546e2111e2ebb16d02d43486a3a0dbc
efd334e5074472f01fd521726123c8db2de9d763d551baf7b30010ab1301e9cf
GET /favicon.ico HTTP/1.1
Host: mettlenergy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/byf.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Jun 2023 13:54:33 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
www.boyingfa.vip/picture/logo.png
67.21.72.252200 OK 19 kB URL GET HTTP/2 www.boyingfa.vip/picture/logo.png
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type PNG image data, 497 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 41e6c5af9c5c64baf9a3dd12eed7deb4
c250ce7a9b08b1c3709d7af0fd980bfebc7d7a06
441ba3a7794bcff76b5698c3e3ffa2760e04a7f7062254d754fc243408afaf5e
GET /picture/logo.png HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/png
content-length: 18710
last-modified: Sat, 07 Jan 2023 11:25:30 GMT
etag: "63b956aa-4916"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.buypass.com/
23.33.119.18 1.7 kB IP 23.33.119.18:0
ASN #20940 Akamai International B.V.
Hash 6fd06bb99ca29e3db49014b2397fe2f4
32488a8e142be182f12cfec7d058858fcede741e
3a24ce52ea12ae33896929a3a81da1298b7815acf3774babaf794664161fe367
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: c9839ef7-76dd-4aa1-807e-c0f6b82bd3f1
Content-Length: 1701
Date: Sun, 04 Jun 2023 13:54:33 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.14.101 472 B IP 104.18.14.101:0
Hash b8da5bdd51a57cf500984d2648679a98
ce90f80ac72de990ee6e21d137230e7340570e11
33cf2f2dd70fb7a7dd10670404bdcb1d9b6c7e2b898da53f554d9178579ba7bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Jun 2023 13:54:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Jun 2023 11:18:43 GMT
Expires: Fri, 09 Jun 2023 11:18:42 GMT
Etag: "ce90f80ac72de990ee6e21d137230e7340570e11"
Cache-Control: max-age=422048,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d20ab222b76b4ee-OSL
api.share.baidu.com/s.gif?l=http://mettlenergy.com/byf.php
112.34.113.148200 OK 0 B URL GET HTTP/1.1 api.share.baidu.com/s.gif?l=http://mettlenergy.com/byf.php
IP 112.34.113.148:80
ASN #9808 China Mobile Communications Group Co., Ltd.
Requested by http://mettlenergy.com/byf.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://mettlenergy.com/byf.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sun, 04 Jun 2023 13:54:33 GMT
img.1281a.xyz/images/645b9ef0753dd994a618e5f1.gif
103.166.246.24302 Found 0 B URL GET HTTP/2 img.1281a.xyz/images/645b9ef0753dd994a618e5f1.gif
IP 103.166.246.24:443
Requested by https://www.boyingfa.vip/
Certificate IssuerLet's Encrypt
Subject1281a.xyz
Fingerprint75:33:AE:11:34:99:12:59:D0:11:42:41:CC:D9:7D:3C:22:7C:1B:E4
ValidityWed, 10 May 2023 08:47:46 GMT - Tue, 08 Aug 2023 08:47:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/645b9ef0753dd994a618e5f1.gif HTTP/1.1
Host: img.1281a.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-length: 0
referrer-policy: no-referrer
cache-control: max-age=1800
location: https://files.backmoestream.xyz/proxy/2mQVehu5ANUUJxzhqYso067NPqPYEBGvcwwMS36yrTCVn5hFY4pfL4dEO3K19F+UYSwOF+S5bIEJpPHhcHAqpjt5kzK2btNX/7Js/EE+z44=
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/zj.gif
67.21.72.252200 OK 59 kB URL GET HTTP/2 www.boyingfa.vip/picture/zj.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Hash 66123891b18e8b20fa48a4336b78d395
9ca229899af18c6d9e40219304a1b9ae90f25a44
f27459cb6180f76565908c12d091fd3e715e32564b6d391cc5b1cfdc0a1ea1d4
GET /picture/zj.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 58809
last-modified: Tue, 16 May 2023 14:48:46 GMT
etag: "646397ce-e5b9"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
m10022.com/1000x60.gif
172.83.155.45200 OK 267 kB IP 172.83.155.45:443
ASN #201106 Spartan Host Ltd
Requested by https://www.boyingfa.vip/
Certificate IssuerLet's Encrypt
Subjectm10022.com
Fingerprint37:1B:88:9E:60:ED:F9:8B:DA:BD:51:91:70:C3:72:A1:DD:4F:35:61
ValidityMon, 03 Apr 2023 06:38:46 GMT - Sun, 02 Jul 2023 06:38:45 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Size 267 kB (267139 bytes)
Hash e8d9e70cf9288b0f4a1b36882ca2eb57
cae69edabda7d1690d369b4769c024b0d9447181
0555070567d98dea0f925c5e17a7ae707d5e71ffa85eee0cc5b61944d265b06e
GET /1000x60.gif HTTP/1.1
Host: m10022.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 267139
last-modified: Thu, 20 Apr 2023 09:21:10 GMT
etag: "64410406-41383"
expires: Sun, 02 Jul 2023 15:42:04 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 68544
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5Ct11jH5QrsjBN8MaNtWv6XslBSPe8poNuKlWjcchfZ3271Dl4itU%2BQBwqv1QaKa2StUmRJmZzthjUuGsp3hZMAhftKUXxeb0eM0MGpyvKKpj%2BN%2FfGYcBKSgT2U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7d1757508843f8d9-SEA
alt-svc: h3=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/227.gif
67.21.72.252200 OK 188 kB URL GET HTTP/2 www.boyingfa.vip/picture/227.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Size 188 kB (187777 bytes)
Hash 810326aeadfc47b9255b3783855b0c87
b903fdbd92ddfb1f3f9e77bc89a7705a45630112
a7fb3adb80b9e416de5b78aeb297573aaa15129205dca4ca6753fd2be79dc5e0
GET /picture/227.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 187777
last-modified: Thu, 30 Mar 2023 16:29:56 GMT
etag: "6425b904-2dd81"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/ued.gif
67.21.72.252200 OK 209 kB URL GET HTTP/2 www.boyingfa.vip/picture/ued.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 100\012- data
Size 209 kB (208720 bytes)
Hash 7070e3be8af0b8f133750f2ac36634cb
349e6385dca247b8d0c2e240dc19785606712d19
93b16d2991ef5d6eccea9467dcd5d4ae3362f5eac11cbcf0e7b9698574555898
GET /picture/ued.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 208720
last-modified: Tue, 23 May 2023 16:03:14 GMT
etag: "646ce3c2-32f50"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/tqb.gif
67.21.72.252200 OK 302 kB URL GET HTTP/2 www.boyingfa.vip/picture/tqb.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 100\012- data
Size 302 kB (301468 bytes)
Hash fa83c138adaacfc1f0cad5f5bf66fb30
2426d421572b53ba90f2a758d2e1ca32d6fb495c
25275f2b3159fc1d0100fd118d6eb128644d688e12d018033afc4d6d5bb8d329
GET /picture/tqb.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 301468
last-modified: Tue, 23 May 2023 16:03:22 GMT
etag: "646ce3ca-4999c"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/5799.gif
67.21.72.252200 OK 426 kB URL GET HTTP/2 www.boyingfa.vip/picture/5799.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Size 426 kB (426288 bytes)
Hash 7e0e34ef6bb486945bda1bc752030155
fdf22c1b033d3e5f9c5dfa3a413eedde76bda14d
2eec8fda5af21eca78fc9450aaacd705fcd421f0d87fa65e91fca140416630ff
GET /picture/5799.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 426288
last-modified: Fri, 05 May 2023 13:47:37 GMT
etag: "645508f9-68130"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/qyh.gif
67.21.72.252200 OK 228 kB URL GET HTTP/2 www.boyingfa.vip/picture/qyh.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1200 x 90\012- data
Size 228 kB (228409 bytes)
Hash f4aca97324d063946c2d3a6224a4133e
13dcd7e8a9865b336dcdb5826b1f67a575b2ccfd
e1ba5478a18c72bebf91300e34a9362d0e63c2569fa7c55cabf50ac0846ba552
GET /picture/qyh.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 228409
last-modified: Tue, 23 May 2023 16:03:27 GMT
etag: "646ce3cf-37c39"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/thwj.gif
67.21.72.252200 OK 260 kB URL GET HTTP/2 www.boyingfa.vip/picture/thwj.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1200 x 90\012- data
Size 260 kB (259910 bytes)
Hash 1a667054107e08bb419e3ed214657478
ed208b097e9e74c77f795de0242db33232f7671f
eab59d3e0454f5de626e809a656cb65cea4ec199d45026298f8406528cb4e402
GET /picture/thwj.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 259910
last-modified: Tue, 23 May 2023 16:03:23 GMT
etag: "646ce3cb-3f746"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/lw.gif
67.21.72.252200 OK 232 kB URL GET HTTP/2 www.boyingfa.vip/picture/lw.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1200 x 90\012- data
Size 232 kB (232491 bytes)
Hash ccf11010942f58595435943ea3e53213
7bce706be515af495e0c1c771fb026e7c0f13dea
a28126daf17849df6cdae756f722378c1e755363cd35be51188e80299a234a7b
GET /picture/lw.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 232491
last-modified: Tue, 23 May 2023 16:03:25 GMT
etag: "646ce3cd-38c2b"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/154.gif
67.21.72.252200 OK 476 kB URL GET HTTP/2 www.boyingfa.vip/picture/154.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 476 kB (475803 bytes)
Hash f2b5398762c4bb19d4024ceaef57aa27
da986b1e6742d0b1a090d2a9fa1ec0c7c98e7f31
52b30bbd7b33d03437e11258a8225458e73d737a424c06694e5235fbb5b2dfe6
GET /picture/154.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 475803
last-modified: Thu, 11 May 2023 16:56:24 GMT
etag: "645d1e38-7429b"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/9500.gif
67.21.72.252200 OK 447 kB URL GET HTTP/2 www.boyingfa.vip/picture/9500.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 447 kB (446990 bytes)
Hash d4c3f6ea538ca2743623d74354981a80
f66918d2bebcc84cfba8935e28824d66696afd35
0e66cff2bad2fee1428d731253ee9c2c93ab731089489300f153dadbb2c62c17
GET /picture/9500.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 446990
last-modified: Sat, 07 Jan 2023 11:21:52 GMT
etag: "63b955d0-6d20e"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/5115.gif
67.21.72.252200 OK 313 kB URL GET HTTP/2 www.boyingfa.vip/picture/5115.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 313 kB (312864 bytes)
Hash e7593fc8dcb539808b00a5eebc62716a
f052b6589fd43358438fc4796ef0ab89c7d2bf38
2b7c34d61d22b1ff5c859b5fb207dd8626027ccef57d75543efd9490fae77b82
GET /picture/5115.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 312864
last-modified: Sun, 15 Jan 2023 06:03:02 GMT
etag: "63c39716-4c620"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/usdt.gif
67.21.72.252200 OK 1.8 MB URL GET HTTP/2 www.boyingfa.vip/picture/usdt.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.8 MB (1812045 bytes)
Hash 4e11225f2902b2ee91ad757ae66f00f6
d1f112e5dd428890a2443d888e36c9f95e6e3606
ea5cd84f3fde7e799af65ee222faefacfa24d0a778807862e98eaafd821ab1c4
GET /picture/usdt.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 1812045
last-modified: Tue, 14 Feb 2023 10:27:54 GMT
etag: "63eb622a-1ba64d"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/650.gif
67.21.72.252200 OK 452 kB URL GET HTTP/2 www.boyingfa.vip/picture/650.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 452 kB (452471 bytes)
Hash 3b52b1f124fbc6ea28387f7379280069
af9e53bfd46efa4a43397f22afc20219ad1a97bb
97c2b44e11c651dc723630760343f8f6260facf19fb501ec7623d878c097c2d4
GET /picture/650.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 452471
last-modified: Sat, 07 Jan 2023 11:16:36 GMT
etag: "63b95494-6e777"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
u1044.com/026fa3f9ae6f4facb4dfaef294fd1849.gif
103.170.15.67200 OK 383 kB URL GET HTTP/2 u1044.com/026fa3f9ae6f4facb4dfaef294fd1849.gif
IP 103.170.15.67:443
ASN #7483 Skycloud Computing co., Ltd.
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectu1044.com
FingerprintE9:27:98:76:1D:C0:47:E2:F5:20:22:C2:7C:6E:20:BF:3B:97:14:EB
ValiditySat, 29 Oct 2022 00:00:00 GMT - Sun, 29 Oct 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Size 383 kB (383133 bytes)
Hash 8ac41dac45a5d676ec75cd0aba61cd96
74df0ac9290ce82c2aa6d506e0f320f57ce13615
152f9aa89dd31327c2a9baae4b965f5bc4f571b094cfa4f27c5beb71832af7f8
GET /026fa3f9ae6f4facb4dfaef294fd1849.gif HTTP/1.1
Host: u1044.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=86400
etag: "646b29d1-5d89d"
server: nginx
date: Wed, 24 May 2023 20:29:23 GMT
content-type: image/gif
last-modified: Mon, 22 May 2023 08:37:37 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-57
content-length: 383133
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/bydr.gif
67.21.72.252200 OK 546 kB URL GET HTTP/2 www.boyingfa.vip/picture/bydr.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 546 kB (546346 bytes)
Hash 55c8dcd4668a91ecc59cdb349d764ad8
aa00fbdb8336c030b7a2875f56d619134ab8fb7f
70921c7561b02e404662cba6af3e579ff62ea5c0327b7e7843be9692ad076808
GET /picture/bydr.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 546346
last-modified: Sat, 07 Jan 2023 11:23:55 GMT
etag: "63b9564b-8562a"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/bet365.gif
67.21.72.252200 OK 452 kB URL GET HTTP/2 www.boyingfa.vip/picture/bet365.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 60\012- data
Size 452 kB (451716 bytes)
Hash 36d86ea77fafff63f1eae5038019af3a
d0c0dc3609d6cb61dd3fc52c4ea4954a441f9d4a
f8835617ab73ffa19d15e79b058a3dacf954224d8a673f896e3cb7f783775f20
GET /picture/bet365.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 451716
last-modified: Sat, 07 Jan 2023 11:23:27 GMT
etag: "63b9562f-6e484"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/58.gif
67.21.72.252200 OK 514 kB URL GET HTTP/2 www.boyingfa.vip/picture/58.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 120\012- data
Size 514 kB (514349 bytes)
Hash 0e00b8809d40385de0707abdcf42e569
aae4442cc71548e901d05a1e9f225e0380b03666
4e5d771e2ad5a7cb23923e49a7c454469d99bdb576a4dd9d327bee09a5034420
GET /picture/58.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 514349
last-modified: Sun, 12 Mar 2023 13:15:44 GMT
etag: "640dd080-7d92d"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.boyingfa.vip/picture/qm2.gif
67.21.72.252200 OK 360 kB URL GET HTTP/2 www.boyingfa.vip/picture/qm2.gif
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1000 x 102\012- data
Size 360 kB (359938 bytes)
Hash 31af6a4147ca8ca5db915622f6f773cf
c76be7a724532dfa73b6bad69d5eab402a535d6b
7eb5cb0ebffef908f39c671a02d19d04239dc9259ab197e3df5a5c05887c4793
GET /picture/qm2.gif HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: image/gif
content-length: 359938
last-modified: Sat, 07 Jan 2023 11:25:47 GMT
etag: "63b956bb-57e02"
expires: Tue, 04 Jul 2023 13:54:33 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
files.backmoestream.xyz/proxy/2mQVehu5ANUUJxzhqYso067NPqPYEBGvcwwMS36yrTCVn5hFY4pfL4dEO3K19F+UYSwOF+S5bIEJpPHhcHAqpjt5kzK2btNX/7Js/EE+z44=
103.166.246.24200 OK 357 kB URL GET HTTP/2 files.backmoestream.xyz/proxy/2mQVehu5ANUUJxzhqYso067NPqPYEBGvcwwMS36yrTCVn5hFY4pfL4dEO3K19F+UYSwOF+S5bIEJpPHhcHAqpjt5kzK2btNX/7Js/EE+z44=
IP 103.166.246.24:443
Requested by https://www.boyingfa.vip/
Certificate IssuerLet's Encrypt
Subjectbackmoestream.xyz
Fingerprint48:00:12:EB:61:AD:C7:13:2A:6A:97:BA:BF:64:C2:BE:F2:EA:18:6D
ValidityTue, 28 Mar 2023 10:46:52 GMT - Mon, 26 Jun 2023 10:46:51 GMT
File type GIF image data, version 89a, 960 x 60\012- data
Size 357 kB (356686 bytes)
Hash 66d2fa59067b15b2d766848d131af7ec
b1aba94369e4f17239e928f654303a9f553c3361
0eaa133ce27b3acea8353f6a576509a4af37d876e625096748679f47323093c8
GET /proxy/2mQVehu5ANUUJxzhqYso067NPqPYEBGvcwwMS36yrTCVn5hFY4pfL4dEO3K19F+UYSwOF+S5bIEJpPHhcHAqpjt5kzK2btNX/7Js/EE+z44= HTTP/1.1
Host: files.backmoestream.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:34 GMT
content-type: image/gif
content-length: 356686
access-control-allow-origin: *
cache-control: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-27=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.boyingfa.vip/css/basic.css
67.21.72.252200 OK 3.3 kB URL GET HTTP/2 www.boyingfa.vip/css/basic.css
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (3422), with no line terminators
Hash 2c544ab535c614b97828eb4694a1964b
af87ad4928d741cf65c3ebcd108ec7a35ef3fe36
979f6ab06b280ae29a64a80a8ab935952bfda3cd481e1560ca5bcab9f54cbab5
GET /css/basic.css HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: text/css
last-modified: Tue, 21 Dec 2021 10:10:38 GMT
vary: Accept-Encoding
etag: W/"61c1a81e-ce2"
expires: Mon, 05 Jun 2023 01:54:33 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.boyingfa.vip/
67.21.72.252200 OK 7.3 kB IP 67.21.72.252:443
Requested by http://mettlenergy.com/byf.php
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7359), with no line terminators
Hash 6e36b03bca7c8b084e8a17f3d8e1ad79
3539c8fd948e557054229635ddc580beefec8315
33de36b41845ae593d05ef495ca628668bbac763343eebff07be67f666990316
GET / HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: text/html
last-modified: Thu, 01 Jun 2023 09:37:41 GMT
vary: Accept-Encoding
etag: W/"647866e5-1c69"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
im.im83u.com/wg-2023440066/960-60.gif
0.0.0.0 0 B URL GET im.im83u.com/wg-2023440066/960-60.gif
IP 0.0.0.0:0
Requested by https://www.boyingfa.vip/
Certificate IssuerBuypass AS-983163327
Subjectim.im83u.com
Fingerprint01:A3:D2:B2:06:3A:E7:DD:A1:25:C7:FE:56:18:A3:59:74:7F:EB:E0
ValidityThu, 23 Mar 2023 09:37:11 GMT - Mon, 18 Sep 2023 21:59:00 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wg-2023440066/960-60.gif HTTP/1.1
Host: im.im83u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=2592000
content-encoding: br
content-type: image/gif
date: Sun, 04 Jun 2023 02:07:22 GMT
etag: "1685884615_br"
expires: Tue, 04 Jul 2023 02:07:22 GMT
last-modified: Sun, 04 Jun 2023 13:16:55 GMT
server: nginx
vary: Accept-Encoding
x-cache: HIT, policy, memory
X-Firefox-Spdy: h2
www.boyingfa.vip/css/global.css
67.21.72.252200 OK 53 kB URL GET HTTP/2 www.boyingfa.vip/css/global.css
IP 67.21.72.252:443
Requested by https://www.boyingfa.vip/
Certificate IssuerSectigo Limited
Subjectwww.boyingfa.vip
Fingerprint15:70:FF:99:34:18:2B:12:B3:4E:B4:85:B6:0A:F4:11:C8:15:41:C5
ValiditySun, 20 Nov 2022 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (327), with LF, NEL line terminators
Hash 579e257da800dae12aafa45b6655ebed
29c98ab4ab32cd1d28a14c69dcfefa1c89d7727a
24a69aa68bba963903cf850a1e14760cb25df1b1acef6e35fa79765e1fe3c07a
GET /css/global.css HTTP/1.1
Host: www.boyingfa.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.boyingfa.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Jun 2023 13:54:33 GMT
content-type: text/css
last-modified: Tue, 21 Dec 2021 10:10:38 GMT
vary: Accept-Encoding
etag: W/"61c1a81e-cf96"
expires: Mon, 05 Jun 2023 01:54:33 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bootscdn.net/ajax/libs/jquery/3.6.1/jquery.js
0.0.0.0 0 B URL GET cdn.bootscdn.net/ajax/libs/jquery/3.6.1/jquery.js
IP 0.0.0.0:0
Requested by http://mettlenergy.com/byf.php
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint94:EE:32:E7:FB:08:F6:EB:B6:82:D9:D0:5E:51:70:D4:BB:87:6A:C1
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ajax/libs/jquery/3.6.1/jquery.js HTTP/1.1
Host: cdn.bootscdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mettlenergy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Jun 2023 13:54:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sunday, 04-Jun-2023 13:54:32 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B9KJV6icDo4bpfsvylrFGoM1PzEfGMN04E5l%2BU2MYa8K%2BoXKadGss5hLchtPfVFDvCz4Fm3v5h3xXBJoJyWTZinEXWV1K06irP78px1LXyXoZSkvr15kLq4nRcUMlq15YZso"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d20ab178e8e0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2