r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11768
Expires: Sat, 03 Dec 2022 11:27:35 GMT
Date: Sat, 03 Dec 2022 08:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5768
Expires: Sat, 03 Dec 2022 09:47:35 GMT
Date: Sat, 03 Dec 2022 08:11:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2395
Cache-Control: max-age=97183
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:11:27 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:11:10 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aFyq9xa4SyonHDxttCNK2LCxlRlBIdKTqb7J4uAA+1ieKI584dhlaeaLvTontCaKwhUGE6f06qs=
x-amz-request-id: A2855E3QJ1AXBQD1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 07:47:02 GMT
age: 1465
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 07:18:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3193
alt-svc: clear
X-Firefox-Spdy: h2
terroantkiller.com/
192.177.48.49301 Moved Permanently 0 B IP 192.177.48.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: terroantkiller.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.terroantkiller.com/index.php
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:11:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 08:11:17 GMT
cache-control: public,max-age=3600
age: 10
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2373
Cache-Control: max-age=92099
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:11:28 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:46:27 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.terroantkiller.com/index.php
154.64.12.112200 OK 501 B URL HTTP/1.1 www.terroantkiller.com/index.php
IP 154.64.12.112:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (531), with CRLF line terminators
Hash e3441c5ebb8c616ebd313a5121d56158
2e4c81ea05b6371f4b94ad11d740e98dc7ef39d5
b7e67d0df5ffdc9d96669148310b5ca0e94c2362208f8ea2716aaf3f226d0940
GET /index.php HTTP/1.1
Host: www.terroantkiller.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
44.240.159.184101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.159.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qn4Xt78qG63KLtfExyzSVw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2kS8E4TeEvogztJYqHlUBbt0xYE=
www.terroantkiller.com/common.js
154.64.12.112200 OK 688 B URL HTTP/1.1 www.terroantkiller.com/common.js
IP 154.64.12.112:0
ASN #139646 HONG KONG Megalayer Technology Co.,Limited
File type HTML document, ASCII text, with very long lines (355), with CRLF line terminators
Hash f356e0f10646931d9460a4888029f955
1a72cbbd125116f919f87a4bd981beb6270f5a72
8ef6343d3bc6126c7ddc9b9db82db0d25df4f37a91c4b7f745a038148f21003a
GET /common.js HTTP/1.1
Host: www.terroantkiller.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.terroantkiller.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:33 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 668b7cb3d12be160c1ac558308bf78d8
1c7b0456abf97007b608aea2e261cb764d2a25a3
8a2f078d9a6d8005c5371b89cb2cedd3818ba19b11d7a2d913bd277f232ac0fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A2F078D9A6D8005C5371B89CB2CEDD3818BA19B11D7A2D913BD277F232AC0FC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 03 Dec 2022 14:11:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
qmjijs-niudyeh-eyqujd.com/
207.60.165.146200 OK 5.9 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/
IP 207.60.165.146:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1252), with CRLF line terminators
Hash eeadf0a22e57715abb3885f5c449c6ec
14fd09efa11411098e9c0f5413be158d52027dd2
b57a42802351c57134230ccbb96a4aec4f86f1cb7f33d65faa3468fb38a900de
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.terroantkiller.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre; path=/
X-Powered-By: PHP/7.1.33, ASP.NET
Date: Sat, 03 Dec 2022 08:11:35 GMT
Content-Length: 5897
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4080
Expires: Sat, 03 Dec 2022 09:19:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4080
Expires: Sat, 03 Dec 2022 09:19:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4080
Expires: Sat, 03 Dec 2022 09:19:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4080
Expires: Sat, 03 Dec 2022 09:19:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4080
Expires: Sat, 03 Dec 2022 09:19:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8498f68-55a6-46be-9eb1-671b7a90a148.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8498f68-55a6-46be-9eb1-671b7a90a148.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce5811e1c83156e6a6d4557c33faafe5
ba23b3c6adc42832ccd60941123d78dab3e435d5
a9394a4f8f80733a19fb03bc3ad216f4e15c9ba7110e2e181272304ea2f3f2df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8498f68-55a6-46be-9eb1-671b7a90a148.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3321
x-amzn-requestid: b418b18c-969e-4525-8263-0c910593f7fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN2HJaoAMFQ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-5196fa3028f5fb80160617af;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MWBXvM2iS-PFfaBrG8uteifjCljCO_DnjEmXodiSvwN2Es_YkBWDLQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 38022
etag: "ba23b3c6adc42832ccd60941123d78dab3e435d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231cb69d-ef31-41ab-9446-6cfaebcbc544.webp
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231cb69d-ef31-41ab-9446-6cfaebcbc544.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be863c89aae9b81ce6aae9b6a560f54b
c879d5cd69263f4034aed5dec94e7a43bfc00840
c68ab0b0daf449e3ed059da94150a686aae2f76d2d0212c11634409b49b85bdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231cb69d-ef31-41ab-9446-6cfaebcbc544.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7491
x-amzn-requestid: 4cd45131-6fd8-45e6-8bc5-fdbfd886b224
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsiBEB2IAMFblg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427a6-725a0f1639a61f5d3c154456;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:14:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qzgfdl0MsBXjjOqW2iy1Oyqgd-igLKulIze6uE9ynMjK8VZVl47stQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 02:14:43 GMT
age: 21406
etag: "c879d5cd69263f4034aed5dec94e7a43bfc00840"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 34345
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 436b46a2eea584bd8ec1dba5603c8659
fed437d1919af63f9d58396f318568aadae3d868
fff21dd129f35807bfc29c6582661a79e764238076e540968b57fcad18811566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8016
x-amzn-requestid: bfb5f288-4467-467a-9b30-1055a4e6bc54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZPeE4nIAMFvnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2f-53a5a66704157f4e003ecfa4;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:35 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lUqXgbpEaZh9DO_rv0K5pzHUAF1DsASkKYNTU6t5AUWZjHNV9LRojA==
via: 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:43:49 GMT
age: 37660
etag: "fed437d1919af63f9d58396f318568aadae3d868"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 38015
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcdb77a21f91a4a280ac9a8efbc48bbd
74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d
5ee7c45f21b38c653d03a24b10a190a9e9266226d221b006e787cd3719088d7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11233
x-amzn-requestid: 04a762c8-8d2a-405a-a2e2-386a4da3c57f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZxHZEJXoAMFzqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386fbc8-174cbfee1ea6b7093fc18c58;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 06:44:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3tSASLdggPnNrG2bqgvMF5fbE-EoamXkl6kX-kLSPkJwmIdQ6NMsJQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:53:20 GMT
age: 37089
etag: "74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/ate.css
207.60.165.146200 OK 4.5 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/ate.css
IP 207.60.165.146:0
File type ASCII text, with CRLF line terminators
Hash 1164a38c5186eff1838f351d96dbd192
1f5c06f7969ca9602774591594b1d4170137cdc3
fec2bebf191e9c67f3ce3234909acb71fa272057962f230dce334cdfd514b3e2
GET /template/m1938pc/css/ate.css HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 24 Jan 2021 07:28:36 GMT
Accept-Ranges: bytes
ETag: "06ae58622f2d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:35 GMT
Content-Length: 4498
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3321e622345c205dfde247bc879434f5
f90ab206fcc19ca5e014a3a078d71543d65c2b21
6930a222fa4df325494fa0eb1f417ab91cac75cfeae029481d3c127b5c4c5b93
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6930A222FA4DF325494FA0EB1F417AB91CAC75CFEAE029481D3C127B5C4C5B93"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6120
Expires: Sat, 03 Dec 2022 09:53:29 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3321e622345c205dfde247bc879434f5
f90ab206fcc19ca5e014a3a078d71543d65c2b21
6930a222fa4df325494fa0eb1f417ab91cac75cfeae029481d3c127b5c4c5b93
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6930A222FA4DF325494FA0EB1F417AB91CAC75CFEAE029481D3C127B5C4C5B93"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21336
Expires: Sat, 03 Dec 2022 14:07:05 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3321e622345c205dfde247bc879434f5
f90ab206fcc19ca5e014a3a078d71543d65c2b21
6930a222fa4df325494fa0eb1f417ab91cac75cfeae029481d3c127b5c4c5b93
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6930A222FA4DF325494FA0EB1F417AB91CAC75CFEAE029481D3C127B5C4C5B93"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10855
Expires: Sat, 03 Dec 2022 11:12:24 GMT
Date: Sat, 03 Dec 2022 08:11:29 GMT
Connection: keep-alive
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dh1.js
207.60.165.146200 OK 243 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dh1.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash 966620300bdf99d9f5b01313194f1346
bf4624a88ccf0f55515592dd8d092617772f1f36
9e3e5442fdf66db59fe2bfc681194017a0ffab505c21308fefd66fde1c02aaaa
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/dh1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "e353d11783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 243
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/1.js
207.60.165.146200 OK 241 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/1.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash ccc132f6755c63beb258d2a69c850f49
eabb3a5ff7efe03f5b53c7254eee2d8a410a6d34
77e4dd178e7cf9a8d4cc44200aecafb035f493751d38d2efba9209274ec36975
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "58f1ed1783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 241
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx1.js
207.60.165.146200 OK 244 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx1.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash f93dc062456c49fd5105b7ef78abb84f
1f2597ef1b0595a9a349bcc1873d12adf2ec30e1
5c1c99538473331deb53310bb2430209b53c22ff110ba976ac38c5852944dffd
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/xx1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "87a3df1783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 244
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dh.js
207.60.165.146200 OK 242 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dh.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash db1c9c2405e06b09eb7b7feb4bc82527
e88350915915b90c3515f8aec70d52b2484b1377
37e40d7f15c0b1413d162128a00ddc5a1258407d9412a5762e3b016c6693b17d
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/dh.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "1e2eca1783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 242
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/app.js
207.60.165.146200 OK 243 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/app.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash 06ba7815bbe934f68c756ef2de1e2971
e5166b14d7fc9915956c47ec8056e330bad2881e
5c5961fa41bde7a147033395bc25c4cc1c2c7ec3e350a1643f199a8b33c693e6
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/app.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "e840be1783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 243
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx2.js
207.60.165.146200 OK 244 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx2.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash 99446a73e5eda927d73023bd0712fecf
1fbeed691d4c28403b6550a7c8f939b611b6dcb0
b99cc6b936530c9a3204d4a8a7b3bc11f62723b27b369056dc248cd386b6df83
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/xx2.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "8f66e41783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 244
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/3jvidyh13fg16273jvidyh13fg395069.jpg
172.67.28.138200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/3jvidyh13fg16273jvidyh13fg395069.jpg
IP 172.67.28.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash a35ed0f9a4192992fed50ca0f907c68e
62c543bbbd40b6dc0867f04f2f6e05ba115490e8
e775c53ef7832d3047d6f6c5b5cfb126ee6f85b5c1f30e4c07bf91e411a306cb
GET /upload/vod/2022/11-02/16/3jvidyh13fg16273jvidyh13fg395069.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 10026
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10698, status=webp_bigger
etag: "636229fb-29ca"
last-modified: Wed, 02 Nov 2022 08:27:39 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec80b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/oewpipgxe441627oewpipgxe44445079.jpg
172.67.28.138200 OK 5.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/oewpipgxe441627oewpipgxe44445079.jpg
IP 172.67.28.138:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 53e2e03d1955361bfedd266f66ce8816
b6157ebaa29dd47bd6c1375a2027adb1cbaac98e
44233974e885f48d8cf06aa9b7dbc44b2ad95625501e7e631c6ec7c813a0c7a6
GET /upload/vod/2022/11-02/16/oewpipgxe441627oewpipgxe44445079.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/webp
content-length: 4992
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7226
content-disposition: inline; filename="oewpipgxe441627oewpipgxe44445079.webp"
etag: "63622a00-1c3a"
last-modified: Wed, 02 Nov 2022 08:27:44 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 773ad4f74ecc0b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/v5v2s1kwssq1627v5v2s1kwssq415073.jpg
172.67.28.138200 OK 3.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/v5v2s1kwssq1627v5v2s1kwssq415073.jpg
IP 172.67.28.138:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8f1a8815fe96494302dc6d13e4bc4599
c6239fefecdd4dc749889b1cae06ed942d9df08c
6537f13e6b965173d619849a4687524fb436041edd1f46edb3f85f4c9d9b379b
GET /upload/vod/2022/11-02/16/v5v2s1kwssq1627v5v2s1kwssq415073.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/webp
content-length: 3382
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5018
content-disposition: inline; filename="v5v2s1kwssq1627v5v2s1kwssq415073.webp"
etag: "636229fd-139a"
last-modified: Wed, 02 Nov 2022 08:27:41 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 773ad4f74ec40b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/2t5fgclj1xy16272t5fgclj1xy385067.jpg
172.67.28.138200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/2t5fgclj1xy16272t5fgclj1xy385067.jpg
IP 172.67.28.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash e497f8b97e79b33f5c21381e62757694
e631f44f4974796d06167a6ab456e42ed7861e54
44c558acd6d361799ecbcbf57015f1b361cf3dfa3edb874a81c139d11a7ace94
GET /upload/vod/2022/11-02/16/2t5fgclj1xy16272t5fgclj1xy385067.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 10343
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10948, status=webp_bigger
etag: "636229fa-2ac4"
last-modified: Wed, 02 Nov 2022 08:27:38 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec90b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/31d450ybzru162731d450ybzru365063.jpg
172.67.28.138200 OK 7.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/31d450ybzru162731d450ybzru365063.jpg
IP 172.67.28.138:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5567f208a9b5471da860d3ecaa7fc1ff
705d0646f9051b6d5f14f9c1ffa4dd449f935532
ba17473301980d280c50eaed9f5d72d736e58a970ebc1298beb0d0e7dfcb4437
GET /upload/vod/2022/11-02/16/31d450ybzru162731d450ybzru365063.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/webp
content-length: 7196
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8217
content-disposition: inline; filename="31d450ybzru162731d450ybzru365063.webp"
etag: "636229f8-2019"
last-modified: Wed, 02 Nov 2022 08:27:36 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 773ad4f74ecf0b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/gwqd1kuvpwi1627gwqd1kuvpwi405071.jpg
172.67.28.138200 OK 8.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/gwqd1kuvpwi1627gwqd1kuvpwi405071.jpg
IP 172.67.28.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 8e49dac941537585386b3554ed9ffb8e
01d541ed5fee133b08c6eb23b38872c4586f9cae
708a484979980c64b211bd4af244f43219dc44b9eb3711a1921dcc198c94250d
GET /upload/vod/2022/11-02/16/gwqd1kuvpwi1627gwqd1kuvpwi405071.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 8423
cf-bgj: imgq:85,h2pri
cf-polished: origSize=9001, status=webp_bigger
etag: "636229fc-2329"
last-modified: Wed, 02 Nov 2022 08:27:40 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec70b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/aomwzq35kg41627aomwzq35kg4375065.jpg
172.67.28.138200 OK 5.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/aomwzq35kg41627aomwzq35kg4375065.jpg
IP 172.67.28.138:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c8b5102451ecfd6cf6c207a828670879
484af8da832f9ce00d65986b706485c7b0ce04f8
26940615fbd5b516fc9ac93a22299c62d3113a1ca17d7ebe037767e638a399c1
GET /upload/vod/2022/11-02/16/aomwzq35kg41627aomwzq35kg4375065.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/webp
content-length: 5764
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7789
content-disposition: inline; filename="aomwzq35kg41627aomwzq35kg4375065.webp"
etag: "636229f9-1e6d"
last-modified: Wed, 02 Nov 2022 08:27:37 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 773ad4f74eca0b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-03/11/laczmjxv2jw1117laczmjxv2jw105531.jpg
172.67.28.138200 OK 9.6 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-03/11/laczmjxv2jw1117laczmjxv2jw105531.jpg
IP 172.67.28.138:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8d0925088bb14d76bd907cf72c14aab1
703bfab8488f7a3ff01bc8c7c660f33d7181bb8e
ec0e49b4419dfcf89c8a0ff8d83bcf386e8d9fdb25e1141a01e09ae08819d472
GET /upload/vod/2022/11-03/11/laczmjxv2jw1117laczmjxv2jw105531.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/webp
content-length: 9550
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9980
content-disposition: inline; filename="laczmjxv2jw1117laczmjxv2jw105531.webp"
etag: "636332b6-26fc"
last-modified: Thu, 03 Nov 2022 03:17:10 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 773ad4f74ece0b3d-OSL
X-Firefox-Spdy: h2
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx3.js
207.60.165.146200 OK 244 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/xx3.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash e3bdb2779038505e39e14969852b3372
8791fcc7ba23c5509084ac7445cade00bbce1801
613f52482aeffad7902cd256bdf24c53b184343768c28f2842cf7eae8e1492b6
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/xx3.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "a12ce91783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 244
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dl.js
207.60.165.146200 OK 242 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/dl.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with no line terminators
Hash 9a3cac0d1107aa36fe480c0410f2d14a
31731a2c332e029c1ee79c80350a496c3b60de8a
1a9275749428a8198c50f83410b712575264c372d3f5c7f56d25f48ae6e27642
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/dl.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2022 12:52:12 GMT
Accept-Ranges: bytes
ETag: "9e18d61783efd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 242
qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/zui.css
207.60.165.146200 OK 15 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/zui.css
IP 207.60.165.146:0
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 48c376278eb9da985b90bb1612dbeee1
4d755742285a8bc38f9c73b3a5976c6b381e3c32
af7cb37270a26d66dd3bb89f42d9c122bb2a1bfe9f6fe076138d9864c7193bee
GET /template/m1938pc/css/zui.css HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 27 Jan 2021 05:34:18 GMT
Accept-Ranges: bytes
ETag: "0e972e6ef4d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 15351
qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/tj.js
207.60.165.146200 OK 386 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/ads/tj.js
IP 207.60.165.146:0
File type HTML document, ASCII text, with CRLF line terminators
Hash a66d9ba8af083df1e5498e2eb32b78a2
e78c98d7611a1c1c23093759bcd18f8c1dd61521
cfa9b33865390d1659b3168f1d1a0113119c23f5f86e031a611029202a8b1dff
Analyzer Verdict Alert fortinet Malware
GET /template/m1938pc/ads/tj.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 28 Nov 2022 17:57:31 GMT
Accept-Ranges: bytes
ETag: "bfed8e2523d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 386
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/n4yl34ffyej1318n4yl34ffyej395803.jpg
172.67.28.138200 OK 7.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/n4yl34ffyej1318n4yl34ffyej395803.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash 99ba2fbd6fde6de6442768c42f4e65b4
6be8b6e0072936a6a8518db82ab55841976f76a2
86f652062963fb3a27c22839bdd992c392862f6a927a4bbf1b3144a41556de2a
GET /upload/vod/2022/11-04/13/n4yl34ffyej1318n4yl34ffyej395803.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 7854
last-modified: Fri, 04 Nov 2022 05:18:39 GMT
etag: "6364a0af-1eae"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ed40b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/uhpxz1n3nct1318uhpxz1n3nct415807.jpg
172.67.28.138200 OK 7.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/uhpxz1n3nct1318uhpxz1n3nct415807.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash d812f7b96124b87458e90bfef08b62d9
e5707ea1bde39c85c10ec31f0ac83cc17bd99cbb
2da77461545d197b12f0e23149b4d125c48201fee8f3e25a7f893b9fcbef9293
GET /upload/vod/2022/11-04/13/uhpxz1n3nct1318uhpxz1n3nct415807.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 7736
last-modified: Fri, 04 Nov 2022 05:18:41 GMT
etag: "6364a0b1-1e38"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec60b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/yc4tth2pcgu1318yc4tth2pcgu425809.jpg
172.67.28.138200 OK 11 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/yc4tth2pcgu1318yc4tth2pcgu425809.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash ee3736aeed96bd8f60a9ffb8123aeccb
7b2ede389e2148001b5199962a824fac0bcb28d1
093e500e5fe19ecb29bf2de93113562016d12aa763a7b6a623a79f09929e34b5
GET /upload/vod/2022/11-04/13/yc4tth2pcgu1318yc4tth2pcgu425809.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 11070
last-modified: Fri, 04 Nov 2022 05:18:42 GMT
etag: "6364a0b2-2b3e"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec20b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/gczr0crqxpl1318gczr0crqxpl375799.jpg
172.67.28.138200 OK 8.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/gczr0crqxpl1318gczr0crqxpl375799.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash 0702763e2b111b468c3174e0ba4ff3c7
e39e4993c0a9c4f932d840ce0492b5123ec80640
088c4dc6809263ae6f12f8b0ce65f64d8c7ecde823656e20513d5d3b71bb92bc
GET /upload/vod/2022/11-04/13/gczr0crqxpl1318gczr0crqxpl375799.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 8106
last-modified: Fri, 04 Nov 2022 05:18:37 GMT
etag: "6364a0ad-1faa"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ed30b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/qxilfacweuj1318qxilfacweuj365797.jpg
172.67.28.138200 OK 7.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/qxilfacweuj1318qxilfacweuj365797.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash 1af210a82b931099672e14cd41136693
0ceb69bed6ae66a37f18f018958b09ff0303fa14
307d365f75962423c409d7d03ef33f4c7d691c182c73548cc288876551e457c2
GET /upload/vod/2022/11-04/13/qxilfacweuj1318qxilfacweuj365797.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 7815
last-modified: Fri, 04 Nov 2022 05:18:36 GMT
etag: "6364a0ac-1e87"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ecd0b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/cuojep5hpru1627cuojep5hpru435077.jpg
172.67.28.138200 OK 8.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/cuojep5hpru1627cuojep5hpru435077.jpg
IP 172.67.28.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 45x34, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 539fcc32614402d9df990c879aaaeedc
62e2603715d7d3c31f67ea4f0cc0dadb590f7ef7
753ef630fc09413bbabb49684f526439e19484698bc2480e93e9b4be6fa89583
GET /upload/vod/2022/11-02/16/cuojep5hpru1627cuojep5hpru435077.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 8157
last-modified: Wed, 02 Nov 2022 08:27:43 GMT
etag: "636229ff-1fdd"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ecb0b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/ttyc1pqgu3h1318ttyc1pqgu3h385801.jpg
172.67.28.138200 OK 8.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/ttyc1pqgu3h1318ttyc1pqgu3h385801.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash ceab5cb1ad69ac602d10cac539e0338a
a475a1c64e6c0193d278a66065f87bc44fcb93cf
b285229eb227e7741205b152a9c623db3f75dfb8aefece2b3ab2cb4bec341e86
GET /upload/vod/2022/11-04/13/ttyc1pqgu3h1318ttyc1pqgu3h385801.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 8292
last-modified: Fri, 04 Nov 2022 05:18:38 GMT
etag: "6364a0ae-2064"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ed10b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/2xb4emry0xg13182xb4emry0xg405805.jpg
172.67.28.138200 OK 10 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/2xb4emry0xg13182xb4emry0xg405805.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash 365035eda08d257810d2092d24db608f
ef6dc0c66f618afdc331917b915067a3dfbfddfa
4c7e74369c8cd28d7f67cf57f9cf53bc1a0a694f3225b68753d7721c3c59ba71
GET /upload/vod/2022/11-04/13/2xb4emry0xg13182xb4emry0xg405805.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 9995
last-modified: Fri, 04 Nov 2022 05:18:40 GMT
etag: "6364a0b0-270b"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ec50b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-02/16/g44pahsx4lv1627g44pahsx4lv425075.jpg
172.67.28.138200 OK 7.5 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-02/16/g44pahsx4lv1627g44pahsx4lv425075.jpg
IP 172.67.28.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 45x34, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 38e4130b51d9f0666e145bbd605223a8
cae51bb72ba0279b7cc20577e9f3504658ec3019
e1a5898d86d0f9f7e598fd2a8ad1241fd697bb71f3bb2787135a2cc1946298ac
GET /upload/vod/2022/11-02/16/g44pahsx4lv1627g44pahsx4lv425075.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 7454
last-modified: Wed, 02 Nov 2022 08:27:42 GMT
etag: "636229fe-1d1e"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ed50b3d-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2022/11-04/13/4tbl25mdikd13184tbl25mdikd355795.jpg
172.67.28.138200 OK 7.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2022/11-04/13/4tbl25mdikd13184tbl25mdikd355795.jpg
IP 172.67.28.138:0
File type JPEG image data, baseline, precision 8, 240x320, components 3\012- data
Hash 4fa6d91fda423bf0a6e0e8b5bd937cb7
f3993500e51ec2123aca372d8d6ec7ff6981ab32
6919dc2087615bdb7602e1fe1ead3c89f130e62fed0da9908f82261a0a38f813
GET /upload/vod/2022/11-04/13/4tbl25mdikd13184tbl25mdikd355795.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:30 GMT
content-type: image/jpeg
content-length: 7389
last-modified: Fri, 04 Nov 2022 05:18:35 GMT
etag: "6364a0ab-1cdd"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad4f74ed20b3d-OSL
X-Firefox-Spdy: h2
qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/1.gif
207.60.165.146200 OK 254 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/1.gif
IP 207.60.165.146:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/images/1.gif HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Jun 2021 00:37:22 GMT
Accept-Ranges: bytes
ETag: "04ddf1595ed71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 254
qmjijs-niudyeh-eyqujd.com/js/xx1.js
207.60.165.146200 OK 883 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/xx1.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 371f37846cdeab8f595cb41dd36534b8
3af75aa8d64c1e2509742df731e6517cbae3ee98
d60ff54615fa2f215c59664160966edd37fcfcc58d487db6832fe58435b3c56c
Analyzer Verdict Alert fortinet Malware
GET /js/xx1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 30 Nov 2022 15:41:04 GMT
Accept-Ranges: bytes
ETag: "0a8b527d24d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 883
qmjijs-niudyeh-eyqujd.com/js/dh1.js
207.60.165.146200 OK 673 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/dh1.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 69297837cdab04a1cbc806767631733e
f9a50f5390ac6d35d7a46ff1a950e8af396a7dff
49d03b7e976c1070c54d442833b266aa15f9fe5afb52956c3d80ca6f17a971bc
Analyzer Verdict Alert fortinet Malware
GET /js/dh1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 13:36:55 GMT
Accept-Ranges: bytes
ETag: "80f59524536d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 673
qmjijs-niudyeh-eyqujd.com/js/dh.js
207.60.165.146200 OK 430 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/dh.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash b0c39d3643397cadbeaa5c36d3fe4e73
fb23a81e5e7a60aa350d99292d99d4f5a18b6706
812f4ebf8f701d7a718bcac21327341224e550d3310b4d4b3c94394b954a5404
Analyzer Verdict Alert fortinet Malware
GET /js/dh.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 14 Nov 2022 00:18:08 GMT
Accept-Ranges: bytes
ETag: "c1c98c92bef7d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 430
qmjijs-niudyeh-eyqujd.com/js/app.js
207.60.165.146200 OK 1.2 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/app.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (306), with CRLF line terminators
Hash 7bf613a6cb8f2f50df0c0714129b9be0
bc2d1ee7ced6f9310a029e0b78423c53f4a38c85
ce5c61e803e8f404edf3603de8d273de2fe50943a21b9dec0967824bf58c27d9
Analyzer Verdict Alert fortinet Malware
GET /js/app.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 28 Nov 2022 22:36:14 GMT
Accept-Ranges: bytes
ETag: "08366d2793d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 1161
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash f72a78cc282dc325caf77bb524be2133
0bd315af34890b23e63924437b5ba67f37e2d7ac
3a4550a0a0ed84d70196539d69bae64df73c6258299f00bf73566ed8176012a3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 03 Dec 2022 08:11:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 03 Dec 2022 05:15:23 GMT
Expires: Sun, 04 Dec 2022 05:15:23 GMT
ETag: "0bd315af34890b23e63924437b5ba67f37e2d7ac"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash f72a78cc282dc325caf77bb524be2133
0bd315af34890b23e63924437b5ba67f37e2d7ac
3a4550a0a0ed84d70196539d69bae64df73c6258299f00bf73566ed8176012a3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 03 Dec 2022 08:11:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 03 Dec 2022 05:15:23 GMT
Expires: Sun, 04 Dec 2022 05:15:23 GMT
ETag: "0bd315af34890b23e63924437b5ba67f37e2d7ac"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
qmjijs-niudyeh-eyqujd.com/js/xx2.js
207.60.165.146200 OK 689 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/xx2.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash f5fbcda111235e981ca992b7de4ad2fc
f7e814a65a7c41196dccbc94dd920e6663eafcf3
88fc213bd06702ec5a7c57894b014dfd9a614a1eac89a191f928d1ccafd42949
Analyzer Verdict Alert fortinet Malware
GET /js/xx2.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 30 Nov 2022 15:41:04 GMT
Accept-Ranges: bytes
ETag: "0a8b527d24d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 689
qmjijs-niudyeh-eyqujd.com/tp/960160.gif
207.60.165.146200 OK 166 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/tp/960160.gif
IP 207.60.165.146:0
File type GIF image data, version 89a, 960 x 160\012- data
Size 166 kB (165614 bytes)
Hash 499d402cf727956bcdb1a229ff10c05e
95bbdda00299532dab6ca13cec744d21c0f7ae26
20be363fb9c4cc867e6d5467daff447c1e9aa10feabda9fd943672b6672aeff9
GET /tp/960160.gif HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 29 Sep 2022 12:05:26 GMT
Accept-Ranges: bytes
ETag: "eb64a0c2fbd3d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 165614
qmjijs-niudyeh-eyqujd.com/tp/0048.gif
207.60.165.146200 OK 312 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/tp/0048.gif
IP 207.60.165.146:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 312 kB (312286 bytes)
Hash cdaee57698119364884198b10dc1a6ff
004c67a6bf0414983df4ab2e4b2c54b1252f5d7f
80f588bbbf47a4a222a250b5c7f660ad11bbfcdd2ccfedd5e933cae29140595b
GET /tp/0048.gif HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Nov 2022 02:40:57 GMT
Accept-Ranges: bytes
ETag: "fde8df677f5d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:36 GMT
Content-Length: 312286
qmjijs-niudyeh-eyqujd.com/js/1.js
207.60.165.146200 OK 749 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/1.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d1da0bba52431b04f4167f88bc8e7375
f35c378119a9cf9493b5f62473403b07ec49ae26
24a6b3bebe1356307b585a560e29061b31d8656f4de4007ec4a562b190524e7c
Analyzer Verdict Alert fortinet Malware
GET /js/1.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 13:36:56 GMT
Accept-Ranges: bytes
ETag: "95ea3225536d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 749
qmjijs-niudyeh-eyqujd.com/js/xx3.js
207.60.165.146200 OK 0 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/xx3.js
IP 207.60.165.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /js/xx3.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 13 Oct 2022 11:38:20 GMT
Accept-Ranges: bytes
ETag: "c97f704bf8ded81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 0
qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/video-mask.png
207.60.165.146200 OK 107 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/video-mask.png
IP 207.60.165.146:0
File type PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Hash 6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa
GET /template/m1938pc/images/video-mask.png HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/zui.css
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 24 Jan 2021 07:28:42 GMT
Accept-Ranges: bytes
ETag: "0f1788a22f2d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 107
qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/video-play.png
207.60.165.146200 OK 1.6 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/template/m1938pc/images/video-play.png
IP 207.60.165.146:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/template/m1938pc/css/zui.css
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 24 Jan 2021 07:28:46 GMT
Accept-Ranges: bytes
ETag: "04bdb8c22f2d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 1567
qmjijs-niudyeh-eyqujd.com/tp/200200.gif
207.60.165.146200 OK 75 kB URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/tp/200200.gif
IP 207.60.165.146:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 03c13356e00c2033df2c88cb919251eb
f3a334a0366ddda6a87034f7d6c889c4d159dc8d
0c184e206259e8d0c54d3fc12d3d5332e9f6ff5f0404630fcb2daefe65fe1bfe
GET /tp/200200.gif HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 23 Jul 2022 10:14:11 GMT
Accept-Ranges: bytes
ETag: "593c16f47c9ed81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 75259
qmjijs-niudyeh-eyqujd.com/js/dl.js
207.60.165.146200 OK 460 B URL HTTP/1.1 qmjijs-niudyeh-eyqujd.com/js/dl.js
IP 207.60.165.146:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 497fae9911e05bd0850880c3a866cf22
520a5a1c12051ace6e9da007bd4eebefd4a30c00
09abb12f145533d422c08f9259cd03cf78e2fc7db76538b2a48934854a6f8568
Analyzer Verdict Alert fortinet Malware
GET /js/dl.js HTTP/1.1
Host: qmjijs-niudyeh-eyqujd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Cookie: PHPSESSID=eudvd2vtru01n2iaaia4c0lpre
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 14 Nov 2022 22:56:17 GMT
Accept-Ranges: bytes
ETag: "55f9304e7cf8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:37 GMT
Content-Length: 460
tpkj2222.com/img/k80m/oJFbremga.gif
45.126.180.173200 OK 24 kB URL HTTP/1.1 tpkj2222.com/img/k80m/oJFbremga.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 200 x 200\012- data
Hash ba26dcca2906a557b20f8578fbf28e33
e309fae75ab842a35c65e7ab34b5d8f5414b2aa6
9f1a63d063be2f8c5f8e66526e61923cf1d29c0d2598c0d6ed7ad119ca074de9
GET /img/k80m/oJFbremga.gif HTTP/1.1
Host: tpkj2222.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:31 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"24603-1669663229000"
Last-Modified: Mon, 28 Nov 2022 19:20:29 GMT
Expires: Sun, 18 Dec 2022 08:11:31 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bde7cadd1e64fefa42b80bdfbe9dffdb
5828f8146bf6f6ba072c0c7bde086640032fb831
94a0ad56eaa40b58c2e01661d4a9771d5809ac616ff340141bd5ebd14cddda0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94A0AD56EAA40B58C2E01661D4A9771D5809AC616FF340141BD5EBD14CDDDA0D"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21452
Expires: Sat, 03 Dec 2022 14:09:04 GMT
Date: Sat, 03 Dec 2022 08:11:32 GMT
Connection: keep-alive
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 1cc852b3e92b234656cdec8fd00649f7
b5d63731ce7001f442bb979488b79f56077604c6
6193b9cc93c5d8a3cc33c3acd48dd1f19a20c061e8aba137afe5ece93ff1eb0e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:12:37 GMT
Expires: Fri, 09 Dec 2022 02:12:36 GMT
Etag: "b5d63731ce7001f442bb979488b79f56077604c6"
Cache-Control: max-age=496263,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5068ef5b518-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 1cc852b3e92b234656cdec8fd00649f7
b5d63731ce7001f442bb979488b79f56077604c6
6193b9cc93c5d8a3cc33c3acd48dd1f19a20c061e8aba137afe5ece93ff1eb0e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:12:37 GMT
Expires: Fri, 09 Dec 2022 02:12:36 GMT
Etag: "b5d63731ce7001f442bb979488b79f56077604c6"
Cache-Control: max-age=496263,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5068c4e0afa-OSL
kzeaa.com/c663d2735397a69b82492eac997e9217.gif
98.126.214.50301 Moved Permanently 162 B URL HTTP/2 kzeaa.com/c663d2735397a69b82492eac997e9217.gif
IP 98.126.214.50:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /c663d2735397a69b82492eac997e9217.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 03 Dec 2022 08:11:32 GMT
content-type: text/html
content-length: 162
location: https://kvkeee.top/c663d2735397a69b82492eac997e9217.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 1cc852b3e92b234656cdec8fd00649f7
b5d63731ce7001f442bb979488b79f56077604c6
6193b9cc93c5d8a3cc33c3acd48dd1f19a20c061e8aba137afe5ece93ff1eb0e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:12:37 GMT
Expires: Fri, 09 Dec 2022 02:12:36 GMT
Etag: "b5d63731ce7001f442bb979488b79f56077604c6"
Cache-Control: max-age=496263,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad50689a90b61-OSL
tpkj2222.com/img/k80m/oJFAApw9H.gif
45.126.180.173200 OK 50 kB URL HTTP/1.1 tpkj2222.com/img/k80m/oJFAApw9H.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 200 x 200\012- data
Hash caf71e791b578ea0424ebd22aa201bc6
ec22634550ee472f10944565222e544affa1e242
30d6fe46f54be572b0a370a79e6e037f6f0b82dbdbd1056ff5865136da88b2c6
GET /img/k80m/oJFAApw9H.gif HTTP/1.1
Host: tpkj2222.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:31 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"50877-1669663053000"
Last-Modified: Mon, 28 Nov 2022 19:17:33 GMT
Expires: Sun, 18 Dec 2022 08:11:31 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 1cc852b3e92b234656cdec8fd00649f7
b5d63731ce7001f442bb979488b79f56077604c6
6193b9cc93c5d8a3cc33c3acd48dd1f19a20c061e8aba137afe5ece93ff1eb0e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:12:37 GMT
Expires: Fri, 09 Dec 2022 02:12:36 GMT
Etag: "b5d63731ce7001f442bb979488b79f56077604c6"
Cache-Control: max-age=496263,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5068d98b4ed-OSL
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bad35ffde76562c8169f89d31829ea5d
b0def53e32032d6b02737f80c1bf52e3e55554f2
6312710d2850cd33a3e68da97d1eca9aa59026a78f59c6fd8fc29914e55e2303
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6312710D2850CD33A3E68DA97D1ECA9AA59026A78F59C6FD8FC29914E55E2303"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9833
Expires: Sat, 03 Dec 2022 10:55:25 GMT
Date: Sat, 03 Dec 2022 08:11:32 GMT
Connection: keep-alive
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 1cc852b3e92b234656cdec8fd00649f7
b5d63731ce7001f442bb979488b79f56077604c6
6193b9cc93c5d8a3cc33c3acd48dd1f19a20c061e8aba137afe5ece93ff1eb0e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:12:37 GMT
Expires: Fri, 09 Dec 2022 02:12:36 GMT
Etag: "b5d63731ce7001f442bb979488b79f56077604c6"
Cache-Control: max-age=496263,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5068ef3b518-OSL
8357.app/images/111.gif
116.213.38.134200 OK 235 kB IP 116.213.38.134:0
File type GIF image data, version 89a, 950 x 60\012- data
Size 235 kB (235089 bytes)
Hash ce54fdef11a4b49711f4972717259e2c
d23e1ffcde7629b62300529d9193f53a6602dd0a
630298b0df9948f0cf5647484627e4f7276315cc13328271714f2d033cdb4d46
GET /images/111.gif HTTP/1.1
Host: 8357.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 10 Nov 2022 08:54:22 GMT
Accept-Ranges: bytes
ETag: "b0a9f76e2f4d81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:11 GMT
Content-Length: 235089
kvkeee.top/c663d2735397a69b82492eac997e9217.gif
188.114.96.1200 OK 96 kB URL HTTP/2 kvkeee.top/c663d2735397a69b82492eac997e9217.gif
IP 188.114.96.1:0
File type GIF image data, version 89a, 960 x 120\012- data
Hash 5d62cc43c89c2c22c8342f2e3307dd1b
98f09f9649c2d96fe54a1dd040498c5c0c9bec03
ba6131e80bfff8abaf66a06509611f9ce5a013922f3537922f30e7c95a2a91f5
GET /c663d2735397a69b82492eac997e9217.gif HTTP/1.1
Host: kvkeee.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qmjijs-niudyeh-eyqujd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:32 GMT
content-type: image/gif
content-length: 95551
last-modified: Fri, 02 Dec 2022 09:18:34 GMT
etag: "6389c2ea-1753f"
expires: Mon, 02 Jan 2023 08:11:32 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9gKsotbkrCJYV62QdNGUZis3plPGJotlgPVLWRMNH%2BCqQ8%2FF%2FkaIj2h8UhEFM9QAFV8OdOgjzLkFKMkVNxLyfjuHjEZr4vCWSgsSoH2YjiQDz%2F22SJtn7y%2BNjGrR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773ad507e80ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bad35ffde76562c8169f89d31829ea5d
b0def53e32032d6b02737f80c1bf52e3e55554f2
6312710d2850cd33a3e68da97d1eca9aa59026a78f59c6fd8fc29914e55e2303
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6312710D2850CD33A3E68DA97D1ECA9AA59026A78F59C6FD8FC29914E55E2303"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9833
Expires: Sat, 03 Dec 2022 10:55:25 GMT
Date: Sat, 03 Dec 2022 08:11:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ce4896bbfa00fd8a5a54747bd056eeed
14839931d7a6961039006be9c6a4ef423c618c84
e031c75447551666ab170c77613218d692621506211e78f613ea645dccb61b49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E031C75447551666AB170C77613218D692621506211E78F613EA645DCCB61B49"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Sat, 03 Dec 2022 14:11:19 GMT
Date: Sat, 03 Dec 2022 08:11:32 GMT
Connection: keep-alive
tpkj2222.com/img/k80m/oJFuVO1XL.gif
45.126.180.173200 OK 187 kB URL HTTP/1.1 tpkj2222.com/img/k80m/oJFuVO1XL.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 60\012- data
Size 187 kB (186567 bytes)
Hash 4edccbee0457e54deae02621c2397e6f
f898b333c0caa30430cd8e3816197d7be82c9d52
93761269d8e919bf61e40f4acb66fceb77e3b799cd18eea2674f966cda00a601
GET /img/k80m/oJFuVO1XL.gif HTTP/1.1
Host: tpkj2222.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:31 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"375054-1669660886000"
Last-Modified: Mon, 28 Nov 2022 18:41:26 GMT
Expires: Sun, 18 Dec 2022 08:11:31 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4bad5c07ff3481f3faef9f3a5707569c
bc176fb370d5d207e0b621c29aa1b2944e3ea33b
80aec3fa9a7d1b5f2b1378e71c75fc403e9ce62cee47949ae39f012416dadf13
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 00:54:35 GMT
Expires: Wed, 07 Dec 2022 00:54:34 GMT
Etag: "bc176fb370d5d207e0b621c29aa1b2944e3ea33b"
Cache-Control: max-age=318781,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5095e81b523-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e0cca75d80a5cb0b70156377f339a245
61b4e7fd7f3d8051a91061334649a3b6cd5859f7
fdab1f1c268c6d969b18ddb2fcbaab563f5f4bcb245ded4cc2717376e2685761
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 05:02:14 GMT
Expires: Wed, 07 Dec 2022 05:02:13 GMT
Etag: "61b4e7fd7f3d8051a91061334649a3b6cd5859f7"
Cache-Control: max-age=333640,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad5096989b50b-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 338e4360613999a7ea22b9cdee23920a
b73ca0a4e052d9a132dcbc2e3a5f89f374671125
748ce22fbbd9f9777b26c8e24fe9a1d805812d9e7a688a24004ab2f8487ec55a
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 07 Dec 2022 04:46:43 GMT
ETag: "b73ca0a4e052d9a132dcbc2e3a5f89f374671125"
Last-Modified: Sat, 03 Dec 2022 04:46:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 103
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773ad50a18e9b4f9-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 99e0e911675f91c4af829ae0ce2c29e4
5eac8ce7de47309001eec69f14b30f28b582362f
5cb9cd68440564d16c56391ba5a2dd19cb98bf79a653dc1c8699df627015a3c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CB9CD68440564D16C56391BA5A2DD19CB98BF79A653DC1C8699DF627015A3C3"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 03 Dec 2022 14:11:32 GMT
Date: Sat, 03 Dec 2022 08:11:32 GMT
Connection: keep-alive
tpkj2222.com/img/k80m/oJFMW1rsL.gif
45.126.180.173200 OK 360 kB URL HTTP/1.1 tpkj2222.com/img/k80m/oJFMW1rsL.gif
IP 45.126.180.173:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 60\012- data
Size 360 kB (360351 bytes)
Hash ff751acc20f3192fdae1544bbcf6b88f
91d5b69a9cc8136337bf16d443576f98d400ccec
23c9ef51183f48c57885c04b003d58a6cbf62931cdbe41ca5973a1b23a125366
GET /img/k80m/oJFMW1rsL.gif HTTP/1.1
Host: tpkj2222.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 08:11:31 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"508025-1669660916000"
Last-Modified: Mon, 28 Nov 2022 18:41:56 GMT
Expires: Sun, 18 Dec 2022 08:11:31 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: EXPIRED, HIT
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4bad5c07ff3481f3faef9f3a5707569c
bc176fb370d5d207e0b621c29aa1b2944e3ea33b
80aec3fa9a7d1b5f2b1378e71c75fc403e9ce62cee47949ae39f012416dadf13
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 00:54:35 GMT
Expires: Wed, 07 Dec 2022 00:54:34 GMT
Etag: "bc176fb370d5d207e0b621c29aa1b2944e3ea33b"
Cache-Control: max-age=318781,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad50968b9b4f4-OSL
278838mcu.com/bb1d718e37a44414a85fcdcf0b175cf2.gif
103.170.15.74200 OK 27 kB URL HTTP/1.1 278838mcu.com/bb1d718e37a44414a85fcdcf0b175cf2.gif
IP 103.170.15.74:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 180 x 180\012- data
Hash f5fe7344d7759d56fb230d85c58137a7
6ae77d48a8432a44b64707f70364ce5765e0ed0b
ba6da46bf6b7ff393961d884b86e0370e4f300cfcc6dc9baf359fc83417abff7
Analyzer Verdict Alert quad9 Sinkholed
GET /bb1d718e37a44414a85fcdcf0b175cf2.gif HTTP/1.1
Host: 278838mcu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "637486cb-6a9a"
Date: Mon, 21 Nov 2022 05:41:41 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 16 Nov 2022 06:44:27 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-04
Content-Length: 27290
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958002923244.gif
20.189.126.154200 OK 138 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958002923244.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 138 kB (137556 bytes)
Hash bd3f6c291cab93e830a11147c254ba40
84e34f4b6d924250b792926a4000b057496a171c
f83c49320f5c7ebedeeb3c449113fc15dd505bcc55a074c6c4cbebc3fb3a209f
GET /static/uploads/image/x22/20221005/1664958002923244.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:23:18 GMT
ETag: "1667550198"
Expires: Sun, 04 Dec 2022 08:23:18 GMT
Last-Modified: Fri, 04 Nov 2022 08:23:18 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958243131147.gif
20.189.126.154200 OK 133 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958243131147.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 133 kB (132742 bytes)
Hash 917f961ed729bc558e9962fd1484dbe2
f0962f3292c4097bb4f6a4ae63ca765714c7262d
51fd38511ac427eaad10ac504a836bb4ad732c51176e3cf8a6eca65df60302eb
GET /static/uploads/image/x22/20221005/1664958243131147.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:39:53 GMT
ETag: "1667551193"
Expires: Sun, 04 Dec 2022 08:39:53 GMT
Last-Modified: Fri, 04 Nov 2022 08:39:53 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664957962898269.gif
20.189.126.154200 OK 136 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664957962898269.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 136 kB (135617 bytes)
Hash e2b3f17c74651d10d199dc95cb7bdf21
173e21137df4427a1bb417a60162e604fa43fe36
590d8375f2b0dd21dc6eecc7a14f3e939b3f4838784f0e1da463aa29a36e3a61
GET /static/uploads/image/x22/20221005/1664957962898269.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:23:15 GMT
ETag: "1667550195"
Expires: Sun, 04 Dec 2022 08:23:15 GMT
Last-Modified: Fri, 04 Nov 2022 08:23:15 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221112/1668248001344014.gif
20.189.126.154200 OK 109 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221112/1668248001344014.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 109 kB (109127 bytes)
Hash c5410cc34cb1951016ba68b333d54e89
34e46b57dc0ebb283d3e1b0b23cad6dfa0b76aee
3876000742aa997d87a3033c5e0e7419a53db2419e97b13fba53a446f442c644
GET /static/uploads/image/x22/20221112/1668248001344014.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Sat, 12 Nov 2022 10:18:14 GMT
ETag: "1668248294"
Expires: Mon, 12 Dec 2022 10:18:14 GMT
Last-Modified: Sat, 12 Nov 2022 10:18:14 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
8357.app/images/222.gif
116.213.38.134200 OK 532 kB IP 116.213.38.134:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 532 kB (531920 bytes)
Hash e74d49a1c2617c360791835f66cfcdfa
c6df43d2eb3d74a1d9786d8a79a379eff3ad1461
7ba844b237d93bbc66b51a5dcd87f459a40d4a07a0fdbb9518c9ebe97979c519
GET /images/222.gif HTTP/1.1
Host: 8357.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Nov 2022 14:56:31 GMT
Accept-Ranges: bytes
ETag: "c080e3c8ddf5d81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Dec 2022 08:11:11 GMT
Content-Length: 531920
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958351815456.gif
20.189.126.154200 OK 122 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958351815456.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 122 kB (122077 bytes)
Hash 37114d23edd40ed9e0901b4a9719e67b
203de7186613dabd8a3468c1869544447c99edaa
3c27d4f44ba0e325468830935351ed317f9db77d46ff0d07154900e5f41ec4de
GET /static/uploads/image/x22/20221005/1664958351815456.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:39:53 GMT
ETag: "1667551193"
Expires: Sun, 04 Dec 2022 08:39:53 GMT
Last-Modified: Fri, 04 Nov 2022 08:39:53 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664958058465466.gif
20.189.126.154200 OK 119 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664958058465466.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 119 kB (118706 bytes)
Hash 3af8a82b93e6db570c683b4c6e5f0450
937c3dd1c9fffec78b039ec5973008e928e279bf
ea57b0fdaf3bb2d726e9677a4b7ac267b8ca18b7e8e4abcb6b8e02fa6e89b383
GET /static/uploads/image/x26/20221005/1664958058465466.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:39:53 GMT
ETag: "1667551193"
Expires: Sun, 04 Dec 2022 08:39:53 GMT
Last-Modified: Fri, 04 Nov 2022 08:39:53 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958053685368.gif
20.189.126.154200 OK 143 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958053685368.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 143 kB (142810 bytes)
Hash e7fa5fab9c6f638bf6e867ab976713a1
0e04672bf56def9eb8eef15e9aedc4b6ead6dd05
1145d5d9f499e6f3e2818a598b72cf02ff750ba41752bc94ff06513a522ee23e
GET /static/uploads/image/x22/20221005/1664958053685368.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:39:53 GMT
ETag: "1667551193"
Expires: Sun, 04 Dec 2022 08:39:53 GMT
Last-Modified: Fri, 04 Nov 2022 08:39:53 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
jjaahyas.tv/aseng/jj320.gif
23.225.1.189200 OK 137 kB URL HTTP/1.1 jjaahyas.tv/aseng/jj320.gif
IP 23.225.1.189:0
File type GIF image data, version 89a, 320 x 320\012- data
Size 137 kB (137241 bytes)
Hash fba0f72e39adf2e5010af146c1ca1527
3dd12a504fb9237c27ad8c87c7cd3403ed48cf62
3febf9cf381cf03c042e314666e232477a0b8e50097e6d132c4dbba2bb51c497
GET /aseng/jj320.gif HTTP/1.1
Host: jjaahyas.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: image/gif
Content-Length: 137241
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 13:55:25 GMT
ETag: "63836c4d-21819"
Expires: Mon, 02 Jan 2023 07:39:39 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664957978608725.gif
20.189.126.154200 OK 108 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664957978608725.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 108 kB (108092 bytes)
Hash 44f342e4357af0d5256493db6e7fc924
2f62b8f1d1c167566367105d5cae6dc52dc73133
156f4985af424639dd35a2ec1f77217a45781e148a4504f4109b48c2d71a0cfa
GET /static/uploads/image/x26/20221005/1664957978608725.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:19:57 GMT
ETag: "1667549997"
Expires: Sun, 04 Dec 2022 08:19:57 GMT
Last-Modified: Fri, 04 Nov 2022 08:19:57 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
jjaaqd.tv/9yue1ri/jj(150x150)33.gif
23.225.48.14200 OK 101 kB URL HTTP/1.1 jjaaqd.tv/9yue1ri/jj(150x150)33.gif
IP 23.225.48.14:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 101 kB (100879 bytes)
Hash 757c9de2f178a33338d017158e92a12b
7aa87b85ba832391968f6eefd9019c708a5cc22b
b090a07516224a44547207f786a0429b812602ce470ca1a977194b24b473bb7d
GET /9yue1ri/jj(150x150)33.gif HTTP/1.1
Host: jjaaqd.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:32 GMT
Content-Type: image/gif
Content-Length: 100879
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 09:45:39 GMT
ETag: "633ff543-18a0f"
Expires: Sun, 01 Jan 2023 12:35:32 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
278838mcu.com/c33da25cf40242a3b36dd369af221157.gif
103.170.15.74200 OK 82 kB URL HTTP/1.1 278838mcu.com/c33da25cf40242a3b36dd369af221157.gif
IP 103.170.15.74:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 320 x 185\012- data
Hash 5b9fdd2599b326b9a953bb7486f130b6
4c9ce0d99fa7101c80dcf8dd22b1b9ec5d7adcbc
01ef753ce7a1bc4ac387a1a423990b150c516789a53b5f9065716fc560d55d91
Analyzer Verdict Alert quad9 Sinkholed
GET /c33da25cf40242a3b36dd369af221157.gif HTTP/1.1
Host: 278838mcu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "637486d6-1400b"
Date: Mon, 21 Nov 2022 05:41:41 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 16 Nov 2022 06:44:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-04
Content-Length: 81931
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 3d2be6fd50d1b28d359e33fcaa695f8f
ec43aa052b17b92c73a1f754c3cb08e3a67b6934
6b39c2a5d88e801ea21ad2c4c8d2c0055934c77f6771947ac661b8c73db1fd00
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:11:33 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 12:21:34 GMT
Expires: Thu, 08 Dec 2022 12:21:33 GMT
Etag: "ec43aa052b17b92c73a1f754c3cb08e3a67b6934"
Cache-Control: max-age=446399,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773ad50cbc86b518-OSL
sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958086287321.gif
20.189.126.154200 OK 157 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221005/1664958086287321.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 157 kB (157109 bytes)
Hash b2ab67245d12303f5bbafd7d9b5f0114
44e3a620562fb6e6542b21d4ff534057d7dbe116
44748a35ac18f29a7fb6aa261701604648c5a5c2edf8b6a4d7789ef52b992afe
GET /static/uploads/image/x22/20221005/1664958086287321.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:23:25 GMT
ETag: "1667550206"
Expires: Sun, 04 Dec 2022 08:23:25 GMT
Last-Modified: Fri, 04 Nov 2022 08:23:26 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 385797edac1d836eff60d899f2c2bf50
66a002020f849693377673a3938435f77330d701
1a731e7e002981839b20fc7960f11abc3bf990f7c1a8022bd7d21449c820415c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5766
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:11:33 GMT
Last-Modified: Sat, 03 Dec 2022 06:35:28 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 727
375772rug.com/12e91be769854da69d89fd3f77444708.gif
45.61.212.46200 OK 359 kB URL HTTP/1.1 375772rug.com/12e91be769854da69d89fd3f77444708.gif
IP 45.61.212.46:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 359 kB (358672 bytes)
Hash 668143938c3bb811847d83330decd423
f86300da5d773b84bc65d3c901a4767fd8566c48
a06c47f458fdbd01ba8ba0202fb615e94e2353d65098b480ede52a13a645f859
GET /12e91be769854da69d89fd3f77444708.gif HTTP/1.1
Host: 375772rug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "637486bc-57910"
Date: Wed, 16 Nov 2022 07:19:08 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 16 Nov 2022 06:44:12 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 358672
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 385797edac1d836eff60d899f2c2bf50
66a002020f849693377673a3938435f77330d701
1a731e7e002981839b20fc7960f11abc3bf990f7c1a8022bd7d21449c820415c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5673
Cache-Control: max-age=141482
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:11:33 GMT
Etag: "638a7436-2d7"
Expires: Sun, 04 Dec 2022 23:29:35 GMT
Last-Modified: Fri, 02 Dec 2022 21:55:02 GMT
Server: ECS (amb/6BB1)
X-Cache: HIT
Content-Length: 727
sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664958027512691.gif
20.189.126.154200 OK 271 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221005/1664958027512691.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 225 x 136\012- data
Size 271 kB (270639 bytes)
Hash 8a598123a6c21612760ffc08cd6ddd05
b6bc973f2e717c2077eae5f43163fde18981eb30
349c245fb89068bc9236b8960f553a1bca367b07e75b988f67383ca21ff68908
GET /static/uploads/image/x26/20221005/1664958027512691.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 04 Nov 2022 08:39:54 GMT
ETag: "1667551194"
Expires: Sun, 04 Dec 2022 08:39:54 GMT
Last-Modified: Fri, 04 Nov 2022 08:39:54 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
p3.douyinpic.com/obj/tos-cn-i-dy/c8395602b4bb4d6b9aae359cb2b4bfec
47.246.44.225200 OK 435 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/c8395602b4bb4d6b9aae359cb2b4bfec
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 435 kB (434791 bytes)
Hash 339d7b92784972bcae5c5adc6e4195b2
43f218af86d814adf5f9796f524174f28de61382
99a0f7cf7a1d8f3f746f2b3c237c74bc532fe687efd10a9a8a1c86262328ca5d
GET /obj/tos-cn-i-dy/c8395602b4bb4d6b9aae359cb2b4bfec HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 434791
date: Tue, 22 Nov 2022 12:58:41 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Tue, 22 Nov 2022 12:58:41 GMT
nw-session-id: 202211222058410101750890792FF24B52c5nbm01dy
nw-session-trace: 2022-11-22T20:58:41.595366278+08:00 56
x-bdcdn-cache-status: TCP_MISS
x-length: 434791
x-powered-by: ImageX
x-response-date: Tue, 22 Nov 2022 20:58:41 GMT
x-tt-logid: 202211222058410101750890792FF24B52
via: n132-078-110, cache1.l2de2[0,0,206-0,H], cache16.l2de2[1,0], cache16.l2de2[1,0], cache4.se1[0,0,200-0,H], cache4.se1[1,0]
x-request-ip: fdbd:dc03:15:294::79
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01828e55a3aae08103c59996ea14c72a4acb4fa23db20b0c862b7a578516844aca3900393b8c200069902bbb5321886f40d6cb482958d113859af0ab2b108f135738b2e946da42acf6c8630121db1e9f5539a0e7781a205cbbaa0e1ca4751e86a6
x-response-lb: image
ali-swift-global-savetime: 1669121921
age: 933172
x-cache: HIT TCP_MEM_HIT dirn:4:117141023
x-swift-savetime: Tue, 22 Nov 2022 15:07:16 GMT
x-swift-cachetime: 31528285
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9816700550935708612e
X-Firefox-Spdy: h2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894518194257.gif
20.189.126.154200 OK 279 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894518194257.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 279 kB (278909 bytes)
Hash cbbb3d8ff70b59b11fd1182f7e5d77e9
06af5df2b2aeaa07b578979ee331b52e1f298323
f62a633b62c1dea5bca396206d4956bf14db30141e6e524bf3a00e3588c1c893
GET /static/uploads/image/x22/20221004/1664894518194257.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:42:08 GMT
ETag: "1667486534"
Expires: Sat, 03 Dec 2022 14:42:08 GMT
Last-Modified: Thu, 03 Nov 2022 14:42:14 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
p3.douyinpic.com/obj/tos-cn-i-dy/26c4bd83c03e4572a0da94a24edacb39
47.246.44.225200 OK 384 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/26c4bd83c03e4572a0da94a24edacb39
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 750 x 80\012- data
Size 384 kB (384491 bytes)
Hash 627acd5c4c2a9bb3bbf10748f1931947
0529b42ebe54b2cc9ed886ab83b50b8f14642062
a62b3a5eba800520fbb7b334c00db2e9f76e438891ae150c3b2d681ef228954a
GET /obj/tos-cn-i-dy/26c4bd83c03e4572a0da94a24edacb39 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 384491
date: Sun, 13 Nov 2022 13:26:06 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 13 Nov 2022 12:38:36 GMT
nw-session-id: 20221113203836010175073134252D40ED7nb4v02dy
nw-session-trace: 2022-11-13T20:38:36.893240111+08:00 45
x-bdcdn-cache-status: TCP_HIT
x-length: 384491
x-powered-by: ImageX
x-response-date: Sun, 13 Nov 2022 20:38:36 GMT
x-tt-logid: 20221113203836010175073134252D40ED
via: n150-056-026, cache12.l2de2[0,0,206-0,H], cache19.l2de2[2,0], cache19.l2de2[3,0], cache5.se1[0,0,200-0,H], cache4.se1[2,0]
x-request-ip: fdbd:dc02:22:46::67
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01fc3ea37d9c1ed5b7d2c200df23bf81d3980363a474adcbcdabe23efbe44349c9ded5894820052b9f65e8b67807703e46e752587a445df11739963b0fc31b09984170a333fed525dbd3f2408a1a3198fd79e91de509e1f853539053e961754b16
x-response-lb: image
ali-swift-global-savetime: 1668345966
age: 1709127
x-cache: HIT TCP_MEM_HIT dirn:11:135090739
x-swift-savetime: Sun, 13 Nov 2022 14:21:50 GMT
x-swift-cachetime: 31532656
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9816700550936088634e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/738ec2294d6f4e2d8b66e33b2a3c60d3
47.246.44.225200 OK 167 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/738ec2294d6f4e2d8b66e33b2a3c60d3
IP 47.246.44.225:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 167 kB (166626 bytes)
Hash a644e0164396e4fab83828dd224e899e
5d7970fc6ec361828598b3281945670c1ac09202
6a150be88eddb354b86cc1c37d056ee539740012b23692641c7e5d6bfe1029be
GET /obj/tos-cn-i-dy/738ec2294d6f4e2d8b66e33b2a3c60d3 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 166626
date: Thu, 17 Nov 2022 11:36:11 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Wed, 16 Nov 2022 15:49:48 GMT
nw-session-id: 20221116234948010142044018166C32334l99g03dy
nw-session-trace: 2022-11-16T23:49:48.900401148+08:00 36
x-bdcdn-cache-status: TCP_HIT
x-length: 166626
x-powered-by: ImageX
x-response-date: Wed, 16 Nov 2022 23:49:48 GMT
x-tt-logid: 20221116234948010142044018166C3233
via: n204-100-030, cache1.l2de2[0,0,206-0,H], cache19.l2de2[1,0], cache19.l2de2[2,0], cache7.se1[0,0,200-0,H], cache4.se1[2,0]
x-request-ip: fdbd:dc01:25:635::160
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01474ee18268cebb32a530282b174877cca21161d2971f9b2874e24aea83b2b3133b85c565dbf3d28e9047e63a4c0416ccb820b347c36b1e200b2352fa4acf179512ee99dea6d5af3f29c1dbfb10f11c2f1137695d92edb481af146ee852da9011
x-response-lb: image
ali-swift-global-savetime: 1668684971
age: 1370122
x-cache: HIT TCP_MEM_HIT dirn:3:402975764
x-swift-savetime: Thu, 17 Nov 2022 12:06:42 GMT
x-swift-cachetime: 31534169
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9816700550936718658e
X-Firefox-Spdy: h2
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894256451036.gif
20.189.126.154200 OK 259 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894256451036.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 259 kB (258804 bytes)
Hash 70649fd49138ca6897fe0c9365470117
f0cbcec39497ab084adb72c03a6225c2144c6866
48f51d425b1ad9363336bc2edf9009cbfd17d0c24f817fe60fec9e6ed258e5b0
GET /static/uploads/image/x22/20221004/1664894256451036.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:40:37 GMT
ETag: "1667486439"
Expires: Sat, 03 Dec 2022 14:40:37 GMT
Last-Modified: Thu, 03 Nov 2022 14:40:39 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x51/20221111/1668166428315380.gif
20.189.126.154200 OK 212 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x51/20221111/1668166428315380.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 212 kB (211695 bytes)
Hash 0b39ec7c3e074e11a5629819f3aa4700
df59dbbb9d99b72d01f518d9c8484cd188440f0f
f89a04cd56e853388cad8b34084879771c6f49885033bb0a5c51402e60d468c8
GET /static/uploads/image/x51/20221111/1668166428315380.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Fri, 11 Nov 2022 11:38:16 GMT
ETag: "1668166696"
Expires: Sun, 11 Dec 2022 11:38:16 GMT
Last-Modified: Fri, 11 Nov 2022 11:38:16 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894599409102.gif
20.189.126.154200 OK 252 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894599409102.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 252 kB (251962 bytes)
Hash feb5419ef22c0a10470f6cfe2b0f1517
412e6b8e6f4244071851549b9d5ba5fdf9a5b631
d889e702650ec0543cef9a6d281f576366872f31463f3b707498aac5cef2ae07
GET /static/uploads/image/x22/20221004/1664894599409102.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:43:27 GMT
ETag: "1667486607"
Expires: Sat, 03 Dec 2022 14:43:27 GMT
Last-Modified: Thu, 03 Nov 2022 14:43:27 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894380503898.gif
20.189.126.154200 OK 245 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894380503898.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 245 kB (245365 bytes)
Hash 15b01b59267acae7726f30675e79d8bf
7449390411869cdc7b1b4ae6bee7e4fb7e893675
3c17fb36844b4fc9ead50ffc421dba8367ff08b4e307195f72323a2d9edec46d
GET /static/uploads/image/x22/20221004/1664894380503898.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:53:19 GMT
ETag: "1667494399"
Expires: Sat, 03 Dec 2022 16:53:19 GMT
Last-Modified: Thu, 03 Nov 2022 16:53:19 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894417817771.gif
20.189.126.154200 OK 212 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894417817771.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 212 kB (212163 bytes)
Hash 14c76e87c5da9f7226cf412026035c9d
a6cbebd6fd70a1975c7900dbacea379c7722bf94
b1cd2e21b685362b7688cc2444535ff135de009483da19cb9b5de4a0624eb9a4
GET /static/uploads/image/x22/20221004/1664894417817771.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:53:19 GMT
ETag: "1667494399"
Expires: Sat, 03 Dec 2022 16:53:19 GMT
Last-Modified: Thu, 03 Nov 2022 16:53:19 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894322248517.gif
20.189.126.154200 OK 258 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x22/20221004/1664894322248517.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 258 kB (257993 bytes)
Hash 038ba2e11d90524678f7762f4628513f
a41054637ff263d13570f7eec83a3286957edc80
51d5f69d306345589b0c376bcff99c50c48bda07e3d61a5d3c1a96181acefa71
GET /static/uploads/image/x22/20221004/1664894322248517.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 16:53:19 GMT
ETag: "1667494399"
Expires: Sat, 03 Dec 2022 16:53:19 GMT
Last-Modified: Thu, 03 Nov 2022 16:53:19 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894243920576.gif
20.189.126.154200 OK 133 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894243920576.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 133 kB (133073 bytes)
Hash f44f18314d520e89498d1f67557c2697
bbdd1041f6be7316f0a565d525761a902959b6e6
303b74f93a5d4a4d3232e66f67e7e0f3f7a034495afdb766585e1aef792bded8
GET /static/uploads/image/x26/20221004/1664894243920576.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:37:28 GMT
ETag: "1667486248"
Expires: Sat, 03 Dec 2022 14:37:28 GMT
Last-Modified: Thu, 03 Nov 2022 14:37:28 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894286620122.gif
20.189.126.154200 OK 132 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894286620122.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 132 kB (131724 bytes)
Hash 6815a174b1da262bb85e17910991d3ed
cbf03ab57a46f9301dac7cd0f7cf99c777b686c7
d0089533769022907251b9dd2fbd0c51fbd14b1326dda3cc2d990c1931fabc01
GET /static/uploads/image/x26/20221004/1664894286620122.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:38:11 GMT
ETag: "1667486291"
Expires: Sat, 03 Dec 2022 14:38:11 GMT
Last-Modified: Thu, 03 Nov 2022 14:38:11 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894189710457.gif
20.189.126.154200 OK 261 kB URL HTTP/1.1 sysupload.csiteadmin.com/static/uploads/image/x26/20221004/1664894189710457.gif
IP 20.189.126.154:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 261 kB (261015 bytes)
Hash 68ca80e6c19384277e66f07f304b6ed7
680dea475bf73401cd981b5d64f81a23c5536fed
cdbf4e9a6e9fd6b14415c2039f70aef83ec4067c4d82510246096432cd8b93a8
GET /static/uploads/image/x26/20221004/1664894189710457.gif HTTP/1.1
Host: sysupload.csiteadmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 03 Nov 2022 14:36:31 GMT
ETag: "1667486191"
Expires: Sat, 03 Dec 2022 14:36:31 GMT
Last-Modified: Thu, 03 Nov 2022 14:36:31 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache: HIT, server, disk
Transfer-Encoding: chunked
8499223.com/8499/960x60.gif
162.209.128.162200 OK 331 kB URL HTTP/2 8499223.com/8499/960x60.gif
IP 162.209.128.162:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /8499/960x60.gif HTTP/1.1
Host: 8499223.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:11:33 GMT
content-type: image/gif
content-length: 331043
last-modified: Wed, 09 Nov 2022 06:22:39 GMT
etag: "50d23-5ed03aef4304d"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/PiajxSqBRaEJCjRiad0icX6wDFztQicSe4tth0Ct5Hp6EKicNLU8zibqbwsY2Td8f6PbxXhicAFOqqTNSE/0
43.154.254.32200 OK 331 kB URL HTTP/2 p.qlogo.cn/qqmail_head/PiajxSqBRaEJCjRiad0icX6wDFztQicSe4tth0Ct5Hp6EKicNLU8zibqbwsY2Td8f6PbxXhicAFOqqTNSE/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /qqmail_head/PiajxSqBRaEJCjRiad0icX6wDFztQicSe4tth0Ct5Hp6EKicNLU8zibqbwsY2Td8f6PbxXhicAFOqqTNSE/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Sat, 03 Dec 2022 08:11:33 GMT
content-type: image/gif
content-length: 331043
vary: Accept,Origin
last-modified: Wed, 09 Nov 2022 13:50:47 GMT
cache-control: max-age=2592000
x-delay: 172 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 331043
chid: 0
fid: 0
x-nws-log-uuid: 18d5680b-d19b-49b0-91b4-8b93c3cdeeee
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c64ab72-bcba-40fb-b912-d1f41e6b381a.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c64ab72-bcba-40fb-b912-d1f41e6b381a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a03ff222aa12639f1fa939056c19c9fc
d4bc237ce074da3269ddd70affee2ce2f83081eb
b374a38bd3adf7f66ed1c8c1153c96e07d7d0fa37179ea3e38899d863bbdacb9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c64ab72-bcba-40fb-b912-d1f41e6b381a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8228
x-amzn-requestid: 8c071948-dccd-4416-8978-659e0f97a70a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfd-oFGLoAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63894390-6eded101572b79ec7b8bba87;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 00:15:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F2yF_SMkhqXNP2OZlrbamxzMy6zpEpWJsGvrTh3gZrCaju6duR6tEQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:22:30 GMT
age: 10146
etag: "d4bc237ce074da3269ddd70affee2ce2f83081eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img.u1663.com/images/6370e54a76f8321d8388c847.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.u1663.com/images/6370e54a76f8321d8388c847.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/6370e54a76f8321d8388c847.gif HTTP/1.1
Host: img.u1663.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/26c4bd83c03e4572a0da94a24edacb39
X-Firefox-Spdy: h2
img.9781x.com/images/6370e5fe76f8321d8388c849.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.9781x.com/images/6370e5fe76f8321d8388c849.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/6370e5fe76f8321d8388c849.gif HTTP/1.1
Host: img.9781x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/738ec2294d6f4e2d8b66e33b2a3c60d3
X-Firefox-Spdy: h2
img.1135555.com/images/637cc76e57b922de4f030a84.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.1135555.com/images/637cc76e57b922de4f030a84.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/637cc76e57b922de4f030a84.gif HTTP/1.1
Host: img.1135555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qmjijs-niudyeh-eyqujd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/c8395602b4bb4d6b9aae359cb2b4bfec
X-Firefox-Spdy: h2