r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11342
Expires: Wed, 08 Feb 2023 06:04:38 GMT
Date: Wed, 08 Feb 2023 02:55:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14209
Expires: Wed, 08 Feb 2023 06:52:25 GMT
Date: Wed, 08 Feb 2023 02:55:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 02:34:11 GMT
content-type: application/json
age: 1285
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
escuelamontecatini.com/petty/admin.php
216.172.143.100301 Moved Permanently 0 B URL HTTP/1.1 escuelamontecatini.com/petty/admin.php
IP 216.172.143.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /petty/admin.php HTTP/1.1
Host: escuelamontecatini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 Feb 2023 02:55:33 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.escuelamontecatini.com/petty/admin.php
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5811
Expires: Wed, 08 Feb 2023 04:32:27 GMT
Date: Wed, 08 Feb 2023 02:55:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 49tgBdtp/UV1vUh5Weg79YRLJeJbCPHyizknQZlFQ7r3x069X+tFuX2/y/So6uJGTucHPmFGemU=
x-amz-request-id: T3F3YRWEMKV0XHG4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 02:35:45 GMT
age: 1191
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 02:51:20 GMT
age: 256
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.escuelamontecatini.com/petty/admin.php
216.172.143.100200 OK 785 B URL HTTP/1.1 www.escuelamontecatini.com/petty/admin.php
IP 216.172.143.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash 3a43856b812eb1d273b4aed4c287a8e6
9092274fa65d69665f1cc8e1c9a7c02c08decc1f
aafe2eebdd620037ded05798cd45f2f0993683aee0e4812bb0c7be97d6647073
Analyzer Verdict Alert fortinet Malware
GET /petty/admin.php HTTP/1.1
Host: www.escuelamontecatini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 02:55:34 GMT
Content-Type: text/html
Content-Length: 785
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8276
Expires: Wed, 08 Feb 2023 05:13:33 GMT
Date: Wed, 08 Feb 2023 02:55:37 GMT
Connection: keep-alive
www.escuelamontecatini.com/tj.js
216.172.143.100200 OK 522 B URL HTTP/1.1 www.escuelamontecatini.com/tj.js
IP 216.172.143.100:0
File type ASCII text, with CRLF line terminators
Hash de9c4e65d83cc54fbd075aef8bd1ad54
cd096271d2c2f92e17e18b2f106674b25e6b92fb
df80a3178ae9227da3cc76bbed2d28f6b8c91b6691c83c8ada95adea16b69ec3
Analyzer Verdict Alert fortinet Malware
GET /tj.js HTTP/1.1
Host: www.escuelamontecatini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/petty/admin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 02:55:34 GMT
Content-Type: application/x-javascript
Content-Length: 522
Connection: keep-alive
push.services.mozilla.com/
34.213.53.184101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.53.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YXCHznF4dMu3e4lQBi8tAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zCuHeuh4DpZ4VgMtLHCh5Pedrj8=
www.escuelamontecatini.com/common.js
216.172.143.100200 OK 769 B URL HTTP/1.1 www.escuelamontecatini.com/common.js
IP 216.172.143.100:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash 1f0025e2ced4839e3a410625c464c24d
7db52c017bccec4fadd454850e54cbff8df3ad81
f8fc9de6becaeacdbfd05b582afc301db46b2d4e74bf17054e995a42d0e327ca
Analyzer Verdict Alert fortinet Malware
GET /common.js HTTP/1.1
Host: www.escuelamontecatini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/petty/admin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 02:55:35 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.escuelamontecatini.com/favicon.ico
216.172.143.100200 OK 785 B URL HTTP/1.1 www.escuelamontecatini.com/favicon.ico
IP 216.172.143.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash 3a43856b812eb1d273b4aed4c287a8e6
9092274fa65d69665f1cc8e1c9a7c02c08decc1f
aafe2eebdd620037ded05798cd45f2f0993683aee0e4812bb0c7be97d6647073
GET /favicon.ico HTTP/1.1
Host: www.escuelamontecatini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/petty/admin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 02:55:35 GMT
Content-Type: text/html
Content-Length: 785
Connection: keep-alive
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 127ae25c0eccce8b28fa00a9b4e205d5
f9376cc3cee8819d648fefea5e7d36999cfedaaf
2e21b86e74e7c51c24ed4c7083371f434e15a0d9b9365bfd67f914b6174a5a7c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 12 Feb 2023 01:29:13 GMT
ETag: "f9376cc3cee8819d648fefea5e7d36999cfedaaf"
Last-Modified: Wed, 08 Feb 2023 01:29:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 946
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79611667283db4eb-OSL
push.zhanzhang.baidu.com/push.js
39.156.68.163200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 08 Feb 2023 02:55:38 GMT
Etag: "4078521116"
Expires: Thu, 08 Feb 2024 02:55:38 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=147A3F6CB6BDE1DFE1BC5C7B15A7F05C:FG=1; max-age=31536000; expires=Thu, 08-Feb-24 02:55:38 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09c34e94b2ef309de6dcc5f649c1e37f
ec9c9ab7eff81e52fefa1205cda713309b413c2a
539c4c8218650d0248151ed5c070a94f0e930ebf2ff17e1481874a9ef9512289
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "539C4C8218650D0248151ED5C070A94F0E930EBF2FF17E1481874A9EF9512289"
Last-Modified: Sun, 05 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 08:55:38 GMT
Date: Wed, 08 Feb 2023 02:55:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9701
Expires: Wed, 08 Feb 2023 05:37:19 GMT
Date: Wed, 08 Feb 2023 02:55:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9701
Expires: Wed, 08 Feb 2023 05:37:19 GMT
Date: Wed, 08 Feb 2023 02:55:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9701
Expires: Wed, 08 Feb 2023 05:37:19 GMT
Date: Wed, 08 Feb 2023 02:55:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9701
Expires: Wed, 08 Feb 2023 05:37:19 GMT
Date: Wed, 08 Feb 2023 02:55:38 GMT
Connection: keep-alive
api.michael-jordan-shoes.com/news/data.php
173.231.37.253200 OK 13 kB URL HTTP/2 api.michael-jordan-shoes.com/news/data.php
IP 173.231.37.253:0
Hash ef99e432c3610f19632e806932d71e7e
e7ff272f9d5180f6d7347960bb11ba4f49e2691e
e53e78d48a54a62a16afc75da27cf278a6cc41a8602fc10225b5f4746d406b7e
Analyzer Verdict Alert fortinet Phishing
GET /news/data.php HTTP/1.1
Host: api.michael-jordan-shoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api.michael-jordan-shoes.com/news/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lXTMw2s8GxQtwjucvNYZeHL-i8ECHbdGThUV5_vn2mKEhArswcO3VA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 18815
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GIAPTJF7sfpuubLSngEDMrowvBWW5c1xRlyVf7PQ3o6rGWdFITVioA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:15:10 GMT
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
age: 16828
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:13:47 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 16911
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f90qZAgSmdYFuW_BDTZVivBlk_c5SrirTSeJmvoysOmCcOjxtFZrbA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 18815
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1R4SRNvqhRHbrDZsGB06NJbBXf8WRgJEHmXTbop8pqf8etTJSlmQwQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:05 GMT
age: 17373
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.share.baidu.com/s.gif?l=http://www.escuelamontecatini.com/petty/admin.php
182.61.201.94200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.escuelamontecatini.com/petty/admin.php
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.escuelamontecatini.com/petty/admin.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 08 Feb 2023 02:55:38 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 660e1a915e08716f2a1176818edcebc8
dbac9756614423250ecae086ceab6072f825c7c8
79ececcaa21d2ee1f826f5d68cdc3ccab321f42f00fb403c4416b66b55a22fed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79ECECCAA21D2EE1F826F5D68CDC3CCAB321F42F00FB403C4416B66B55A22FED"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18119
Expires: Wed, 08 Feb 2023 07:57:38 GMT
Date: Wed, 08 Feb 2023 02:55:39 GMT
Connection: keep-alive
hm.baidu.com/hm.js?c474436d5bc7cee506c910c61997f30d
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?c474436d5bc7cee506c910c61997f30d
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (621)
Hash 47e2ca86e3d9eaeabdc1eb44da1b9459
3fb4f92bd48d041bae0032f6e6ed98a25a4fba6b
858f355c9eef7beb4dcae74332396d34b517d0ba25797434ca3169675a51dfdd
GET /hm.js?c474436d5bc7cee506c910c61997f30d HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 02:55:38 GMT
Etag: bc441db24a39ee31e9ced37ed7c104a0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5EDC64E1AEEC40AE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?9eba9c73888b3518f4370780e5c8ba18
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?9eba9c73888b3518f4370780e5c8ba18
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash d1d9230637e183605f71edaa83ee28fd
15b726a201b6e4bd70a71b6e2038115794877721
c60b1dc8814c956523a203e2616634fa5569606164dc16aaab93051f32e74db0
GET /hm.js?9eba9c73888b3518f4370780e5c8ba18 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 02:55:38 GMT
Etag: aa4b98c2c4c5f6235cc48c84a5545c5c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C1E1C3FCB31C42F8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2138666942&si=c474436d5bc7cee506c910c61997f30d&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2138666942&si=c474436d5bc7cee506c910c61997f30d&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2138666942&si=c474436d5bc7cee506c910c61997f30d&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 02:55:39 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A4201B40D4EFFD0C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=589964528&si=9eba9c73888b3518f4370780e5c8ba18&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=589964528&si=9eba9c73888b3518f4370780e5c8ba18&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=589964528&si=9eba9c73888b3518f4370780e5c8ba18&v=1.3.0&lv=1&sn=29507&r=0&ww=1280&u=http%3A%2F%2Fwww.escuelamontecatini.com%2Fpetty%2Fadmin.php&tt=%E8%8A%9C%E6%B9%96%E6%9C%97%E6%8E%A5%E6%B1%BD%E8%BD%A6%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 02:55:39 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=31F99BAA02DA127E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4dc88b9a3f967f99e7b007a1497abec5
af448880b6aec99c217242403da76197975e3de5
f781a71f316fb29b3017e219d4a0051b7f2ef9391bd1535ad8f154236264d043
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F781A71F316FB29B3017E219D4A0051B7F2EF9391BD1535AD8F154236264D043"
Last-Modified: Mon, 06 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 08:55:40 GMT
Date: Wed, 08 Feb 2023 02:55:40 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/hbPwqkIUI0o
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hbPwqkIUI0o
IP 142.250.74.3:0
Hash e4cd585ac43459db1e1a31849aabcff7
3e40dd0868595b46d912d7eb5a6869db7a3b4e41
a4308b7d07fae2a2ce1db6d2425e6474bf9a156393f4723e3bd19e6d7a60ca69
POST /s/gts1p5/hbPwqkIUI0o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.xkys173.xyz/template/m1938pc/static/css/swiper.min.css
173.231.37.199200 OK 92 kB URL HTTP/2 www.xkys173.xyz/template/m1938pc/static/css/swiper.min.css
IP 173.231.37.199:0
Hash 1914cdf5936a7ed80272102f3e6f1cba
a39aa730b8d8f040a12477baed5c92073bbf144d
8e427a77852f8d8d8ab1f2f32878780c0c30a8a6d8d00128cc98446c07aa5347
GET /template/m1938pc/static/css/swiper.min.css HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/css
last-modified: Fri, 03 Sep 2021 13:56:16 GMT
vary: Accept-Encoding
etag: W/"61322980-4562"
expires: Wed, 08 Feb 2023 14:55:39 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61437fdd9c2112a410cd5be01caa172b
bdcadf297294bed3e30bc11011fd89a090cdedda
dff3afcfcbe715e29d5bf243a759267ade50e757a0f487bfc51171710a1caa7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Etag: "63e26643-117"
Last-Modified: Wed, 08 Feb 2023 01:46:44 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61437fdd9c2112a410cd5be01caa172b
bdcadf297294bed3e30bc11011fd89a090cdedda
dff3afcfcbe715e29d5bf243a759267ade50e757a0f487bfc51171710a1caa7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Etag: "63e26643-117"
Last-Modified: Wed, 08 Feb 2023 01:46:44 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61437fdd9c2112a410cd5be01caa172b
bdcadf297294bed3e30bc11011fd89a090cdedda
dff3afcfcbe715e29d5bf243a759267ade50e757a0f487bfc51171710a1caa7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Etag: "63e26643-117"
Last-Modified: Wed, 08 Feb 2023 01:46:44 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61437fdd9c2112a410cd5be01caa172b
bdcadf297294bed3e30bc11011fd89a090cdedda
dff3afcfcbe715e29d5bf243a759267ade50e757a0f487bfc51171710a1caa7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Etag: "63e26643-117"
Last-Modified: Wed, 08 Feb 2023 01:46:44 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1p5/hbPwqkIUI0o
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hbPwqkIUI0o
IP 142.250.74.3:0
Hash e4cd585ac43459db1e1a31849aabcff7
3e40dd0868595b46d912d7eb5a6869db7a3b4e41
a4308b7d07fae2a2ce1db6d2425e6474bf9a156393f4723e3bd19e6d7a60ca69
POST /s/gts1p5/hbPwqkIUI0o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6951718e51f8862d7b17581e048735d3
a174a5899d8b47054218e9f59f3b7eaeea7f28f2
72159eaaf266cc756a7b794a7e9b7a8aadd9eb82db4aae718d9a79dca21c0197
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72159EAAF266CC756A7B794A7E9B7A8AADD9EB82DB4AAE718D9A79DCA21C0197"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2993
Expires: Wed, 08 Feb 2023 03:45:33 GMT
Date: Wed, 08 Feb 2023 02:55:40 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/IOl1ekfxYGk
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/IOl1ekfxYGk
IP 142.250.74.3:0
Hash 78a219c69a97bcff01f07204b91cdb3f
2a1c2f4b4ea8a2a8e35cd5cb6559e8c2b7298449
9d0bdf712c014655f5cfad226386684435cb794c9c5ee3d4af8578d8dfbec825
POST /s/gts1p5/IOl1ekfxYGk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tupku.top/lm/031815-80.gif
188.114.97.1200 OK 1.6 MB URL HTTP/2 www.tupku.top/lm/031815-80.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /lm/031815-80.gif HTTP/1.1
Host: www.tupku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/gif
content-length: 1626999
last-modified: Thu, 07 Jul 2022 15:13:11 GMT
etag: "62c6f807-18d377"
expires: Fri, 03 Mar 2023 18:21:21 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 549121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PB3DnDz4B53XA51R61mOB%2F42SDyWMtkD4rT1AFsmYqOvsxOpeumEtPk3WKfCay197SM3Zi1bNzmGFKx8KoUi5EbOGxkf7xazTC2jr6FYIPyCN9PV6%2FaxrVisUnWeaywh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7961167719a70b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ytys26.site/template/m1938pc/html9/ads/gg.jpg
173.231.60.166200 OK 68 kB URL HTTP/2 ytys26.site/template/m1938pc/html9/ads/gg.jpg
IP 173.231.60.166:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 966x60, components 3\012- data
Hash baf3ead116697719af11a6338b9c06ef
878caf7124ab95c66229744d4f3928d47ef21eed
4610d108db80b54e2386d21d95bd80463a6082bd1c7af2c23c2a69969b9e4ea4
GET /template/m1938pc/html9/ads/gg.jpg HTTP/1.1
Host: ytys26.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/jpeg
content-length: 68106
last-modified: Sat, 15 Jan 2022 03:01:34 GMT
etag: "61e2390e-10a0a"
expires: Fri, 10 Mar 2023 02:55:40 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/3wjnxxkghyo.jpg
104.22.13.214200 OK 7.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/3wjnxxkghyo.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3007f5c7eb7a3db6bf2beb89ebb3a0e4
5a20d9e8cede60638b8a150945b5f1116e7a8dfa
352d90e2766e53582d6dd2f8f00d6fb0f68943ab91edabd8a21a006e0ed3d206
GET /upload/vod/2023/02/3wjnxxkghyo.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7270
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8582
content-disposition: inline; filename="3wjnxxkghyo.webp"
etag: "63e24317-2186"
last-modified: Tue, 07 Feb 2023 12:24:55 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116751bd4b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/2cbllq4w1oa.jpg
104.22.13.214200 OK 8.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/2cbllq4w1oa.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 952101eb115ba6635cc67d7d7e1803ee
bdfff60effdf724a91162ed96bb9308b66a150f7
5e21309dbaf719b24701dba17a4012171499afaff7cbba1ffed466348811e7e5
GET /upload/vod/2023/02/2cbllq4w1oa.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8784
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9291
content-disposition: inline; filename="2cbllq4w1oa.webp"
etag: "63e241a7-244b"
last-modified: Tue, 07 Feb 2023 12:18:47 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be2b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/qxjggnxtoan.jpg
104.22.13.214200 OK 6.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/qxjggnxtoan.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9a0769118ff579e311de931db76f9d89
7ae832dea6d2b6604607264e2293460056daed96
b728d364f8637007a42976c99c5b1ea809d28f03d4573105faa19664484a32b7
GET /upload/vod/2023/02/qxjggnxtoan.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 6110
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7302
content-disposition: inline; filename="qxjggnxtoan.webp"
etag: "63de03ea-1c86"
last-modified: Sat, 04 Feb 2023 07:06:18 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752befb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/zedlbberqkv.jpg
104.22.13.214200 OK 7.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/zedlbberqkv.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 09edc7891483e1d9b54d0ea222dda1fe
4426fa0ee47c5fabd15fefc4b3479c2687ce0556
da97b17ae62f933334023b6af3d1d67bd8e9fee9aa39d3957df01f151ac33c8f
GET /upload/vod/2023/02/zedlbberqkv.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7378
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8661
content-disposition: inline; filename="zedlbberqkv.webp"
etag: "63de03e2-21d5"
last-modified: Sat, 04 Feb 2023 07:06:10 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752becb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/1its3ygvjxp.jpg
104.22.13.214200 OK 7.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/1its3ygvjxp.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 56b82e5b4d70c6589d9b55a92978de58
dda38e3b9754e3e31cf980b042de59f115ba7d2b
04748fc447d60332b2ae73b7e97a680e55dc0e98c63f2f785584c13a3a636100
GET /upload/vod/2023/02/1its3ygvjxp.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7734
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9445
content-disposition: inline; filename="1its3ygvjxp.webp"
etag: "63e241c3-24e5"
last-modified: Tue, 07 Feb 2023 12:19:15 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be8b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/hwulaphprr3.jpg
104.22.13.214200 OK 7.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/hwulaphprr3.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3c5a5d5bff811c273c8f4f8c2aab34cd
68d03094eba7e6f640f39cca61e67efb7f30a8f6
12fe2cefa43c14d34e1fc8e5190c374c0a9e95cc16d96a4963ed188f5ec56678
GET /upload/vod/2023/02/hwulaphprr3.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 6976
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8303
content-disposition: inline; filename="hwulaphprr3.webp"
etag: "63e241b9-206f"
last-modified: Tue, 07 Feb 2023 12:19:05 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be6b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/vuhfl03jo0v.jpg
104.22.13.214200 OK 3.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/vuhfl03jo0v.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1d8d3f2629dc90571888a3d636f5fc10
171519d4b6ffc39eec69f4bc3fc5aafc5e1230eb
565d309f9f339e28cb6c04042400273cc5c8fe944ab661a166fcdcf381f6c186
GET /upload/vod/2023/02/vuhfl03jo0v.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 3836
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=5834
content-disposition: inline; filename="vuhfl03jo0v.webp"
etag: "63e24322-16ca"
last-modified: Tue, 07 Feb 2023 12:25:06 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bd8b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/2wx2lb4wuf0.jpg
104.22.13.214200 OK 5.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/2wx2lb4wuf0.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1edd2e931db846b3947020c0e36d28f8
326f155f65b70793b143b5528d8d0c3bef8f29d2
b6d395b6739df8369f98c4c01285b39c165e07bb3fa1fb21a71344098eb8d304
GET /upload/vod/2023/02/2wx2lb4wuf0.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 5212
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7292
content-disposition: inline; filename="2wx2lb4wuf0.webp"
etag: "63e24196-1c7c"
last-modified: Tue, 07 Feb 2023 12:18:30 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bddb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/1t2dr5lde2m.jpg
104.22.13.214200 OK 7.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/1t2dr5lde2m.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4a2269f9baa20f6dc23fabd2cd0f18f9
72b5d1a85a172aaeeebee51b8692a5cea5d8481b
b370216435e7ad50b238b858f7d07e8dbcc3c41bcb4891bd2dd784aec8e1b5d2
GET /upload/vod/2023/02/1t2dr5lde2m.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7428
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9024
content-disposition: inline; filename="1t2dr5lde2m.webp"
etag: "63e2430d-2340"
last-modified: Tue, 07 Feb 2023 12:24:45 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116753bfcb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/ueryc14n2yo.jpg
104.22.13.214200 OK 5.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/ueryc14n2yo.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d57ef069029d64561df33a8d842b0db8
2d38f8c990873b090f3b699fe260220b3bc594f3
c2f778b823a95d657d7466e2f2a6ac1b99d10e82391428822a635a96053381c4
GET /upload/vod/2023/02/ueryc14n2yo.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 5084
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7041
content-disposition: inline; filename="ueryc14n2yo.webp"
etag: "63e241b0-1b81"
last-modified: Tue, 07 Feb 2023 12:18:56 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be4b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/2qbtcutbqkm.jpg
104.22.13.214200 OK 8.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/2qbtcutbqkm.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 31e5df792b7ef16820298add802038de
581ff0e71f2e34d47632bee30500f0dfe777410a
7e12fd7b783eafddcf81233777a768e4e4863b7c9dfe99cc485c99e959e8dbaf
GET /upload/vod/2023/02/2qbtcutbqkm.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8210
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9167
content-disposition: inline; filename="2qbtcutbqkm.webp"
etag: "63e2431f-23cf"
last-modified: Tue, 07 Feb 2023 12:25:03 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bd7b4f1-OSL
X-Firefox-Spdy: h2
www.xkys173.xyz/
173.231.37.199200 OK 14 kB IP 173.231.37.199:0
Hash d35a904a0922f7b964387767b3e109eb
66768b284fc77e31fabecf37769f361032a95d1d
bec6f68ab09fbe72d2d9394e4a5f0c2a09c8caf508935caf6c2f8816c62c1ccc
GET / HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://api.michael-jordan-shoes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/simgw1ltspx.jpg
104.22.13.214200 OK 7.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/simgw1ltspx.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ace73bf48c95a46fd48a872bcd7d4829
22ee2e0911bbcaab0af75d740c534f7feeba9044
5203917ca733c54142c22e9688e93af9e371ccb15f551f39ad71df67ea5d78e6
GET /upload/vod/2023/02/simgw1ltspx.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7294
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8328
content-disposition: inline; filename="simgw1ltspx.webp"
etag: "63e2419b-2088"
last-modified: Tue, 07 Feb 2023 12:18:35 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bdeb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/regx0dal15t.jpg
104.22.13.214200 OK 4.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/regx0dal15t.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 94b61069d1630c0faa23d19d8fef0797
167bdc84a8da3045c4e6e0d3560a352c19af5f9e
548e322b4478849c7f00edb3002692f571e8a066886b7203a363d450bd2251db
GET /upload/vod/2023/02/regx0dal15t.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 4926
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6038
content-disposition: inline; filename="regx0dal15t.webp"
etag: "63e2419f-1796"
last-modified: Tue, 07 Feb 2023 12:18:39 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be0b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/zisw2mhupnp.jpg
104.22.13.214200 OK 7.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/zisw2mhupnp.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 42bdb79cb8ebac8e03c12879b605eec7
f6c8e8f952d2ea00862aa367a5d81a420dc06264
16c7ac5154a7580c66247da1733c3681863be5e6cc1fb10b502fb37903456831
GET /upload/vod/2023/02/zisw2mhupnp.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7882
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9418
content-disposition: inline; filename="zisw2mhupnp.webp"
etag: "63e241a3-24ca"
last-modified: Tue, 07 Feb 2023 12:18:43 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be1b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/fiwszslpasa.jpg
104.22.13.214200 OK 7.2 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/fiwszslpasa.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4f5854bc30f035a2ec87790e8e75effd
b55d4144f56473c738dbf1f351d20a7bee8fd022
9a4cd40bb2bc38b50610e1c1b33f4100ef9c2cd445a89e30a725a1da780bb61e
GET /upload/vod/2023/02/fiwszslpasa.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7200
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8894
content-disposition: inline; filename="fiwszslpasa.webp"
etag: "63e241b5-22be"
last-modified: Tue, 07 Feb 2023 12:19:01 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be5b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/mmwfvomjjxy.jpg
104.22.13.214200 OK 4.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/mmwfvomjjxy.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4cb10ee9d062d727752903b34abc7e58
6fc5f25bde7c932d8e52ea1dabeb922a80769b93
5190c14185ce97c05e6bc083eb60a0060272f45ba46c59e5743f35ef7a22ca7f
GET /upload/vod/2023/02/mmwfvomjjxy.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 4062
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6212
content-disposition: inline; filename="mmwfvomjjxy.webp"
etag: "63e2431b-1844"
last-modified: Tue, 07 Feb 2023 12:24:59 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bd6b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/c3pggrcz0b0.jpg
104.22.13.214200 OK 7.8 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/c3pggrcz0b0.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 751a2e313cc51557c75c10b012a7f42c
8612173aff9c520439cfcb65c1b59440ef5c3883
ac63f1614ce09dd76d0a4786c89e344df6f80814ed0ebb504ccc842b5779facb
GET /upload/vod/2023/02/c3pggrcz0b0.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7750
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8868
content-disposition: inline; filename="c3pggrcz0b0.webp"
etag: "63e241ac-22a4"
last-modified: Tue, 07 Feb 2023 12:18:52 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be3b4f1-OSL
X-Firefox-Spdy: h2
www.xkys173.xyz/template/m1938pc/static/css/style.css
173.231.37.199200 OK 22 kB URL HTTP/2 www.xkys173.xyz/template/m1938pc/static/css/style.css
IP 173.231.37.199:0
Hash f94aaf9f1f950cc2d5ce72b236ed0d1c
6e33bf1b1a6b758d01438978d0243dc7e908ffd8
90843cde6a250c80f00cad8ca686fd3b9a93880f3dae92db837b9225ff30806c
GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/css
last-modified: Fri, 03 Sep 2021 13:56:16 GMT
vary: Accept-Encoding
etag: W/"61322980-eb02"
expires: Wed, 08 Feb 2023 14:55:39 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/l3zhbo1rndw.jpg
104.22.13.214200 OK 6.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/l3zhbo1rndw.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 48009b7f14e018a8dc7d456c7727b8b2
27040bf1c74bb4c532848bc102381a4c21d109bd
1d444cc7e70c5e9d7544dc430b6acf6ab20ce82f3951479e8a1b7ced1d6bb4da
GET /upload/vod/2023/02/l3zhbo1rndw.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 5974
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8587
content-disposition: inline; filename="l3zhbo1rndw.webp"
etag: "63e241be-218b"
last-modified: Tue, 07 Feb 2023 12:19:10 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752be7b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/p3s0kspkex1.jpg
104.22.13.214200 OK 4.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/p3s0kspkex1.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7016e1c814acdd33f5333a3f7c44ead0
f382efe1a190a05a704b61b97ec59f2ba50c0f02
0b71e91d2c53bdc682865459a6b35639eadbcbdff0006916ded063269edcaa89
GET /upload/vod/2023/02/p3s0kspkex1.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 4444
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6753
content-disposition: inline; filename="p3s0kspkex1.webp"
etag: "63de03d8-1a61"
last-modified: Sat, 04 Feb 2023 07:06:00 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752beab4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/c1k2oy4ottt.jpg
104.22.13.214200 OK 7.7 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/c1k2oy4ottt.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d599d63584a0a983309ddadb000c6cd4
7711f2fc45abe30fa8ecaf1879f0d36a133935a9
5906d0a535d49106cc69279df3d7c4b6ac73634ebae15c199622402e64e535ed
GET /upload/vod/2023/02/c1k2oy4ottt.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7686
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8408
content-disposition: inline; filename="c1k2oy4ottt.webp"
etag: "63de03e6-20d8"
last-modified: Sat, 04 Feb 2023 07:06:14 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752beeb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/qsyjgeaf2td.jpg
104.22.13.214200 OK 8.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/qsyjgeaf2td.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 95a5ddf28222838f8bda98da6011e767
7d3bc6a2cedf43e311b65f2d7aed8f0bfdcb7c11
716e1865915c808ee61d8bf8df11c39e835b6a870eedcdfaa9b2d7106a05b075
GET /upload/vod/2023/02/qsyjgeaf2td.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8278
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8994
content-disposition: inline; filename="qsyjgeaf2td.webp"
etag: "63de03dd-2322"
last-modified: Sat, 04 Feb 2023 07:06:05 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bebb4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/qwfkmxjfaun.jpg
104.22.13.214200 OK 8.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/qwfkmxjfaun.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0e22243669f6fa4cb6c2228b914bf4f6
c9bf3cc341f792367f017288ad5a797552fbe459
2c4a42fc2cbe4d6029a6cb3a7216594f253285784268c5d901c311178d725619
GET /upload/vod/2023/02/qwfkmxjfaun.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8032
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8797
content-disposition: inline; filename="qwfkmxjfaun.webp"
etag: "63de03ef-225d"
last-modified: Sat, 04 Feb 2023 07:06:23 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf0b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/aolrrmbg2mk.jpg
104.22.13.214200 OK 8.1 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/aolrrmbg2mk.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a352e32cafcb52a9ca4f0076d51dc629
be66efd5ade38f70d417bfd93443dd20be71678b
e1882fcd580d9ee1692239f85478f4676262195d57cecd66ecb3d98d6b9a9f8e
GET /upload/vod/2023/02/aolrrmbg2mk.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8088
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9539
content-disposition: inline; filename="aolrrmbg2mk.webp"
etag: "63de03f7-2543"
last-modified: Sat, 04 Feb 2023 07:06:31 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf2b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/rot4nuboeb4.jpg
104.22.13.214200 OK 6.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/rot4nuboeb4.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a5dfc1c6e1397e9a11392aa0b26fc408
fc888528a53c544b0be58af963da3fb15a62f2ac
87d10a037171eb9e38d505aa22d2117f1664e2017f84780213400f033a432b73
GET /upload/vod/2023/02/rot4nuboeb4.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 6360
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7551
content-disposition: inline; filename="rot4nuboeb4.webp"
etag: "63de03fb-1d7f"
last-modified: Sat, 04 Feb 2023 07:06:35 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf3b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/j1xeiinvz2r.jpg
104.22.13.214200 OK 7.3 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/j1xeiinvz2r.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0b77c3d4faf01376894ad808b86036cc
254de6e1f551fc2faae80c3f8ed7d98db6843a65
9ba823389140f6019f058822dbb9622feb1d65235afb3ff31c534f4e0897e5cd
GET /upload/vod/2023/02/j1xeiinvz2r.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 7334
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8372
content-disposition: inline; filename="j1xeiinvz2r.webp"
etag: "63de03ff-20b4"
last-modified: Sat, 04 Feb 2023 07:06:39 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf4b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/m54uhxmtkwm.jpg
104.22.13.214200 OK 9.0 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/m54uhxmtkwm.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2b72b2bb013928e068addd059d60a6af
e0466c1c17c2f3ec8c529bfae6a064a9cba3c57d
1d87227af8f7c1f37c04e2241a51a3ea2411d50e0680507d6e1c9e258e3d7cde
GET /upload/vod/2023/02/m54uhxmtkwm.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 8986
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9712
content-disposition: inline; filename="m54uhxmtkwm.webp"
etag: "63de03f3-25f0"
last-modified: Sat, 04 Feb 2023 07:06:27 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf1b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/srbwrnh5mff.jpg
104.22.13.214200 OK 9.9 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/srbwrnh5mff.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6998914de1d46b781e085fe8a58c09f8
d7460917558ea6e6faa958652950b2817fe293ff
4d8125f5ac1a776eb854e30f10df335dd97283bcf032b7bcbe3a1aae7bad59db
GET /upload/vod/2023/02/srbwrnh5mff.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 9862
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11099
content-disposition: inline; filename="srbwrnh5mff.webp"
etag: "63de0404-2b5b"
last-modified: Sat, 04 Feb 2023 07:06:44 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf5b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/xagvi3ax43d.jpg
104.22.13.214200 OK 11 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/xagvi3ax43d.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f74db08d821c15d1ab6e96d506373a64
594dbc4ece30367d5e62a2edfeb0509a9b1381dd
c1f716747396c67ea19bf6714fc9b635ad7d33e52219e971775a097feaa56c52
GET /upload/vod/2023/02/xagvi3ax43d.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 10630
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=11504
content-disposition: inline; filename="xagvi3ax43d.webp"
etag: "63de0408-2cf0"
last-modified: Sat, 04 Feb 2023 07:06:48 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116752bf6b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/celplrbqlj2.jpg
104.22.13.214200 OK 690 B URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/celplrbqlj2.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 19d4d95359b13540266523c02d153e51
657843c2efc999aa0175ea67ea3fd74641d4e0d2
be10a569cef8110c9b93e33303c7e55436beb4fa9b1cddad10d982d949b04c59
GET /upload/vod/2023/02/celplrbqlj2.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 690
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=2545
content-disposition: inline; filename="celplrbqlj2.webp"
etag: "63e24300-9f1"
last-modified: Tue, 07 Feb 2023 12:24:32 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116753c01b4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/ygkuvdsg0b2.jpg
104.22.13.214200 OK 6.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/ygkuvdsg0b2.jpg
IP 104.22.13.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5d771c72a4f7aad114a3c97c286e8c07
70e29221fd9c7ba0c9d45be305c9b4155fd08875
95895acafc08e98c2d5c29c0ac9f6b02c1b448094adb6d13918e0ae424aff58b
GET /upload/vod/2023/02/ygkuvdsg0b2.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/webp
content-length: 6408
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8180
content-disposition: inline; filename="ygkuvdsg0b2.webp"
etag: "63e24312-1ff4"
last-modified: Tue, 07 Feb 2023 12:24:50 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 796116753c07b4f1-OSL
X-Firefox-Spdy: h2
www.xkys173.xyz/template/m1938pc/static/css/mm-content.css
173.231.37.199200 OK 7.3 kB URL HTTP/2 www.xkys173.xyz/template/m1938pc/static/css/mm-content.css
IP 173.231.37.199:0
Hash 09ae1fbfb47e9b8d5ef43039da4ae903
e0a1fa3487fa32e55fe8f09069660adda9b9e14d
dec17da21708fb968b7a4f33643bcdffacc90a637acdaee16d3953ec19486914
GET /template/m1938pc/static/css/mm-content.css HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 22:03:46 GMT
vary: Accept-Encoding
etag: W/"61e0a1c2-1a9c"
expires: Wed, 08 Feb 2023 14:55:39 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/p1ebj5epr4m.jpg
104.22.13.214200 OK 8.4 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/p1ebj5epr4m.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 772a9127916e83851842d1d80324bfbf
5df262001f0c65a4d8b898bf2d43d0ececddef08
c96fec91a9e475cbee946c816886c583d82dab35ff10aa1815228c3e55d2d3f6
GET /upload/vod/2023/02/p1ebj5epr4m.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/jpeg
content-length: 8391
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8940, status=webp_bigger
etag: "63e24326-22ec"
last-modified: Tue, 07 Feb 2023 12:25:10 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796116752bdab4f1-OSL
X-Firefox-Spdy: h2
lbfm.lbpictupian.com/upload/vod/2023/02/mjvas5hdwhw.jpg
104.22.13.214200 OK 9.6 kB URL HTTP/2 lbfm.lbpictupian.com/upload/vod/2023/02/mjvas5hdwhw.jpg
IP 104.22.13.214:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash ed4cc3bb829c3839cd2f42d548de692b
dd14ed5599ce2850e15968684cab7f60d4d5c571
bdd25757b35be54fda8622658687416db2093496fca9b959cc92bcee574eaa0e
GET /upload/vod/2023/02/mjvas5hdwhw.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:40 GMT
content-type: image/jpeg
content-length: 9609
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10203, status=webp_bigger
etag: "63e241c8-27db"
last-modified: Tue, 07 Feb 2023 12:19:20 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796116752be9b4f1-OSL
X-Firefox-Spdy: h2
www.xkys173.xyz/template/m1938pc/static/css/white.css
173.231.37.199200 OK 21 kB URL HTTP/2 www.xkys173.xyz/template/m1938pc/static/css/white.css
IP 173.231.37.199:0
Hash fef329e3bfbc488747f161c9b731a130
544b35c9f1a6b05001286edbb3e18cd7354d124f
f23c5096eb9d505f902b53f572d47bcb0bca0763b308ac5ad8b8f6eb7370165f
GET /template/m1938pc/static/css/white.css HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/css
last-modified: Fri, 03 Sep 2021 13:56:16 GMT
vary: Accept-Encoding
etag: W/"61322980-2879"
expires: Wed, 08 Feb 2023 14:55:39 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?a7ffddb99ad729b9bdc3c32a1c430da8
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?a7ffddb99ad729b9bdc3c32a1c430da8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash ceb4031343b119c35532197d389a1bae
1408e87e5d81bdc8d81028779bab018469dad9cb
bce62a127f627e6d5d06a48beaf1c6ab6cd3d8ecb0de8e53231e9a32c5cb01b0
GET /hm.js?a7ffddb99ad729b9bdc3c32a1c430da8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 02:55:40 GMT
Etag: a4ee0e3fd1e56ea8d9616742d14cf51e
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0899008BEE0A38B8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 8623f57da27cbcdc2273fc649886d7fa
2e438a4b7314281354b40dccbbedace938a4419f
b31a27299c8f82bc4ff6bf56bb6938f6dbe165b29ee840a6fb7ed02e417d5d5b
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 12 Feb 2023 01:53:17 GMT
ETag: "2e438a4b7314281354b40dccbbedace938a4419f"
Last-Modified: Wed, 08 Feb 2023 01:53:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 243
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796116789db40b3d-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 8623f57da27cbcdc2273fc649886d7fa
2e438a4b7314281354b40dccbbedace938a4419f
b31a27299c8f82bc4ff6bf56bb6938f6dbe165b29ee840a6fb7ed02e417d5d5b
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 12 Feb 2023 01:53:17 GMT
ETag: "2e438a4b7314281354b40dccbbedace938a4419f"
Last-Modified: Wed, 08 Feb 2023 01:53:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 243
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79611678adbc0b3d-OSL
ocsp.pki.goog/s/gts1p5/IOl1ekfxYGk
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/IOl1ekfxYGk
IP 142.250.74.3:0
Hash 78a219c69a97bcff01f07204b91cdb3f
2a1c2f4b4ea8a2a8e35cd5cb6559e8c2b7298449
9d0bdf712c014655f5cfad226386684435cb794c9c5ee3d4af8578d8dfbec825
POST /s/gts1p5/IOl1ekfxYGk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash de3dba345f3aaa5d0a8ccef00dc14956
94767174c5c5beb62b9eeb575f5e059ea8cc68aa
34bd8a45b08326f5272cbd3aadcbb1a573312fb6d63239ceccc6d74a0eac7090
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:41 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 20:13:20 GMT
Expires: Sat, 11 Feb 2023 20:13:19 GMT
Etag: "94767174c5c5beb62b9eeb575f5e059ea8cc68aa"
Cache-Control: max-age=320857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7961167a48190b02-OSL
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=259062665&si=a7ffddb99ad729b9bdc3c32a1c430da8&su=https%3A%2F%2Fapi.michael-jordan-shoes.com%2F&v=1.3.0&lv=1&sn=29508&r=0&ww=1268&u=https%3A%2F%2Fwww.xkys173.xyz%2F&tt=%E6%98%9F%E7%A9%BA%E5%BD%B1%E8%A7%86
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=259062665&si=a7ffddb99ad729b9bdc3c32a1c430da8&su=https%3A%2F%2Fapi.michael-jordan-shoes.com%2F&v=1.3.0&lv=1&sn=29508&r=0&ww=1268&u=https%3A%2F%2Fwww.xkys173.xyz%2F&tt=%E6%98%9F%E7%A9%BA%E5%BD%B1%E8%A7%86
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=259062665&si=a7ffddb99ad729b9bdc3c32a1c430da8&su=https%3A%2F%2Fapi.michael-jordan-shoes.com%2F&v=1.3.0&lv=1&sn=29508&r=0&ww=1268&u=https%3A%2F%2Fwww.xkys173.xyz%2F&tt=%E6%98%9F%E7%A9%BA%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 02:55:41 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=58EE47C6AFF77E5A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
taiwtp1.com/img/96080.gif
220.128.218.220200 OK 73 kB URL HTTP/2 taiwtp1.com/img/96080.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 960 x 80\012- data
Hash 3786e56d6d1ab748179b5cdcc97e0dc1
a1fabf9e794492452aeddae395618e245e892805
830e9e2171ca93ba4618970ee447880c54d99edc65aa4b26fa4e02c2fb963982
GET /img/96080.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:48:36 GMT
content-type: image/gif
content-length: 73157
last-modified: Thu, 07 Apr 2022 05:41:32 GMT
etag: "624e798c-11dc5"
expires: Fri, 10 Mar 2023 02:48:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 4a07b64336f57540295f56731f316c03
dc39885721c65da38f7d152f7eeba919d07154a6
d79215a4a8c6c426d2943af77e06c9dad5fc32db1d6f5ab65174a4454600fa17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 332
Cache-Control: max-age=155096
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:41 GMT
Etag: "63e2c8b9-2d7"
Expires: Thu, 09 Feb 2023 22:00:37 GMT
Last-Modified: Tue, 07 Feb 2023 21:55:05 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 4a07b64336f57540295f56731f316c03
dc39885721c65da38f7d152f7eeba919d07154a6
d79215a4a8c6c426d2943af77e06c9dad5fc32db1d6f5ab65174a4454600fa17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1160
Cache-Control: max-age=155924
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:41 GMT
Etag: "63e2c8b9-2d7"
Expires: Thu, 09 Feb 2023 22:14:25 GMT
Last-Modified: Tue, 07 Feb 2023 21:55:05 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 727
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 683736902a8d22fed5d737d7b89b53a9
e6dc181a8021d8b92557380a3f5223845173f2f5
39466b0358e49bb6f7a17087fcf2cbdf0e5bdd0e3f16c6544c7fec4d0adac991
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 05:15:38 GMT
Expires: Tue, 14 Feb 2023 05:15:37 GMT
Etag: "e6dc181a8021d8b92557380a3f5223845173f2f5"
Cache-Control: max-age=526195,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7961167cac3fb4fa-OSL
p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
47.246.44.227200 OK 489 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 489 kB (488987 bytes)
Hash 6a7d54ecdc2d1cce357d304db217ccec
03a803d54b6a1dd16cba5d73bf4e732d8b7be263
7cd4479b97a015f11a04b2d7d94fbe78030a7e0e3de457bf72abdbf53235c7d8
GET /obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 488987
date: Sun, 08 Jan 2023 17:06:37 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 08 Jan 2023 17:06:30 GMT
nw-session-id: 20230109010630237CE87A1B921E9239855b2gs03dy
nw-session-trace: 2023-01-09T01:06:30.090734007+08:00 32
x-bdcdn-cache-status: TCP_HIT
x-length: 488987
x-powered-by: ImageX
x-response-date: Mon, 09 Jan 2023 01:06:30 GMT
x-tt-logid: 20230109010630237CE87A1B921E923985
via: n150-050-052, cache4.l2de2[0,0,206-0,H], cache17.l2de2[0,0], cache17.l2de2[1,0], cache4.se1[0,0,200-0,H], cache8.se1[8,0]
x-request-ip: fdbd:dc02:20:277::30
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=8
x-tt-trace-host: 016ce8fa9a4734806856c36302115b4d3b62e2f46a5e22340a9e0afd68f42535f61b40eb4c87b4eb4d08a76657d3a06f06c194c2fa0f2a8796bc9ed45e4b03583aa8472a5bf216acbaf65500914d0b34d0a0dc701fd8b2ff6e1948ab36c3d97f4f
x-response-lb: image
ali-swift-global-savetime: 1673197598
age: 2627343
x-cache: HIT TCP_MEM_HIT dirn:4:51830946
x-swift-savetime: Sun, 08 Jan 2023 17:16:00 GMT
x-swift-cachetime: 31535438
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9c16758249415337910e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/244c10981c0a4c8196495e2d1084a386
47.246.44.227200 OK 692 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/244c10981c0a4c8196495e2d1084a386
IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 980 x 100\012- data
Size 692 kB (691630 bytes)
Hash b6dd09177e0900be3cd92639db50d4d5
11ffecf7a637b478643667537adb2cfb8d9f1344
d94053130fdef6fdacba859906211f52504c2187551bf9934f2024b633486370
GET /obj/tos-cn-i-dy/244c10981c0a4c8196495e2d1084a386 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 691630
date: Mon, 06 Feb 2023 11:07:53 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 06 Feb 2023 11:07:53 GMT
nw-session-id: 2023020619075316FE2203AED230C56212sj6mx03dy
nw-session-trace: 2023-02-06T19:07:53.071573089+08:00 26
x-bdcdn-cache-status: TCP_MISS
x-length: 691630
x-powered-by: ImageX
x-response-date: Mon, 06 Feb 2023 19:07:53 GMT
x-tt-logid: 2023020619075316FE2203AED230C56212
via: n150-055-204, cache26.l2de2[0,0,206-0,H], cache12.l2de2[0,0], cache12.l2de2[1,0], cache4.se1[0,0,200-0,H], cache8.se1[6,0]
x-request-ip: fdbd:dc02:22:88::209
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=6
x-tt-trace-host: 0182f845e296c9032c2722f1ec1783f44187a489425bed696d084ec99ebf9cdcd42d1686e6da8c99c054951f2afb7016034cd64e684d3caedac9a6b469fae099f03eaebb686b2d883ed54397779e43cb7fddd99feb7839594e597dbcb6d4422028
x-response-lb: image
ali-swift-global-savetime: 1675681673
age: 143268
x-cache: HIT TCP_MEM_HIT dirn:2:160403733 mlen:0
x-swift-savetime: Tue, 07 Feb 2023 20:55:33 GMT
x-swift-cachetime: 31414340
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9c16758249415397912e
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 93c2c71d6c2facc37ba859ceb4f2115d
aec55ca1faaf64578e8e4cf60956a2e57a881f20
8e7b02f92df1919a325a34e8710d06919968c88eb79322ace518ca4acd5d2455
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=123072
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:42 GMT
Etag: "63e24cee-2d7"
Expires: Thu, 09 Feb 2023 13:06:54 GMT
Last-Modified: Tue, 07 Feb 2023 13:06:54 GMT
Server: nginx
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 93c2c71d6c2facc37ba859ceb4f2115d
aec55ca1faaf64578e8e4cf60956a2e57a881f20
8e7b02f92df1919a325a34e8710d06919968c88eb79322ace518ca4acd5d2455
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1940
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:55:42 GMT
Last-Modified: Wed, 08 Feb 2023 02:23:22 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 727
8499483.com/8499/zzxx/960x80.gif
172.247.109.212200 OK 367 kB URL HTTP/2 8499483.com/8499/zzxx/960x80.gif
IP 172.247.109.212:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 367 kB (366944 bytes)
Hash bde9cbff38e305f40a245a7cf87bd85a
4aaa627b0db260ac7f97a9223e93b1e2f35caba4
375eaceb954016306188bd02f6cc229f71c8e1ef337e99b6ec0a98fad9b3eb7e
GET /8499/zzxx/960x80.gif HTTP/1.1
Host: 8499483.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:41 GMT
content-type: image/gif
content-length: 366944
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "59960-5f092cf09840f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
767753tje.com/ae505b1e33e6436ca1b28aa83494ed3f.gif
103.170.15.90200 OK 998 kB URL HTTP/1.1 767753tje.com/ae505b1e33e6436ca1b28aa83494ed3f.gif
IP 103.170.15.90:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 998 kB (998247 bytes)
Hash 9fea4f8f0e7a55c6c6f0979280b49151
57fd9b647eb704e6a09e7cc3552a9d5fd654d3b4
8898543cc7e3c5578317155444c2ceaaf7aef4989b47a4aac5776c328d437d70
Analyzer Verdict Alert quad9 Sinkholed
GET /ae505b1e33e6436ca1b28aa83494ed3f.gif HTTP/1.1
Host: 767753tje.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635e27b5-f3b67"
Date: Fri, 20 Jan 2023 15:09:45 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sun, 30 Oct 2022 07:28:53 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-20
Content-Length: 998247
xinchacha2dv.ocsp-certum.com/
23.36.79.43200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash 2e510988a558b30b4237d821fcc05ed9
548d32ac30c382d1aeb8196a310431df0ef807d0
4d1b0a1d4a28f6a8a8c7604175b41cc74d7486228126bb3c44da91894d3e94eb
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=677
Date: Wed, 08 Feb 2023 02:55:43 GMT
Connection: keep-alive
X-N: S
xinchacha2dv.ocsp-certum.com/
23.36.79.43200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash 2e510988a558b30b4237d821fcc05ed9
548d32ac30c382d1aeb8196a310431df0ef807d0
4d1b0a1d4a28f6a8a8c7604175b41cc74d7486228126bb3c44da91894d3e94eb
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=789
Date: Wed, 08 Feb 2023 02:55:43 GMT
Connection: keep-alive
X-N: S
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
120.52.95.236200 OK 678 kB URL HTTP/2 p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
IP 120.52.95.236:0
ASN #133119 China Unicom IP network
File type GIF image data, version 89a, 270 x 160\012- data
Size 678 kB (677521 bytes)
Hash 94051cb1d1b77200b4462281a864b96e
e5b468a1b2f4bbdda1b6a3a0df2dcce6b3de7e06
d44d0d2dd188024b60ec38cb3f3ea10c080690175e923f90c9c2a2e862670c84
GET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:55:42 GMT
content-type: image/gif
content-length: 677521
server: openresty
age: 19696597
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-ccdn-cachettl: 31536000
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
nginx-hit: 1
server-timing: cdn-cache;desc=HIT, edge;dur=2
via: CHN-HElangfang-AREACUCC1-CACHE29[2],CHN-HElangfang-AREACUCC1-CACHE35[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE60[39],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,36]
x-hcs-proxy-type: 1
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2
ldbbs.ldmnq.com/bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif
120.52.95.239429 Too Many Requests 306 B URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif
IP 120.52.95.239:0
ASN #133119 China Unicom IP network
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (306), with no line terminators
Hash e97f2386e41d37f180bb764fcf1a0987
a37456b7249c26def8442c5e107b96a2ecc1ec89
022f3c8b2a1c200c45a590af13ca0b69f6f4ca50c4b06703bc9fc9155bb5b61d
GET /bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Wed, 08 Feb 2023 02:55:43 GMT
Content-Length: 306
Connection: keep-alive
Server: openresty
X-Request-Id: 000001862EF351D19819EA5E14FC9EA9
x-reserved-indicator: 612
X-CCDN-Origin-Time: 117
Age: 1
via: CHN-HElangfang-AREACUCC1-CACHE6[148],CHN-HElangfang-AREACUCC1-CACHE45[144,TCP_MISS,147],CHN-TJ-GLOBAL1-CACHE18[140],CHN-TJ-GLOBAL1-CACHE23[117,TCP_MISS,139]
x-hcs-proxy-type: 0
X-CCDN-CacheTTL: 2592000
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSibwwibt1WzVqbbsI5nztlXTXfiaHibhFbS3s/0
43.129.255.47200 OK 1.1 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSibwwibt1WzVqbbsI5nztlXTXfiaHibhFbS3s/0
IP 43.129.255.47:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 150\012- data
Size 1.1 MB (1149237 bytes)
Hash d87ce4acedd7e067171def14606c32d9
f4378c984f68499bf17bd96903686d358539b997
dc619dd2cab20792752238a69694827de9deb84ae975eb4986584031762ba644
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSibwwibt1WzVqbbsI5nztlXTXfiaHibhFbS3s/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 08 Feb 2023 02:55:41 GMT
content-type: image/gif
content-length: 1149237
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:25:17 GMT
cache-control: max-age=2592000
x-delay: 562 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1149237
chid: 0
fid: 0
x-nws-log-uuid: 38e8f95d-0cce-4028-a133-b35cb23c1054
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
43.129.255.47200 OK 1.4 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP 43.129.255.47:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.4 MB (1362871 bytes)
Hash b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 08 Feb 2023 02:55:41 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 704 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: d9ce33c2-0798-4e5a-a48f-46dde287d1b9
X-Firefox-Spdy: h2
img.1137555.com/images/63dc97e2d4d5c5303e4f3a4e.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1137555.com/images/63dc97e2d4d5c5303e4f3a4e.gif
IP 3.36.126.81:0
GET /images/63dc97e2d4d5c5303e4f3a4e.gif HTTP/1.1
Host: img.1137555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/244c10981c0a4c8196495e2d1084a386
X-Firefox-Spdy: h2
api.michael-jordan-shoes.com/news/index.php
173.231.37.253200 OK 0 B URL HTTP/2 api.michael-jordan-shoes.com/news/index.php
IP 173.231.37.253:0
Analyzer Verdict Alert fortinet Phishing
GET /news/index.php HTTP/1.1
Host: api.michael-jordan-shoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.escuelamontecatini.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.xkys173.xyz/template/m1938pc/static/css/bootstrap.min.css
173.231.37.199200 OK 0 B URL HTTP/2 www.xkys173.xyz/template/m1938pc/static/css/bootstrap.min.css
IP 173.231.37.199:0
GET /template/m1938pc/static/css/bootstrap.min.css HTTP/1.1
Host: www.xkys173.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:55:39 GMT
content-type: text/css
last-modified: Fri, 03 Sep 2021 13:56:16 GMT
vary: Accept-Encoding
etag: W/"61322980-2212e"
expires: Wed, 08 Feb 2023 14:55:39 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
3.36.126.81302 Found 0 B URL HTTP/2 link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
IP 3.36.126.81:0
GET /images/63ba73b1a92cd2097e833f9d.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
X-Firefox-Spdy: h2
ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif
120.52.95.239200 OK 0 B URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif
IP 120.52.95.239:0
ASN #133119 China Unicom IP network
GET /bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xkys173.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 02:55:43 GMT
Content-Type: image/gif
Content-Length: 1082384
Connection: keep-alive
Server: openresty
Age: 4220152
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "a2513b4510f6797c4cbe4012fc79c64c"
Last-Modified: Wed, 21 Dec 2022 06:06:41 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HElangfang-AREACUCC1-CACHE26[2],CHN-HElangfang-AREACUCC1-CACHE30[0,TCP_HIT,0],CHN-TJ-GLOBAL1-CACHE54[16],CHN-TJ-GLOBAL1-CACHE30[0,TCP_HIT,13]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSFhv2Sr1BDL3xCdwQqA6DE4Gw8YvJHp
x-amz-request-id: 00000185334A8E1F900DAF7A4A1D6950
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes