lq3klqrg.icu/jp
301 Moved Permanently 293 B IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d2d9b6dc4554266d383a647d2a393c1a
866f2b57b376e5f3c7df0f266b3a512f03ab86b5
1c09c0997199f4fe6254f411199e2c59226a6ba145572edefe9d4b8e848e35b6
Analyzer Verdict Alert openphish Rakuten
fortinet Phishing
quad9 Sinkholed
GET /jp HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 16:49:51 GMT
Server: Apache
Location: https://lq3klqrg.icu/jp
Content-Length: 293
Connection: close
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10090
Expires: Tue, 04 Oct 2022 19:38:02 GMT
Date: Tue, 04 Oct 2022 16:49:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 16:14:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cWlEHaxKUVYiD7uXtz0RJPzyO4sRKklj47pIV1wwVzIEQ3r-YFoAAg==
Age: 2118
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 74134730f642b6f6dfeca3ecc61a329e
668914cc93cceb123d199a45df13ad764704fa84
d681a4c2e20a6019c7e2d980cbfa77b34db9356899099296c3b8b4263ca5fb5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D681A4C2E20A6019C7E2D980CBFA77B34DB9356899099296C3B8B4263CA5FB5F"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2191
Expires: Tue, 04 Oct 2022 17:26:23 GMT
Date: Tue, 04 Oct 2022 16:49:52 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mUwZD46ipvcsYT5SpNTUE3chwl3QX7cuix7HMl5qPhSju7WrdYQnJX/Ng1vUhSGiwkCMBtCAXeVfu1Y0gEfD7A==
x-amz-request-id: Z8XWT5JFJWD9JMEF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Oct 2022 15:51:25 GMT
age: 3507
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 16:49:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ffe5e275ea5b3c96d00f67c1d0425a06
513ed2f7eb0617e979daa1e46a3f172e5e8fe003
d105638df6322343f04005e27d30c627fc35573d78fde8fc20644f6f6c92175d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D105638DF6322343F04005E27D30C627FC35573D78FDE8FC20644F6F6C92175D"
Last-Modified: Tue, 04 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Tue, 04 Oct 2022 22:49:12 GMT
Date: Tue, 04 Oct 2022 16:49:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 16:29:33 GMT
Expires: Tue, 04 Oct 2022 16:31:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HdDl-sxkpLTdPFVbf9WJBB01K2DVJ6EoKjnxqnSKCed7QqYM5dPNUA==
Age: 1219
lq3klqrg.icu/jp
200 OK 597 B IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash c77100e72e557d32ba949e524ed8ccaf
4c249bc5a0ad000e7ddde1f070e000cf2afdbc30
f925ec09a44306b0dc0ca9baa261d1fad848d62f8cbc0a76796c75e7ccaac6c0
Analyzer Verdict Alert openphish Rakuten
fortinet Phishing
quad9 Sinkholed
GET /jp HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:52 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; path=/
_amkc=2c7881e9-af55-4f81-bd59-dd4cd9bbab53; expires=Tue, 04-Oct-2022 17:14:52 GMT; Max-Age=1500; path=/; domain=lq3klqrg.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Tue, 04-Oct-2022 17:14:52 GMT; Max-Age=1500; path=/; domain=lq3klqrg.icu
access-control-allow-origin: lq3klqrg.icu
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
vary: Accept-Encoding
content-encoding: gzip
content-length: 597
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6504
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 16:49:52 GMT
Last-Modified: Tue, 04 Oct 2022 15:01:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
lq3klqrg.icu/vendor/vendor.23238u92u82.js
200 OK 1.9 kB URL HTTP/2 lq3klqrg.icu/vendor/vendor.23238u92u82.js
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (325), with CRLF line terminators
Hash 7ca50ba65dff02b9c1fdc7dfc12151be
6c6c921082ff698e1596e48d4b857ad464fddc52
5560969a92b6346ddbc4f3473895be53bfc1f14309d5811595ea2428197658bd
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /vendor/vendor.23238u92u82.js HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/jp
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=2c7881e9-af55-4f81-bd59-dd4cd9bbab53; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:52 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Fri, 17 Jun 2022 12:31:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1907
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/index.php?t=9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf
200 OK 2.4 kB URL HTTP/2 lq3klqrg.icu/index.php?t=9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4522), with CRLF line terminators
Hash 83e20adb90db7c648474fa0bd0cf76f6
d1894a32320dd504c555f7548d7fe9b470494625
2769252305a0eef8beee01eef2f6cded7e3107f9cb7d2be681c67e1d937f2258
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /index.php?t=9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/jp
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=2c7881e9-af55-4f81-bd59-dd4cd9bbab53; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=22496037-3881-4da4-9791-ae6780a87ace; expires=Tue, 04-Oct-2022 17:14:53 GMT; Max-Age=1500; path=/; domain=lq3klqrg.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Tue, 04-Oct-2022 17:14:53 GMT; Max-Age=1500; path=/; domain=lq3klqrg.icu
access-control-allow-origin: lq3klqrg.icu
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
vary: Accept-Encoding
content-encoding: gzip
content-length: 2398
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: f+ERHDgNHgnAx543b0EICg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Cv1KIIJUflxgTQCXqzxCCllen0g=
s.go-mpulse.net/boomerang/BGD27-RKZLH-HC9BY-VXAAE-E5EDR
200 OK 50 kB URL HTTP/2 s.go-mpulse.net/boomerang/BGD27-RKZLH-HC9BY-VXAAE-E5EDR
IP
File type C source, ASCII text, with very long lines (65103)
Hash 8991c3ec80ec8fbc41382a55679e3911
8cc8cee91d671038acd9e3ae611517d6801b0909
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800
GET /boomerang/BGD27-RKZLH-HC9BY-VXAAE-E5EDR HTTP/1.1
Host: s.go-mpulse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
content-encoding: br
last-modified: Mon, 19 Sep 2022 23:19:44 GMT
timing-allow-origin: *
vary: Accept-Encoding
x-n: S
content-length: 50393
date: Tue, 04 Oct 2022 16:49:53 GMT
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
200 OK 15 kB URL HTTP/2 lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (23226), with CRLF, LF line terminators
Hash 52ba42bf5c1502c28edb7eb373245784
5414b744ac406a4d4503c1540def5fc1f525ea9d
9be8e94a341e175a68cb7d0c17cb7267ea9031acf25bcd747c6ec25007287aee
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/index.php?t=9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=22496037-3881-4da4-9791-ae6780a87ace; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; expires=Tue, 04-Oct-2022 17:14:53 GMT; Max-Age=1500; path=/; domain=lq3klqrg.icu
access-control-allow-origin: lq3klqrg.icu
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
vary: Accept-Encoding
content-encoding: gzip
content-length: 15127
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/login.css?948
200 OK 2.5 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/login.css?948
IP
ASN #36352 AS-COLOCROSSING
Hash 3fe6ab14f3860dc59c4275c7208e4f10
7c9bc61bc9fae629ae1b85a8e47e8217959c0324
35805d46e33951c011670602ddc7791ea157895dd9369d28f929c7c929cb791f
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/login.css?948 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Thu, 15 Sep 2022 08:01:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2496
content-type: text/css
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/login.js?236
200 OK 732 B URL HTTP/2 lq3klqrg.icu/login_ap/css/login.js?236
IP
ASN #36352 AS-COLOCROSSING
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0c1cda05f35c2950ad6bbcc3d07d835c
2eae2100bbb9c20b55debfdd7cd5f8f05c244edf
304f54fc920f111a90e31b54422f0093771a3e34b79d42804d21a6b327c054f4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/login.js?236 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 732
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/jquery-migrate-3.1.0.min.js?236
200 OK 3.3 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/jquery-migrate-3.1.0.min.js?236
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (8892)
Hash acace3dc846caaad67a94032ecf05f4f
f6e0ee3f11e99675a30cbb6275416929133f1858
c041df4c53fecb4c5e4156193c7f7aafa5b94970bdc6ce233c218ba9a0e78cfc
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/jquery-migrate-3.1.0.min.js?236 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3292
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/challenger.css
200 OK 630 B URL HTTP/2 lq3klqrg.icu/login_ap/css/challenger.css
IP
ASN #36352 AS-COLOCROSSING
Hash ae66d051c9c2b3d537bf1579120cf94b
c0c4dccda7cc3eedea79b15c5d56dd0f6faf665b
33ae02b795a7c2addd5a68cda0db6215d8802e8c58c1fbf646da7cbf00dd9c66
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/challenger.css HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 630
content-type: text/css
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/spacer.gif
200 OK 49 B URL HTTP/2 lq3klqrg.icu/login_ap/css/spacer.gif
IP
ASN #36352 AS-COLOCROSSING
File type GIF image data, version 89a, 50 x 1\012- data
Hash a1de57fd0b456c6d9770a63b37634f69
63f11c1db46f633675862daf7b31ee83b38167e1
229a4c6e872bb11a3325501e43ef3e506d1ebb9be98ed79321d7c879d98e695e
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/spacer.gif HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
content-length: 49
content-type: image/gif
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/ral-1.8.1.js
200 OK 9.9 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/ral-1.8.1.js
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (4726)
Hash 735738d4ec5f4ac89cff892152e84b27
0868b7972c75124c4e62473bb44952de4dec7ebe
04860188c55a5dd4894f561b59aeabe7b447ffb9eb5b5873105058d23deae8c2
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/ral-1.8.1.js HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9949
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/rc-logo_CardEnavi_1.svg
200 OK 3.2 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/rc-logo_CardEnavi_1.svg
IP
ASN #36352 AS-COLOCROSSING
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1473)
Hash 94ea3add18e9af94b5eaa9458b86f5ba
a267b228daaf9702330cba9b24bcbf9b9e39b883
93929234015693329d086db957b1b032610b68e3dd4f2b20a67ab496f65f37c0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/rc-logo_CardEnavi_1.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3235
content-type: image/svg+xml
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/jquery-3.4.1.min.js?236
200 OK 31 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/jquery-3.4.1.min.js?236
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (65451)
Hash c65598a79e692c79f732ea0b099f9da7
5459de784144478c4a5088437bf5da4690dbae5f
653cc57da3a15e7ba824119d448c287f3c1a9a0afb400970ed3658d48765984a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/jquery-3.4.1.min.js?236 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 30677
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/stop_540x249.png
200 OK 58 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/stop_540x249.png
IP
ASN #36352 AS-COLOCROSSING
File type PNG image data, 540 x 249, 8-bit/color RGB, non-interlaced\012- data
Hash bdb2ec68f7093e4a2d0837dee3e2c517
89b5640c5a55d932ec03f98b8736482cc890e227
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/stop_540x249.png HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
content-length: 58080
content-type: image/png
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/rat-sec.js
200 OK 13 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/rat-sec.js
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (12632)
Hash c029a5b1b9cff7139e3c08c9ea4cf1f7
2b355463853c05861ba05cb2f8cd5b86bab979e2
3d5bdce91168ebb5631aa7dc51e5d4d330a0f7710a09d3005cf3254259b9abd0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/rat-sec.js HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 13023
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/s_code.js?236
200 OK 21 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/s_code.js?236
IP
ASN #36352 AS-COLOCROSSING
Hash a0581c0ab4d2ada7688d124ef20276c0
d779d9fcf3706823ff6f029d47260ff1942683b1
683a2f733f32b5cb55fd22a5b8521ff3edaf75b4dc443a5c743f347988bdd1c5
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/s_code.js?236 HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 21363
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/jquery-3.4.1.min.js
200 OK 31 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/jquery-3.4.1.min.js
IP
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (65451)
Hash c65598a79e692c79f732ea0b099f9da7
5459de784144478c4a5088437bf5da4690dbae5f
653cc57da3a15e7ba824119d448c287f3c1a9a0afb400970ed3658d48765984a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/jquery-3.4.1.min.js HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 30677
content-type: application/javascript
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/css/rexicon-32-eye-f.svg
404 Not Found 259 B URL HTTP/2 lq3klqrg.icu/login_ap/css/css/rexicon-32-eye-f.svg
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c69782effd05becd16a33b9709aaaefb
6d2cd8d327c333188c98d3c5cd05b821853f20f1
7eadef6a60185da2657319883a432bc761b59f2841ee52f0f2e0b829015f524c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/css/rexicon-32-eye-f.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/css/login.css?948
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
content-length: 259
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/css/rexicon-32-check.svg
404 Not Found 259 B URL HTTP/2 lq3klqrg.icu/login_ap/css/css/rexicon-32-check.svg
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c69782effd05becd16a33b9709aaaefb
6d2cd8d327c333188c98d3c5cd05b821853f20f1
7eadef6a60185da2657319883a432bc761b59f2841ee52f0f2e0b829015f524c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/css/rexicon-32-check.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/css/login.css?948
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
content-length: 259
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/css/rexicon-32-chevron-right.svg
404 Not Found 259 B URL HTTP/2 lq3klqrg.icu/login_ap/css/css/rexicon-32-chevron-right.svg
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c69782effd05becd16a33b9709aaaefb
6d2cd8d327c333188c98d3c5cd05b821853f20f1
7eadef6a60185da2657319883a432bc761b59f2841ee52f0f2e0b829015f524c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/css/rexicon-32-chevron-right.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/css/login.css?948
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
content-length: 259
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/css/rexicon-32-new-window-l.svg
404 Not Found 259 B URL HTTP/2 lq3klqrg.icu/login_ap/css/css/rexicon-32-new-window-l.svg
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c69782effd05becd16a33b9709aaaefb
6d2cd8d327c333188c98d3c5cd05b821853f20f1
7eadef6a60185da2657319883a432bc761b59f2841ee52f0f2e0b829015f524c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/css/rexicon-32-new-window-l.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/css/login.css?948
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
content-length: 259
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
lq3klqrg.icu/login_ap/css/css/rexicon-32-sign-info-l.svg
404 Not Found 259 B URL HTTP/2 lq3klqrg.icu/login_ap/css/css/rexicon-32-sign-info-l.svg
IP
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c69782effd05becd16a33b9709aaaefb
6d2cd8d327c333188c98d3c5cd05b821853f20f1
7eadef6a60185da2657319883a432bc761b59f2841ee52f0f2e0b829015f524c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /login_ap/css/css/rexicon-32-sign-info-l.svg HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/css/login.css?948
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 16:49:53 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
content-length: 259
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 2daa2c3ef8d3a05b978539fb90f55828
9cc1e0bdb162ce50152ae2539b4196aa02560ff1
0f0c3a7ceb78216865b0f4ec833a3cc61f5277766c6a2aa11ad7227bb79494f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 16:49:54 GMT
Last-Modified: Tue, 04 Oct 2022 15:00:21 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 312
lq3klqrg.icu/login_ap/css/favicon.ico
200 OK 1.5 kB URL HTTP/2 lq3klqrg.icu/login_ap/css/favicon.ico
IP
ASN #36352 AS-COLOCROSSING
File type MS Windows icon resource - 5 icons, 48x48, 32 bits/pixel, 64x64, 32 bits/pixel\012- data
Hash 9867f2c840b4760f2c2c6301c57413dd
7cba4a96c71201bbf89430d375e638c7d94c6797
7ec13c583daf259258dfb80c11516ae083828160796d4f14e3ff0444fbe2d817
Analyzer Verdict Alert quad9 Sinkholed
GET /login_ap/css/favicon.ico HTTP/1.1
Host: lq3klqrg.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/login_ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=fd373mcful2md8s1eh50ip2ln3; _amkc=b9113d4c-0496-4485-aede-d5f0bae9d335; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; _ra=1664902192898|4a06e98f-c5cf-4e62-8eb0-2afb17c1d091; s_sess=%20s_cc%3Dtrue%3B%20s_prevsite%3Dcard%3B%20s_sq%3D%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 16:49:54 GMT
server: Apache
access-control-allow-origin: (null)
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
content-security-policy: frame-ancestors 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
upgrade-insecure-requests: 1
last-modified: Wed, 14 Sep 2022 16:28:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1533
content-type: image/x-icon
X-Firefox-Spdy: h2
rakuten.112.2o7.net/b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
302 Found 0 B URL HTTP/2 rakuten.112.2o7.net/b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: rakuten.112.2o7.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
access-control-allow-origin: *
vary: Origin
date: Tue, 04 Oct 2022 16:49:54 GMT
content-type: text/plain;charset=utf-8
expires: Mon, 03 Oct 2022 16:49:54 GMT
last-modified: Wed, 05 Oct 2022 16:49:54 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|319E32194FE091A5-40001605FF04D7BE[CE]; Path=/; Domain=rakuten.112.2o7.net; Max-Age=63072000; Expires=Thu, 03 Oct 2024 16:49:49 GMT; SameSite=None; Secure
location: https://rakuten.112.2o7.net/b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&pccr=true&vidn=319E32194FE091A5-40001605FF04D7BE&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
content-length: 0
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
rakuten.112.2o7.net/b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&pccr=true&vidn=319E32194FE091A5-40001605FF04D7BE&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
200 OK 43 B URL HTTP/2 rakuten.112.2o7.net/b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&pccr=true&vidn=319E32194FE091A5-40001605FF04D7BE&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/rakutenkcdev/1/H.22.1/s76756308754061?AQB=1&pccr=true&vidn=319E32194FE091A5-40001605FF04D7BE&ndh=1&t=4%2F9%2F2022%2016%3A49%3A53%202%200&ce=UTF-8&ns=rakuten&cdp=3&pageName=%5Be-NAVI%5Dlogin&g=https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1&r=https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf&cc=JPY&ch=%5Be-NAVI%5Dlogin&server=lq3klqrg.icu&events=event1&c1=login&c4=allchecked&v4=allchecked&c9=e-NAVI&v17=D%3DUser-Agent&c28=1%3A14AM&v28=1%3A14AM&c29=Thursday&v29=Thursday&c36=%5Be-NAVI%5Dlogin&v36=%5Be-NAVI%5Dlogin&c41=%5Be-NAVI%5Dlogin&c42=Other%20Websites%3Alq3klqrg.icu%3A%5Be-NAVI%5Dlogin&c43=%5Be-NAVI%5Dlogin&c49=D%3Dg&c50=card&v51=Other%20Websites%3Alq3klqrg.icu&v52=D%3DpageName&c61=Others&v61=D%3Dc61&c62=Firefox&v62=D%3Dc62&c63=D%3DUser-Agent&v63=D%3DUser-Agent&c69=0.026&c70=H.22.1-1.20120307&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: rakuten.112.2o7.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lq3klqrg.icu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Tue, 04 Oct 2022 16:49:54 GMT
expires: Mon, 03 Oct 2022 16:49:54 GMT
last-modified: Wed, 05 Oct 2022 16:49:54 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|319E32192EEA3452-60000A83FF01DD82[CE]; Path=/; Domain=rakuten.112.2o7.net; Max-Age=63072000; Expires=Thu, 03 Oct 2024 16:49:49 GMT; SameSite=None; Secure
etag: 3575350237921411072-4619754801671036289
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash fdf91f6e6430159255a855cfa8db51bd
6c1283d1b8dc5e95d3f1b01d40f11ddacea7907a
6f023549dea5615ad2c405c3c1ab1d9ef8f0c8792646644c13b15bd63a642633
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6391
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 16:49:54 GMT
Last-Modified: Tue, 04 Oct 2022 15:03:23 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
c.go-mpulse.net/api/config.json?key=BGD27-RKZLH-HC9BY-VXAAE-E5EDR&d=lq3klqrg.icu&t=5549674&v=1.720.0&sl=0&si=700b5a32-98df-45a3-9a8b-8fc44e73c1ba-rj8mr5&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=691193
200 OK 51 B URL HTTP/1.1 c.go-mpulse.net/api/config.json?key=BGD27-RKZLH-HC9BY-VXAAE-E5EDR&d=lq3klqrg.icu&t=5549674&v=1.720.0&sl=0&si=700b5a32-98df-45a3-9a8b-8fc44e73c1ba-rj8mr5&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=691193
IP
File type JSON data\012- , ASCII text
Hash 22b5888aceb1d2c769ed3f88bf42cc60
4f692f4e4ea815b92dc442a03107dcefb0026997
503e5231837a0fea130419b5a515a98cbf03ec483fe581e31093c472874bcd2c
GET /api/config.json?key=BGD27-RKZLH-HC9BY-VXAAE-E5EDR&d=lq3klqrg.icu&t=5549674&v=1.720.0&sl=0&si=700b5a32-98df-45a3-9a8b-8fc44e73c1ba-rj8mr5&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=691193 HTTP/1.1
Host: c.go-mpulse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lq3klqrg.icu
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Timing-Allow-Origin: *
Content-Length: 51
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
Content-Type: application/json
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Tue, 04 Oct 2022 22:36:54 GMT
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Tue, 04 Oct 2022 22:36:54 GMT
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Tue, 04 Oct 2022 22:36:54 GMT
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Tue, 04 Oct 2022 22:36:54 GMT
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Tue, 04 Oct 2022 22:36:54 GMT
Date: Tue, 04 Oct 2022 16:49:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 66035
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 67988
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 68040
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 43621
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 67135
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 65550
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r.r10s.jp/com/rat/js/ral-1.8.1.js
200 OK 9.9 kB URL HTTP/2 r.r10s.jp/com/rat/js/ral-1.8.1.js
IP
File type ASCII text, with very long lines (4726)
Hash 735738d4ec5f4ac89cff892152e84b27
0868b7972c75124c4e62473bb44952de4dec7ebe
04860188c55a5dd4894f561b59aeabe7b447ffb9eb5b5873105058d23deae8c2
GET /com/rat/js/ral-1.8.1.js HTTP/1.1
Host: r.r10s.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 05:10:23 GMT
etag: "62b152bf-7276"
x-backend: 3qoC4JfhWctVxQWhawrxHp--F_origin1
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 04 Oct 2022 16:49:54 GMT
x-random: 71
x-uuidv4: fbc30109-5797-4aa9-b9fb-d702887905c0
x-served-by: cache-tyo11977-TYO, cache-bma1661-BMA
x-cache: HIT, HIT
x-cache-hits: 296740, 57
x-timer: S1664902194.454712,VS0,VE0
x-cdn-served-from: Fastly
cache-control: max-age=86400
expires: Wed, 05 Oct 2022 16:49:54 GMT
vary: Accept-Encoding,Origin
content-length: 9949
X-Firefox-Spdy: h2
www.rakuten.co.jp/com/rat/plugin/external/ral-iframe-rakuten.co.jp.html?o-id=https%3A%2F%2Flq3klqrg.icu
200 OK 2.0 kB URL HTTP/2 www.rakuten.co.jp/com/rat/plugin/external/ral-iframe-rakuten.co.jp.html?o-id=https%3A%2F%2Flq3klqrg.icu
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2a5be03ac4f97b368f7cc76b28e4fe68
5be5bc059638b0527d01db579c0b5f275433e18b
11931a29ff28b60b934c87aafc0a6b399f3a020dd2ad4eccd59f402857671dc7
GET /com/rat/plugin/external/ral-iframe-rakuten.co.jp.html?o-id=https%3A%2F%2Flq3klqrg.icu HTTP/1.1
Host: www.rakuten.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-type: text/html; charset=euc-jp
x-akamai-transformed: 9 1758 0 pmb=mTOE,2
date: Tue, 04 Oct 2022 16:49:54 GMT
content-length: 1969
vary: Accept-Encoding, User-Agent
set-cookie: Apache=ff296ece.5ea383fe15bb1; path=/; expires=Wed, 04-Oct-23 16:49:54 GMT
ak_bmsc=46C888F810B58ECD56BBAF446E200B1C~000000000000000000000000000000~YAAQFU8kF9xwq4WDAQAARmXnoxFUJw4dR7pIQRpjHvUYEoDbm+z6ZgVhmHwYsXTElgrPgPA4sHnhr5Sl6HgSgQKKGzv1XrKEMsT32DumZ53zirsAORv54GUKiK5fuD3R1t0hfepLJF5HQpCyOhFqKx48+FkRhJRBG1WwCwFK/mVbSF4DtvzJz9G9VoQ4NSN4TE5Gur6WMnmhPci+SxbJsIs0KE1UdWxsbPz5GvFzHHv4HJ7Za/rcX7P6wF02knUjLY7xY7jYw80FwnM+UZVkktJ5OKK9A1VGTqcd0lQWqm6BvJQsiBjikl4lzQfFT9+0/O6Z3edXh3+6yNPOSWrq9EApDNx4SnRCQ9AONcHYcfd9k7uncJsOEfyqxh9CNZTDCGuZQclLAf0gVFIp; Domain=.rakuten.co.jp; Path=/; Expires=Tue, 04 Oct 2022 18:49:54 GMT; Max-Age=7200; HttpOnly
bm_mi=FD44A2D1B882FEBBE1F0B4FD4CD081B2~YAAQFU8kF91wq4WDAQAARmXnoxHwLIwSZM4Flqm8s4dEGxwbeov7a0fhXf0PXTVcXpTuwogBBKafgDyrzAR58x9bOeY0H8xBHRZo8G9gjIMtZVI9yEohSlt+13GrU/ftmCVnkQGhDj8GntvDobVh4NY5m7TnpDTPGOGyf2NXElLYL1ACVlfojgmdEUvP2LiZAq/gTLNWZb+lyXpblNotJ5Iv2uyGnQh5J+03TDRB9pw1W1op+WHC2xrHcLM/lLcTGjOL8ux079YsQb24TLDRGw+qJ94+2HyCsKQ19U8UUNH9CejNZPcTraOpIM9XRTOTk5x8PQx/H0VnJHj1p2bGGwrGbAQdBCuBfWYJupDxluTpgX2M44Zpt+wIWTFz1fw6zvoza0g=~1; Domain=.rakuten.co.jp; Path=/; Expires=Tue, 04 Oct 2022 16:49:54 GMT; Max-Age=0; Secure
X-Firefox-Spdy: h2
www.rakuten.co.jp/akam/13/319792b6
200 OK 8.8 kB URL HTTP/2 www.rakuten.co.jp/akam/13/319792b6
IP
File type ASCII text, with very long lines (14356)
Hash 57a3093a3fe84f14722a6756f7b507e9
b37cdea146d053ddf971606965edb3b80bb7b842
c3f9735a34a194ed973fe42f810f5a7dbc1f2c5d2428b3a5197de6a3038443e5
GET /akam/13/319792b6 HTTP/1.1
Host: www.rakuten.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rakuten.co.jp/com/rat/plugin/external/ral-iframe-rakuten.co.jp.html?o-id=https%3A%2F%2Flq3klqrg.icu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 09 Feb 2022 15:05:52 GMT
etag: "814cfcc54388242fba2648e45d000b507862e1bc8f141655f706839548cc3609"
content-type: application/javascript
content-encoding: gzip
content-length: 8796
date: Tue, 04 Oct 2022 16:49:55 GMT
vary: Accept-Encoding, User-Agent
set-cookie: ak_bmsc=4AF182EF1977D9EC516F972318EDDEB7~000000000000000000000000000000~YAAQFU8kF+Jwq4WDAQAAZWfnoxEZP/nQmbUk5VvLiHiBEPGMXUHNv6Do/Mw9B2F2aemZhYnhLsrrTdL2qoHwmRJ8m2QulhAcJ3dxc6Dpriw3eRmajOfWuEX302kUO+anaZCW3ngnG3osR/xttSOpqOfKFkc+lhEgUWTjya56tzBgg15W9jXwH825bAQNxRQIwt0dza8GRE89KRy9DvouIJaPrI8ViYPzdisa01FiSnCnJTLgCVWmS3A8VEwI+fzPKDCrRfvekdgMGJ7Bhv0FvgpK8U0//Ra5ytx05K+//QyQXj0BPHV8H892Qz+BOO72VzQbLW87e5dkKTsuciBndZA0LViIF6pJnkX06v75Hutneo2j43N4Of0UXwRxceigEj1F/cUHt5iODKhmz+4u+B/PTXoQOc2ZZSTtLJ9R5YmzFzQ4c+yLdWIL5sv2hjnNWey5ZjPvXxQVDKHUYx0K/KDT0xHzKyXqqV3dd6OhE/k=; Domain=.rakuten.co.jp; Path=/; Expires=Tue, 04 Oct 2022 18:49:54 GMT; Max-Age=7199; HttpOnly
X-Firefox-Spdy: h2
rat.rakuten.co.jp/?cpkg_none=%7B%22acc%22%3A461%2C%22aid%22%3A1%2C%22bid%22%3A%2216649021939538a8e4903%22%7D
200 OK 43 B URL HTTP/1.1 rat.rakuten.co.jp/?cpkg_none=%7B%22acc%22%3A461%2C%22aid%22%3A1%2C%22bid%22%3A%2216649021939538a8e4903%22%7D
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d3e941fe204d0a9cc5b92782bbf882c8
682a77b3dd546b61ae894285128ffba13a33cf7d
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
GET /?cpkg_none=%7B%22acc%22%3A461%2C%22aid%22%3A1%2C%22bid%22%3A%2216649021939538a8e4903%22%7D HTTP/1.1
Host: rat.rakuten.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rakuten.co.jp/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: True-Client-Ip,X-Real-Ip,X-Forwarded-For,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS
Content-Type: image/gif
Content-Length: 43
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
Server: RAT server
Date: Tue, 04 Oct 2022 16:49:55 GMT
Connection: keep-alive
Set-Cookie: Rp=7048ab856b869d8e109393c2edb633c6432e7017; path=/; expires=Thu, 03-Oct-24 16:49:54 GMT; domain=.rakuten.co.jp; SameSite=None; Secure
rat_v=264ab08ac384fcab109393d2edb633c6432e7040; path=/; expires=Tue, 04-Oct-22 17:19:54 GMT; domain=.rakuten.co.jp; SameSite=None; Secure
www.rakuten.co.jp/akam/13/pixel_319792b6
200 OK 0 B URL HTTP/2 www.rakuten.co.jp/akam/13/pixel_319792b6
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /akam/13/pixel_319792b6 HTTP/1.1
Host: www.rakuten.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2653
Origin: https://www.rakuten.co.jp
Connection: keep-alive
Referer: https://www.rakuten.co.jp/com/rat/plugin/external/ral-iframe-rakuten.co.jp.html?o-id=https%3A%2F%2Flq3klqrg.icu
Cookie: Rp=7048ab856b869d8e109393c2edb633c6432e7017; rat_v=264ab08ac384fcab109393d2edb633c6432e7040
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 0
date: Tue, 04 Oct 2022 16:49:55 GMT
access-control-allow-origin: https://www.rakuten.co.jp
vary: User-Agent
set-cookie: ak_bmsc=E79F4D7EDF43322D5EBAF26E9B23D69E~000000000000000000000000000000~YAAQFU8kF+dwq4WDAQAAjmnnoxG2USSwelUX8NbgsIA4+MVUCdjIzkJf+ukZVz9nmRVMxFWoZNC58AZCOKMiqdqFL8WXzjD4sWN4KuplUbve2oPV0uzxIfnRkqswImp9UviwOYRjZCsFB232sVd4Sx8Lr6/xKsOqAqmsgGVuihFkC4JOxf7yaNppt6ag4AHtiDqWJc/h807sE4ZiXCi4saKhx1QVUpavv8HafvAJv8KBPWOwRah7a4IOawvHdOm002WoIrVJ/e9vExdfNgtOxIfySPQNqirMPzETQNDvBdO7xl8BL4a48vcGOhbki7LmVMhIp9TtmlbkCKWOTdMzkOWR7XTFgMQdtMRcuYfFevjkojZgqGkfZXLzyqa/Q9bg5SuYEmM4hFUvqBRPP9rQAuw71XzUftCk; Domain=.rakuten.co.jp; Path=/; Expires=Tue, 04 Oct 2022 18:49:55 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cd871423f365d7d1a5322fc19736275e
d87bd5162078798db84171a0e154c5cb6733182b
481e08109969743bb206775f3107d17711b1f14f98159f01d0afb94bdafc85a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 16:49:58 GMT
Server: ECS (amb/6BA3)
Content-Length: 471
secure.rat.rakuten.co.jp/?cpkg_none=%7B%22acc%22%3A1271%2C%22aid%22%3A1%2C%22pgn%22%3A%22%2Flogin_ap%2Fsignin%22%2C%22ssc%22%3A%22%2Flogin_ap%22%2C%22etype%22%3A%22pv%22%2C%22ltm%22%3A%222022-10-04%2016%3A49%3A52%22%2C%22url%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1%22%2C%22ref%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf%22%2C%22tid%22%3A%22e4d53225%22%2C%22tzo%22%3A0%2C%22res%22%3A%221280x1024%22%2C%22jav%22%3Afalse%2C%22bln%22%3A%22en-US%22%2C%22ua%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22online%22%3Atrue%2C%22ver%22%3A%221.8.1%22%2C%22rqtime%22%3A162%2C%22ldtime%22%3A609%2C%22tpgldtime%22%3A1970%2C%22astime%22%3A1196%2C%22navtype%22%3A255%2C%22ifr%22%3A0%2C%22wv_fcp%22%3A648%2C%22wv_ttfb%22%3A155%2C%22wv_ver%22%3A%222.1.4%22%2C%22pgid%22%3A%228b1d85484a12d0a9%22%2C%22_merge_flags%22%3A%7B%22appear%22%3Atrue%2C%22async%22%3Afalse%2C%22scroll%22%3Atrue%2C%22click%22%3Afalse%2C%22pv%22%3Atrue%2C%22perf%22%3Afalse%7D%2C%22_ra%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%2C%22use_cks%22%3Afalse%2C%22cks2%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%7D
200 OK 0 B URL HTTP/2 secure.rat.rakuten.co.jp/?cpkg_none=%7B%22acc%22%3A1271%2C%22aid%22%3A1%2C%22pgn%22%3A%22%2Flogin_ap%2Fsignin%22%2C%22ssc%22%3A%22%2Flogin_ap%22%2C%22etype%22%3A%22pv%22%2C%22ltm%22%3A%222022-10-04%2016%3A49%3A52%22%2C%22url%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1%22%2C%22ref%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf%22%2C%22tid%22%3A%22e4d53225%22%2C%22tzo%22%3A0%2C%22res%22%3A%221280x1024%22%2C%22jav%22%3Afalse%2C%22bln%22%3A%22en-US%22%2C%22ua%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22online%22%3Atrue%2C%22ver%22%3A%221.8.1%22%2C%22rqtime%22%3A162%2C%22ldtime%22%3A609%2C%22tpgldtime%22%3A1970%2C%22astime%22%3A1196%2C%22navtype%22%3A255%2C%22ifr%22%3A0%2C%22wv_fcp%22%3A648%2C%22wv_ttfb%22%3A155%2C%22wv_ver%22%3A%222.1.4%22%2C%22pgid%22%3A%228b1d85484a12d0a9%22%2C%22_merge_flags%22%3A%7B%22appear%22%3Atrue%2C%22async%22%3Afalse%2C%22scroll%22%3Atrue%2C%22click%22%3Afalse%2C%22pv%22%3Atrue%2C%22perf%22%3Afalse%7D%2C%22_ra%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%2C%22use_cks%22%3Afalse%2C%22cks2%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%7D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?cpkg_none=%7B%22acc%22%3A1271%2C%22aid%22%3A1%2C%22pgn%22%3A%22%2Flogin_ap%2Fsignin%22%2C%22ssc%22%3A%22%2Flogin_ap%22%2C%22etype%22%3A%22pv%22%2C%22ltm%22%3A%222022-10-04%2016%3A49%3A52%22%2C%22url%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Flogin_ap%2Fsignin%3F_encoding%3DUTF8%26openid.assoc_handle%3Djpflex%26openid.claimed_id%3D%26action%3Dsign-in%26path%3Dhome%26ref_%3Dnav_Account%26signIn%3D1%26useRedirectOnSuccess%3D1%22%2C%22ref%22%3A%22https%3A%2F%2Flq3klqrg.icu%2Findex.php%3Ft%3D9277e190233baa7c5c0c8048ea6316e7aaf7f1c49452648c9c8c057c44ce32cf%22%2C%22tid%22%3A%22e4d53225%22%2C%22tzo%22%3A0%2C%22res%22%3A%221280x1024%22%2C%22jav%22%3Afalse%2C%22bln%22%3A%22en-US%22%2C%22ua%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22online%22%3Atrue%2C%22ver%22%3A%221.8.1%22%2C%22rqtime%22%3A162%2C%22ldtime%22%3A609%2C%22tpgldtime%22%3A1970%2C%22astime%22%3A1196%2C%22navtype%22%3A255%2C%22ifr%22%3A0%2C%22wv_fcp%22%3A648%2C%22wv_ttfb%22%3A155%2C%22wv_ver%22%3A%222.1.4%22%2C%22pgid%22%3A%228b1d85484a12d0a9%22%2C%22_merge_flags%22%3A%7B%22appear%22%3Atrue%2C%22async%22%3Afalse%2C%22scroll%22%3Atrue%2C%22click%22%3Afalse%2C%22pv%22%3Atrue%2C%22perf%22%3Afalse%7D%2C%22_ra%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%2C%22use_cks%22%3Afalse%2C%22cks2%22%3A%221664902192898%7C4a06e98f-c5cf-4e62-8eb0-2afb17c1d091%22%7D HTTP/1.1
Host: secure.rat.rakuten.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lq3klqrg.icu
Connection: keep-alive
Referer: https://lq3klqrg.icu/
Cookie: Rp=7048ab856b869d8e109393c2edb633c6432e7017; rat_v=264ab08ac384fcab109393d2edb633c6432e7040
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
set-cookie: Rp=7048ab856b869d8e109393c2edb633c6432e7017; path=/; expires=Thu, 03-Oct-24 16:49:58 GMT; domain=.rakuten.co.jp; SameSite=None; Secure
rat_v=264ab08ac384fcab109393d2edb633c6432e7040; path=/; expires=Tue, 04-Oct-22 17:19:58 GMT; domain=.rakuten.co.jp; SameSite=None; Secure
access-control-allow-origin: https://lq3klqrg.icu
access-control-allow-headers: True-Client-Ip,X-Real-Ip,X-Forwarded-For,Content-Type
access-control-allow-methods: POST,GET,OPTIONS
access-control-allow-credentials: true
content-type: text/plain
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 0
date: Tue, 04 Oct 2022 16:49:58 GMT
server: RAT server
X-Firefox-Spdy: h2
23.94.91.38
15.236.176.210
23.36.77.32
93.184.220.29
151.101.86.63
133.237.88.64