4g.adbh87.xyz/
172.67.130.179301 Moved Permanently 0 B IP 172.67.130.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 4g.adbh87.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Dec 2022 11:02:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 12:02:28 GMT
Location: https://4g.adbh87.xyz/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PoZtfZse%2BztvcXqnfgAhC6%2BuUTvuZyACpxqADmP1IwQBi9N3kHqo76kRsrXmocG4Qol6o47U3M3yeSzdjKQoNaFIyiIh%2FV2w94duBqjvufBp80RwWc%2BAISWIRqnc5WLR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7785f7cc8e490b55-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15894
Expires: Mon, 12 Dec 2022 15:27:22 GMT
Date: Mon, 12 Dec 2022 11:02:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5447
Expires: Mon, 12 Dec 2022 12:33:15 GMT
Date: Mon, 12 Dec 2022 11:02:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3307
Expires: Mon, 12 Dec 2022 11:57:35 GMT
Date: Mon, 12 Dec 2022 11:02:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 12 Dec 2022 10:33:41 GMT
content-type: application/json
age: 1727
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ksQ2Lz4SHRYVip30Lb51+o8eg5X5KPJPBJZtZgLVwWwArvo5YD0mTlrQng7HqQJmdm3UhQxIzdU=
x-amz-request-id: 7TYTCQQ07V79AQAN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 12 Dec 2022 10:51:28 GMT
age: 660
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 11:02:28 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
imgur.com/0emONHA.jpg
199.232.192.193301 Moved Permanently 0 B IP 199.232.192.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0emONHA.jpg HTTP/1.1
Host: imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
retry-after: 0
location: https://i.imgur.com/0emONHA.jpg
accept-ranges: bytes
date: Mon, 12 Dec 2022 11:02:29 GMT
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1670842949.142566,VS0,VE0
server: cat factory 1.0
strict-transport-security: max-age=300
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-frame-options: DENY
access-control-allow-origin: https://imgur.com
access-control-allow-credentials: false
content-length: 0
X-Firefox-Spdy: h2
i.imgur.com/A9SxNrC.jpg
151.101.84.193200 OK 153 kB IP 151.101.84.193:0
File type JPEG image data, progressive, precision 8, 1440x1080, components 3\012- data
Size 153 kB (153082 bytes)
Hash d5b43c3d86bb302967f0bb36c37e7e3b
e6102b622f2eaa9ba693f6d0f7d887cedfafdc97
eed7ba35237c207608f52bcd0f5a431e1a9f47ecbe4e16d4afbbb31d711dc102
GET /A9SxNrC.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 31 May 2021 22:56:22 GMT
etag: "d5b43c3d86bb302967f0bb36c37e7e3b"
x-amz-storage-class: STANDARD_IA
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 12 Dec 2022 11:02:29 GMT
age: 3529548
x-served-by: cache-iad-kjyo7100056-IAD, cache-bma1648-BMA
x-cache: HIT, HIT
x-cache-hits: 309714, 1
x-timer: S1670842949.136657,VS0,VE3
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 153082
X-Firefox-Spdy: h2
i.imgur.com/tK6PaRu.jpg
151.101.84.193200 OK 47 kB IP 151.101.84.193:0
File type JPEG image data, progressive, precision 8, 600x600, components 3\012- data
Hash a35183ef0f3b04c254b3703a98ba3e66
93dade8dfc89c9ef856c8f301b3fb1134342dce1
a9f829ad6752b35f08baed50999da5d4e2f7c0949c66331267ff8e5ebb842b20
GET /tK6PaRu.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 02 Jun 2021 02:01:52 GMT
etag: "a35183ef0f3b04c254b3703a98ba3e66"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 12 Dec 2022 11:02:29 GMT
age: 5896167
x-served-by: cache-iad-kiad7000104-IAD, cache-bma1648-BMA
x-cache: HIT, HIT
x-cache-hits: 6682, 6
x-timer: S1670842949.142269,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 47372
X-Firefox-Spdy: h2
i.imgur.com/gUnhWPh.jpg
151.101.84.193200 OK 233 kB IP 151.101.84.193:0
File type JPEG image data, progressive, precision 8, 1632x1224, components 3\012- data
Size 233 kB (232987 bytes)
Hash da0b931e719073b90e0db02880687c8e
704208ea6358da4a85980259feb930e635202736
8801eae089f4ceec67a090f2b238002fb07ebab7e2007fe1602f51b4b7312639
GET /gUnhWPh.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 31 May 2021 22:45:30 GMT
etag: "da0b931e719073b90e0db02880687c8e"
x-amz-storage-class: STANDARD_IA
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 12 Dec 2022 11:02:29 GMT
age: 4139186
x-served-by: cache-iad-kjyo7100178-IAD, cache-bma1648-BMA
x-cache: HIT, HIT
x-cache-hits: 296601, 1
x-timer: S1670842949.143535,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 232987
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a33409f980e81b54f660035dd9c14cfb
8399645bbd14b6a968328c6552b837e3368948a3
9cf6b1845f29636c04e711a6bf1e7937773c6c4522e2ba66dd6c43bfef34b33b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f04b28ebe01f335e6e1d773112c7d070
ea682fd3c71e781da58cd8f3560ef0a8563832c1
327124aea2d405fb773ba0266d3a394cb65f2245cd9181da29b9fc620a889d80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f04b28ebe01f335e6e1d773112c7d070
ea682fd3c71e781da58cd8f3560ef0a8563832c1
327124aea2d405fb773ba0266d3a394cb65f2245cd9181da29b9fc620a889d80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-M9UfqNnbCLg/XjZcNnlB6sI/AAAAAAAANf4/QzxPat0qhac_W7sZu9BxzkEFYiwZPwjSgCLcBGAsYHQ/s1600/Whatsapp%2BDP%2BGirl%2B%252812%2529.jpg
142.250.74.161200 OK 21 kB URL HTTP/2 1.bp.blogspot.com/-M9UfqNnbCLg/XjZcNnlB6sI/AAAAAAAANf4/QzxPat0qhac_W7sZu9BxzkEFYiwZPwjSgCLcBGAsYHQ/s1600/Whatsapp%2BDP%2BGirl%2B%252812%2529.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], progressive, precision 8, 320x320, components 3\012- data
Hash e683fd786c1fd4a80ca578bf312f3d96
b72d6cca2378af62ff4058450b154e305458e6f5
ddd79e024592b5ecf9edac3c1bb0bb33cb1c42124af3169b634b912885f3b625
GET /-M9UfqNnbCLg/XjZcNnlB6sI/AAAAAAAANf4/QzxPat0qhac_W7sZu9BxzkEFYiwZPwjSgCLcBGAsYHQ/s1600/Whatsapp%2BDP%2BGirl%2B%252812%2529.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Whatsapp DP Girl (12).jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 21272
x-xss-protection: 0
date: Mon, 12 Dec 2022 07:12:37 GMT
expires: Tue, 27 Sep 2022 10:04:25 GMT
cache-control: public, max-age=86400, no-transform
age: 13792
etag: "v3623"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
216.58.207.202200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (32086)
Hash 430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 22:13:37 GMT
expires: Wed, 06 Dec 2023 22:13:37 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 478132
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-RuIA2JO0NW0/YKKccmd5SdI/AAAAAAAAB28/NihG0SeSJtkp1P9DCvM00yeYhey77iPXwCLcBGAsYHQ/s600/ettte.jpg
142.250.74.161200 OK 35 kB URL HTTP/2 1.bp.blogspot.com/-RuIA2JO0NW0/YKKccmd5SdI/AAAAAAAAB28/NihG0SeSJtkp1P9DCvM00yeYhey77iPXwCLcBGAsYHQ/s600/ettte.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], progressive, precision 8, 480x600, components 3\012- data
Hash d6b04ad1d7645a82853379e9ba0d7648
f44b5d97cfb35a5b1420abb8b120afd46d63af41
6db87b82ec9f8123a70efd7a43fae49cfee29fa186c512e31f022615bf185395
GET /-RuIA2JO0NW0/YKKccmd5SdI/AAAAAAAAB28/NihG0SeSJtkp1P9DCvM00yeYhey77iPXwCLcBGAsYHQ/s600/ettte.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="ettte.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 35100
x-xss-protection: 0
date: Mon, 12 Dec 2022 07:11:17 GMT
expires: Mon, 03 Oct 2022 01:38:12 GMT
cache-control: public, max-age=86400, no-transform
age: 13872
etag: "v771"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-QFMPCK1G79
142.250.74.40200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-QFMPCK1G79
IP 142.250.74.40:0
File type ASCII text, with very long lines (20080)
Hash ebce7f220b9957d8f5453dfca4a3f723
c1a00fba44a9f8cf217c16640536f6a048a3d891
b4c809c17c142133e56333713fb8dd77c26840dd0b6b8ec0d0b5941d340d2ba0
GET /gtag/js?id=G-QFMPCK1G79 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Dec 2022 11:02:29 GMT
expires: Mon, 12 Dec 2022 11:02:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76260
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.imgur.com/0emONHA.jpg
151.101.84.193200 OK 53 kB IP 151.101.84.193:0
File type JPEG image data, baseline, precision 8, 500x317, components 3\012- data
Hash 26dce0f513e3b2f2ce3b16f038b6e1da
5bbb8d06a05be400e810e7b3360e6236085022ef
483e947ae62caf6eff5a75fbeb3c9edfad8a7fe1da167eba18316aae9440f9b9
GET /0emONHA.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4g.adbh87.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 08 Oct 2022 08:02:20 GMT
etag: "26dce0f513e3b2f2ce3b16f038b6e1da"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 12 Dec 2022 11:02:29 GMT
age: 2177281
x-served-by: cache-iad-kcgs7200179-IAD, cache-bma1648-BMA
x-cache: HIT, HIT
x-cache-hits: 11577, 1
x-timer: S1670842949.259506,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 53392
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f04b28ebe01f335e6e1d773112c7d070
ea682fd3c71e781da58cd8f3560ef0a8563832c1
327124aea2d405fb773ba0266d3a394cb65f2245cd9181da29b9fc620a889d80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a33409f980e81b54f660035dd9c14cfb
8399645bbd14b6a968328c6552b837e3368948a3
9cf6b1845f29636c04e711a6bf1e7937773c6c4522e2ba66dd6c43bfef34b33b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 12 Dec 2022 10:07:56 GMT
age: 3273
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c6205f2e28ff306dcdaa5baed38354c5
151941d03bdd0c5384cdfddd73cc8b55e5dda682
a8297a20025e251b2cff847fb3b3a1cffec8a9b65e1cff42e945615b203d77cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A8297A20025E251B2CFF847FB3B3A1CFFEC8A9B65E1CFF42E945615B203D77CB"
Last-Modified: Sat, 10 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Mon, 12 Dec 2022 17:02:15 GMT
Date: Mon, 12 Dec 2022 11:02:29 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2ea99c463abf19118a68885b0ec2ee51
75e39917092521d3dc13b57a8edfe9656e52d838
2568070135bca9655e8b53080f3eaa2d0deca8090e8371244f0d05a2a2509fea
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101081
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Etag: "6395f21e-117"
Expires: Tue, 13 Dec 2022 15:07:10 GMT
Last-Modified: Sun, 11 Dec 2022 15:07:10 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee19f96e42a0eca99d00c8d91f977c35
3bf8dbf8b8ce6ea7adadf7bb92cae2f9502fbee9
6d8adcb1494bfe2ca73cd6b77eb57b2d08e07b05eb892fea98a1fde0bfb2ea12
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=170659
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:29 GMT
Etag: "6396ef2b-1d7"
Expires: Wed, 14 Dec 2022 10:26:48 GMT
Last-Modified: Mon, 12 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash dc744e856ab80cd5fe16d80df8030fd2
12a99a75a6903629c5f0e4278bf20b70b79d7e51
265d83bf42f8ebaa95bd0297c16fd3717d5ae2419a64297bbc0a031d2cfe508b
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Dec 2022 11:02:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 16 Dec 2022 07:51:12 GMT
ETag: "12a99a75a6903629c5f0e4278bf20b70b79d7e51"
Last-Modified: Mon, 12 Dec 2022 07:51:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3510
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7785f7d4ec69b51d-OSL
push.services.mozilla.com/
35.164.183.116101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.183.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uX9xpq9j2/hPJjcSFFtqwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KGo/zIz90sB1wmkwknAJLU8n3NU=
region1.google-analytics.com/g/collect?v=2&tid=G-QFMPCK1G79>m=2oebu0&_p=878046767&cid=1375009324.1670842948&ul=en-us&sr=1280x1024&_s=1&sid=1670842947&sct=1&seg=0&dl=https%3A%2F%2F4g.adbh87.xyz%2F&dt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-QFMPCK1G79>m=2oebu0&_p=878046767&cid=1375009324.1670842948&ul=en-us&sr=1280x1024&_s=1&sid=1670842947&sct=1&seg=0&dl=https%3A%2F%2F4g.adbh87.xyz%2F&dt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-QFMPCK1G79>m=2oebu0&_p=878046767&cid=1375009324.1670842948&ul=en-us&sr=1280x1024&_s=1&sid=1670842947&sct=1&seg=0&dl=https%3A%2F%2F4g.adbh87.xyz%2F&dt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4g.adbh87.xyz
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://4g.adbh87.xyz
date: Mon, 12 Dec 2022 11:02:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c6205f2e28ff306dcdaa5baed38354c5
151941d03bdd0c5384cdfddd73cc8b55e5dda682
a8297a20025e251b2cff847fb3b3a1cffec8a9b65e1cff42e945615b203d77cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A8297A20025E251B2CFF847FB3B3A1CFFEC8A9B65E1CFF42E945615B203D77CB"
Last-Modified: Sat, 10 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21585
Expires: Mon, 12 Dec 2022 17:02:15 GMT
Date: Mon, 12 Dec 2022 11:02:30 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2ea99c463abf19118a68885b0ec2ee51
75e39917092521d3dc13b57a8edfe9656e52d838
2568070135bca9655e8b53080f3eaa2d0deca8090e8371244f0d05a2a2509fea
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=101081
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 11:02:30 GMT
Etag: "6395f21e-117"
Expires: Tue, 13 Dec 2022 15:07:11 GMT
Last-Modified: Sun, 11 Dec 2022 15:07:10 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
hm.baidu.com/hm.js?9b3b45e2d5c24797e9813581c443616a
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?9b3b45e2d5c24797e9813581c443616a
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (619)
Hash 6d3e8b6459cb9e6e7b444b9ad453740b
70f698b53fe98431d4711f0502922a2ee1fc7f9c
bf0ca734abd382dc32dc14d511f50e902986fedee64ac10179fde76b170d7458
GET /hm.js?9b3b45e2d5c24797e9813581c443616a HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Mon, 12 Dec 2022 11:02:30 GMT
Etag: e46f64975a0dbb52530029fdc3126147
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=84BC7AE77C2542BE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5601
Expires: Mon, 12 Dec 2022 12:35:52 GMT
Date: Mon, 12 Dec 2022 11:02:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5601
Expires: Mon, 12 Dec 2022 12:35:52 GMT
Date: Mon, 12 Dec 2022 11:02:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5601
Expires: Mon, 12 Dec 2022 12:35:52 GMT
Date: Mon, 12 Dec 2022 11:02:31 GMT
Connection: keep-alive
50g.zsd-quiz.xyz/js/jquery.min.js?t=1670842948&_=1670842947518
172.67.153.208200 OK 37 kB URL HTTP/2 50g.zsd-quiz.xyz/js/jquery.min.js?t=1670842948&_=1670842947518
IP 172.67.153.208:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 8b6684ba81d4ef92ef159a96207ecc67
e9c0da61305ea8e4636989aad8a3d5ae2106c0cb
637b5ea45e7b02bf9255ab13bccdb1fb264a976c985419463ca0926d9e59cb9a
GET /js/jquery.min.js?t=1670842948&_=1670842947518 HTTP/1.1
Host: 50g.zsd-quiz.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 11:02:29 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 12 Dec 2022 23:02:29 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YyKl6v2WrIBPsVQXCaW1hfrjg73jnRfgiMWJRWeI68WybnlzmWLG9kd3JuFpE5G9kR2HB7n6ZjbWVkeY%2BX311DJ7Bl99WcDS5Zcrz2ZgP7oTz0VrxdTP8ZauVrx%2F%2Bm2S4Ft"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7785f7d1985db4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 21eb88f40afd0bb66fdf8413994ef404
d6d6804120d4c8a7f33425ce99cc7801286a39c8
78340bbac6950c4f7006182b173a0a0b93518412c65a4192d9977ffb92250f20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7304
x-amzn-requestid: 5ec21e2f-1a2f-4198-b56f-ee3890d3cd87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAEJHHppoAMF9YA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d6d-0b5121b00eabc19a1adad514;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:36:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Kj4J1IQHwqdJWUFSCPPAqgnYl4tZv60HvKBRB9Ce_dG2uXScEdF6ug==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:01:59 GMT
etag: "d6d6804120d4c8a7f33425ce99cc7801286a39c8"
content-type: image/jpeg
age: 46832
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ki41.xyz/js/jquery.min.js?t=1670842948&_=1670842947519
172.67.162.94200 OK 37 kB URL HTTP/2 ki41.xyz/js/jquery.min.js?t=1670842948&_=1670842947519
IP 172.67.162.94:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash fbdeaebdba814e6dcc0db95fcee39d19
8a68194d8fac1e357e5a96ba82a13a16f0f82b58
f007eff123911758bcc0e32080ecdcfb1e0f960cd8df4820088965115e8baaf8
GET /js/jquery.min.js?t=1670842948&_=1670842947519 HTTP/1.1
Host: ki41.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 11:02:29 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 12 Dec 2022 23:02:29 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOjd4fFJ3h2SYaFmjntEoGZdxBhvbmnvi5fzzDSUcjwQZqpfPYZDdl5ypz2NrEFsH6vjsBfeAmu%2FFO1XxamhX0L5DPJusnhY58qb00%2FlqWYX7GW0g8FpTMyVJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7785f7d19e36b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2020df3404a4b7c3e142af4a1330b848
2fe69b52fe03128e86550bf08474ecac82682384
37a52c158d5cfdf3589e19163cf446c02ce1466f444656080b02da82d2bcefae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 46ccaee0-bde8-4be6-9dc8-46e3ae356dc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xUYH10oAMF8Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc1b-2440251f06cb950a57489555;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bgmOsF49y9d_oDWjQxm7toxsydgt9HBKZunUbe-BZfSmdfJ7q0Jo3A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:52:33 GMT
age: 47398
etag: "2fe69b52fe03128e86550bf08474ecac82682384"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6db22fa-e5c2-451e-bd92-a8e75524b559.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6db22fa-e5c2-451e-bd92-a8e75524b559.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36dd97656d1d3eaef837e4ff7c670e33
cd08e74fb849ebca2b5ac29519c47954845316ea
9d3debf9afab17bb787b26c2ff1d9581d28f80f407c4a1cff4ea5dc5b9471032
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6db22fa-e5c2-451e-bd92-a8e75524b559.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8517
x-amzn-requestid: 6bddc0ae-a697-4404-b319-366a6e5b706e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENjHvbIAMFSrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d89-4601dc8570003f1372c67252;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ADx0Jb0NrvVui7QIBb1uWucy9gvT7Xu-8htzIDg69vP3sjonAciFwA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:04:40 GMT
age: 46671
etag: "cd08e74fb849ebca2b5ac29519c47954845316ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: e68bff96-83e0-471c-95ed-d9773d2354a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82_MHywoAMFe_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6395052d-23c53ea949b7266822b23787;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:16:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oe5TA8wzsxvsnupvCvyDKwfvJOxK3SLZsexG1tPiTWu3gVXBCXAhSw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 04:55:55 GMT
age: 21996
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=885928641&si=9b3b45e2d5c24797e9813581c443616a&v=1.3.0&lv=1&sn=28124&r=0&ww=1280&u=https%3A%2F%2F4g.adbh87.xyz%2F%231670842948059&tt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=885928641&si=9b3b45e2d5c24797e9813581c443616a&v=1.3.0&lv=1&sn=28124&r=0&ww=1280&u=https%3A%2F%2F4g.adbh87.xyz%2F%231670842948059&tt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=885928641&si=9b3b45e2d5c24797e9813581c443616a&v=1.3.0&lv=1&sn=28124&r=0&ww=1280&u=https%3A%2F%2F4g.adbh87.xyz%2F%231670842948059&tt=Qatar%202022%20World%20Cup%20offers%2050GB%20to%20watch%20the%20game HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 12 Dec 2022 11:02:31 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=03A6523A156CDEA3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
na52.xyz/js/jquery.min.js?t=1670842948&_=1670842947517
188.114.96.1200 OK 0 B URL HTTP/2 na52.xyz/js/jquery.min.js?t=1670842948&_=1670842947517
IP 188.114.96.1:0
GET /js/jquery.min.js?t=1670842948&_=1670842947517 HTTP/1.1
Host: na52.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 11:02:30 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 12 Dec 2022 23:02:29 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8p98CqWC1V3813GGskMQpL8MGuRxTeMj9gJhKw%2F50U2dWLuCSqthSP3DLbBOoWifUIXxSr7P6C5YsO93HujTxTu8lhMJxoD%2FV9PuYo2gtCA1AUseNSNSko85VA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7785f7d33e78b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4g.adbh87.xyz/
104.21.3.125200 OK 0 B IP 104.21.3.125:0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 4g.adbh87.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 12 Dec 2022 11:02:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Thu, 15-Dec-2022 11:02:28 GMT; Max-Age=259200; path=/
reg=1; expires=Wed, 11-Jan-2023 11:02:28 GMT; Max-Age=2592000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4eEho%2B%2B0SzMQIkDmSYBe1%2FEaHm6dhwWgOKjeBUFcuAj4V8dJN41Ru1l1Xio9QoKdHvtboFLtCpdnzAeTfooRwRQkrpLsk7wCyNT5m%2B81rbiYjmq5SgG9QdU279LmA1PO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7785f7ce2e45b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ks86.xyz/js/jquery.min.js?t=1670842948&_=1670842947516
172.67.216.234200 OK 0 B URL HTTP/2 ks86.xyz/js/jquery.min.js?t=1670842948&_=1670842947516
IP 172.67.216.234:0
GET /js/jquery.min.js?t=1670842948&_=1670842947516 HTTP/1.1
Host: ks86.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4g.adbh87.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 11:02:30 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 12 Dec 2022 23:02:29 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6BdqdU1PA1CSiZucAH5vczsX%2FLzS2oqpti75JE1DAXueuLGmvURKZeccxqoGlB7L7VXS%2FAI%2B6W%2FBOe%2FAzT6CPUxkpXUeFnD4LfDxKOTavY9b%2FKKgfLxjFm9mKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7785f7d329ea1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2