r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14526
Expires: Sat, 14 Jan 2023 15:31:04 GMT
Date: Sat, 14 Jan 2023 11:28:58 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0643dc6b6fed33b3537160b6bb77bcbf
aa43bd1fbb30d2219f3285c1ee4991ffb33562c5
f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5178
Expires: Sat, 14 Jan 2023 12:55:16 GMT
Date: Sat, 14 Jan 2023 11:28:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 10:48:54 GMT
content-type: application/json
age: 2404
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0f4ecf4f26be1ba09e61135b1b488bf4
f16b8277e00033bc990a8bcce54b693cb3c87d62
3018c2a228f0a894d217e8e8b0b8dd060527f06879cd2f469bac6c8766acbbf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3018C2A228F0A894D217E8E8B0B8DD060527F06879CD2F469BAC6C8766ACBBF8"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3396
Expires: Sat, 14 Jan 2023 12:25:34 GMT
Date: Sat, 14 Jan 2023 11:28:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gQ9TCUkFtQ6vwK8E9bzuIL4kTY/pqbt/uyx6t67dTMqIRcXH+f9rbleIbIhIbgrF0oi0MHwu9kk=
x-amz-request-id: 6WVS3Y4NB40MT912
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 10:43:42 GMT
age: 2716
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
225km.com/get/F0bE
23.234.61.174301 Moved Permanently 0 B IP 23.234.61.174:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /get/F0bE HTTP/1.1
Host: 225km.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 14 Jan 2023 11:28:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.225km.com/get/F0bE
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 11:28:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 11:17:25 GMT
age: 693
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c01ec61f7ca77158f474b3ab519c12fa
fc82ae0fcd73a83a980b75709a08e65239894e4a
f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6262
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 11:28:58 GMT
Last-Modified: Sat, 14 Jan 2023 09:44:36 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
www.225km.com/get/F0bE
23.234.61.174200 OK 560 B IP 23.234.61.174:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (676), with CRLF line terminators
Hash ca2ae993f8c41dd8d732df05df3c79e8
590905e2c989ab9b63a2775bbfe066da747d0d3d
b1159d6dcb0ce8119209c71246020a42b54262efbd48c19d0153eb8b38759bbd
Analyzer Verdict Alert fortinet Malware
GET /get/F0bE HTTP/1.1
Host: www.225km.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:28:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
52.41.11.218101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.11.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IcI2SQRmeL6rPvwXg2TwSg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: T1LmjQQ9ESvul0Je69IbwSbiY+g=
www.225km.com/common.js
23.234.61.174200 OK 640 B IP 23.234.61.174:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, ASCII text, with very long lines (1229), with no line terminators
Hash 6a20cf3152f0e9f0389e717a81305f09
c84ad347c548f301f606df36b0721871c5d78afd
f93798c9913084afae1406285ba0a30e83455a6da826951a0ff533a96155edde
Analyzer Verdict Alert fortinet Phishing
GET /common.js HTTP/1.1
Host: www.225km.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.225km.com/get/F0bE
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:28:58 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.225km.com/tj.js
23.234.61.174200 OK 258 B IP 23.234.61.174:0
ASN #134548 DXTL Tseung Kwan O Service
File type ASCII text, with CRLF line terminators
Hash 6d17ab2932b75a35f5de056e66f8b972
3abe4e32ef13e9c918b27b02efd508029b55591f
0ecbc617520897bc21415a03f6ea930a586f7d6f97680be52f20084d507627f6
Analyzer Verdict Alert fortinet Phishing
GET /tj.js HTTP/1.1
Host: www.225km.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.225km.com/get/F0bE
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:28:59 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.225km.com/favicon.ico
23.234.61.174200 OK 1.2 kB URL HTTP/1.1 www.225km.com/favicon.ico
IP 23.234.61.174:0
ASN #134548 DXTL Tseung Kwan O Service
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.225km.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.225km.com/get/F0bE
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:28:59 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Thu, 19 Jan 2023 11:28:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 14 Jan 2023 13:05:23 GMT
Date: Sat, 14 Jan 2023 11:29:00 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 14 Jan 2023 13:05:23 GMT
Date: Sat, 14 Jan 2023 11:29:00 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 14 Jan 2023 13:05:23 GMT
Date: Sat, 14 Jan 2023 11:29:00 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 14 Jan 2023 13:05:23 GMT
Date: Sat, 14 Jan 2023 11:29:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1378f107c1996ade14a8fe7fd728072
f52d98d9a0d1d343a539689ea14acf99e148cf8c
4be994757ec7ec42929590169de199e927889261334e258903a0929a1055047d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9154
x-amzn-requestid: fbb1140d-7ec2-4f86-8761-5d04601af70e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAkCEN2IAMFuMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ae6-4baebf1104f9cf2a0ee8a538;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jlRcVyQppaQaPPMKaqadtaEHfdOYXXXbnfrr44l_2E2qaOoh_O0Mog==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:21:52 GMT
age: 25628
etag: "f52d98d9a0d1d343a539689ea14acf99e148cf8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d24ea1f095f492934a1f1c63f5d8590c
dade37148c9b9a941f93a8535d8ddc5de3952623
2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:36:45 GMT
age: 49935
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 4769eaeb-0c78-4054-ad47-eefdd6ab2d03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWHMZErbIAMF6sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8b8b5-4c7bacfe060899044e361f70;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 00:11:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JRzc2Mcl4EasyH6_1kFh7sr-57f1HNDu-YN8YptDe_kcTET9x8P9LA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 14:03:21 GMT
age: 77139
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2363dbe7bb6a459853d8d19cab50e70b
ded76de1dd453e40dbf6eaa8607cf19fac7f71a4
f96da6354cec52143768014c36ba2b298224a58b0bf38bd2aa5f3bfce69d8670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7447
x-amzn-requestid: dd3543b7-4e6b-4605-acea-a21d39af02ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qSFjAIAMF7HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce41-56e2ccc63669032d70cba0ba;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AYaeawnEmwHkyx3h-yliVx-ARcRB3W5kbtFH5tARnL3YMD6e4WYAQw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:01 GMT
age: 49199
etag: "ded76de1dd453e40dbf6eaa8607cf19fac7f71a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7055d5db8f2f9c89dfab16c4fe3f11a5
29566fe8eb5c9d12b0584642dac170c93ba80b90
6510cf0eda1d062df3b81b2b797e9bfca73040cac874e80ae9b8ff70b0407302
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 28db68a0-ab23-4bef-b415-54120d187f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0gWEF6IAMFT7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3468-23b24e4a2c863aed25e0c81e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:11:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lkGbybdV4gBs1HNNzdVIBzyA5Akcx2T4YZX9Q1kR847Q33pG8sJ67w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:15:41 GMT
age: 51199
etag: "29566fe8eb5c9d12b0584642dac170c93ba80b90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64ba27a2f0a3bc61bd325f1fb317b755
c65c58476b66cbb6269ba1d8412d270a0a003ae3
5f7f03752f8a7c8c08d92512ae93b193ea37f59354503c3129d33fd2910f87e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9135
x-amzn-requestid: 2c5e9de0-9244-43ac-b7c4-712cbcf7038c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAnoG6roAMFzgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7afd-7fb640b30bab63bc1979a173;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:14:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RnAGo4OuBl5UjyOlUOJqu2nlFLHTOe0ETxokWtbI4frbpkNVnIBSew==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 01:41:40 GMT
age: 35240
etag: "c65c58476b66cbb6269ba1d8412d270a0a003ae3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 049790a03300c0a0e4cc94e67026ebba
638043206bc19a43e4b1ef75bb2d4801050ac504
3fbbb00053f7579305a8331ce338793fdc297736f8986a06556c30fce988d4c0
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 18 Jan 2023 10:44:11 GMT
ETag: "638043206bc19a43e4b1ef75bb2d4801050ac504"
Last-Modified: Sat, 14 Jan 2023 10:44:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 348
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78960808ecacb51d-OSL
kuyabq119.top/
122.10.10.136200 OK 13 kB IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1301), with CRLF, LF line terminators
Hash d9d1b7e4f41f69b82dfbaa6e4deff446
d23d9975c0274276cd995d3078d4853cf66f3f77
2667f6f3f090b482c8c63d5a5030198d6f43bff58e0e4be31c87444cb13e29fa
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.225km.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
kuyabq119.top/template/m1938pc/static/css/style.css
122.10.10.136200 OK 6.0 kB URL HTTP/1.1 kuyabq119.top/template/m1938pc/static/css/style.css
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type assembler source, Unicode text, UTF-8 text, with very long lines (341)
Hash 940e69095b402c0be8221fbc8c5ee188
b8718beffe6d429295fa50af9a1de7d9f47948f4
cfbc23ef2df5975424979e4e89b9069414b03134cf80f63129fd59abf6ca1aca
GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: text/css
Last-Modified: Fri, 17 Jun 2022 03:51:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62abfa5a-6320"
Expires: Sat, 14 Jan 2023 23:29:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kuyabq119.top/template/m1938pc/static/js/nativeshare.js
122.10.10.136200 OK 5.4 kB URL HTTP/1.1 kuyabq119.top/template/m1938pc/static/js/nativeshare.js
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type Unicode text, UTF-8 text, with very long lines (23442), with no line terminators
Hash 8c009c948972b74f431b5fc75073ca94
0aa90f010453081428a2eddd14102094fef16d53
8d00ef00c947a56a4dfffcde531b22214528afee0a7f5961feffd4f00a196970
GET /template/m1938pc/static/js/nativeshare.js HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: application/javascript
Last-Modified: Fri, 17 Jun 2022 02:29:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62abe706-5bd6"
Expires: Sat, 14 Jan 2023 23:29:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kuyabq119.top/template/m1938pc/ads/sz_zyxf.js
122.10.10.136200 OK 1.6 kB URL HTTP/1.1 kuyabq119.top/template/m1938pc/ads/sz_zyxf.js
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text
Hash eb9eb1b3ca15e14418f56e887f033eca
d28ed516bde47c93a7c2da43a2ac73f97348b0ae
76d2357579529bc96b879a0bcbd3e264d248c572b5913f38150d5193814c2f4d
GET /template/m1938pc/ads/sz_zyxf.js HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: application/javascript
Last-Modified: Mon, 02 Jan 2023 06:47:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b27df8-21d2"
Expires: Sat, 14 Jan 2023 23:29:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
kuyabq119.top/template/m1938pc/static/images/arrow_up.png
122.10.10.136200 OK 398 B URL HTTP/1.1 kuyabq119.top/template/m1938pc/static/images/arrow_up.png
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 353247650251bb3b54b709aa3441deb0
9784d902cbdfbf51cbe3f0281098575311fd5d2f
cdd12906b6861716ac4c33bcb08ff9164f9269b304748e54886482e773d26aec
GET /template/m1938pc/static/images/arrow_up.png HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/template/m1938pc/static/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: image/png
Content-Length: 398
Last-Modified: Fri, 17 Jun 2022 02:29:24 GMT
Connection: keep-alive
ETag: "62abe704-18e"
Expires: Mon, 13 Feb 2023 11:29:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kuyabq119.top/template/m1938pc/static/images/share.png
122.10.10.136200 OK 3.2 kB URL HTTP/1.1 kuyabq119.top/template/m1938pc/static/images/share.png
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type PNG image data, 39 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 02f6a2fe1a4a8668aca32a1c08040c0f
72d7273e5e561ed4c70bd0ccef8e66407b9e7ce0
30a473f2f6a26ac3d2fb1538744d781985d6051cf1e8a54a4e8a8d1fabb0e8f8
GET /template/m1938pc/static/images/share.png HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/template/m1938pc/static/css/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: image/png
Content-Length: 3172
Last-Modified: Fri, 17 Jun 2022 02:29:30 GMT
Connection: keep-alive
ETag: "62abe70a-c64"
Expires: Mon, 13 Feb 2023 11:29:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kuyabq119.top/template/m1938pc/static/picture/play.png
122.10.10.136200 OK 914 B URL HTTP/1.1 kuyabq119.top/template/m1938pc/static/picture/play.png
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d0bcf0dff3f7074e9a3ce72a06b4a9a8
48fbeab48ed57e626fe00e5e6617b7729726995e
ed0681b32fabd508fcc2aa62f2408181053043302e8089fd200da0649981f972
GET /template/m1938pc/static/picture/play.png HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:01 GMT
Content-Type: image/png
Content-Length: 914
Last-Modified: Fri, 17 Jun 2022 02:29:26 GMT
Connection: keep-alive
ETag: "62abe706-392"
Expires: Mon, 13 Feb 2023 11:29:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
hm.baidu.com/hm.js?e1adc2a88c6c721415997ebc6a3c6117
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e1adc2a88c6c721415997ebc6a3c6117
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (626)
Hash 16b0cf318172166c49a91dbd6ca4df90
1e6764850ec250491e508be9ad220a7e8efba84d
bb854274f1ce1f86ca6ea643997c40f51af5c365fb591970f64b48a98ea0e443
GET /hm.js?e1adc2a88c6c721415997ebc6a3c6117 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.225km.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11264
Content-Type: application/javascript
Date: Sat, 14 Jan 2023 11:29:00 GMT
Etag: 61bc78286bd9c4f02df60dc63d4ee202
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C1DA77697533C4C9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
kuyabq119.top/template/m1938pc/ads/sp2.gif
122.10.10.136404 Not Found 146 B URL HTTP/1.1 kuyabq119.top/template/m1938pc/ads/sp2.gif
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/m1938pc/ads/sp2.gif HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 14 Jan 2023 11:29:01 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
hm.baidu.com/hm.js?35de381cc0c648645971ed1374c15f1f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?35de381cc0c648645971ed1374c15f1f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (624)
Hash f41681257d4c143da243b4d41ee674f8
c0041c145f12b1e5d7337c236a91a99feddc9c49
9554b0807da2e6cdce4054f103d1e15532fb468f9497014f0a4e18a57ee99cad
GET /hm.js?35de381cc0c648645971ed1374c15f1f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sat, 14 Jan 2023 11:29:00 GMT
Etag: 5712ffa76fce5c461bef409a8af4174b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=FA132A6EAE225552; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1936913536&si=e1adc2a88c6c721415997ebc6a3c6117&v=1.3.0&lv=1&sn=62895&r=0&ww=1280&u=http%3A%2F%2Fwww.225km.com%2Fget%2FF0bE&tt=%E6%AD%A6%E6%B1%89%E8%9B%8A%E8%B0%A0%E5%95%86%E5%8A%A1%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1936913536&si=e1adc2a88c6c721415997ebc6a3c6117&v=1.3.0&lv=1&sn=62895&r=0&ww=1280&u=http%3A%2F%2Fwww.225km.com%2Fget%2FF0bE&tt=%E6%AD%A6%E6%B1%89%E8%9B%8A%E8%B0%A0%E5%95%86%E5%8A%A1%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1936913536&si=e1adc2a88c6c721415997ebc6a3c6117&v=1.3.0&lv=1&sn=62895&r=0&ww=1280&u=http%3A%2F%2Fwww.225km.com%2Fget%2FF0bE&tt=%E6%AD%A6%E6%B1%89%E8%9B%8A%E8%B0%A0%E5%95%86%E5%8A%A1%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.225km.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 14 Jan 2023 11:29:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A202C1B63810479A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b63f507a34dec00da8907a238931429e
754af1e0c8c1910b508aa406e5518cf1c36f1f50
a4adb74f38e4454b7037f468a8d319014dbfa2386d8da8910157fde0901c7a10
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A4ADB74F38E4454B7037F468A8D319014DBFA2386D8DA8910157FDE0901C7A10"
Last-Modified: Fri, 13 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Sat, 14 Jan 2023 17:28:43 GMT
Date: Sat, 14 Jan 2023 11:29:01 GMT
Connection: keep-alive
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 42bdf1a0d019bf74461be0198243f43b
a4ae1ed6f41d61969fd94c0c3e207518499dfadf
04922c3630d8ef153eb2452a64a73e7dad9b8a44f7a0b21ad349b22bf1e00e26
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: STALE
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=864
Date: Sat, 14 Jan 2023 11:29:01 GMT
Connection: keep-alive
X-N: S
i.zangnei.com/image.gif
138.113.36.253302 Moved Temporarily 0 B IP 138.113.36.253:0
ASN #54994 QUANTILNETWORKS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /image.gif HTTP/1.1
Host: i.zangnei.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Sat, 14 Jan 2023 11:29:01 GMT
Content-Length: 0
Connection: keep-alive
Server: Cdn Cache Server V2.0
Location: http://i.zangnei.com/image.gif
X-Via: 1.0 PS-AMS-01bF296:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63c291fd_PS-AMS-01AYh98_20437-25115
i.zangnei.com/image.gif
138.113.36.253200 OK 270 kB IP 138.113.36.253:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 300 x 250\012- data
Size 270 kB (270284 bytes)
Hash e180b09c588af233fab66da13f3c281b
db0d0bee4a4ac4c27e564033465cf92dc2f8d0c3
27321268b50770cf1849cc5d634c018d8330b5968b9c11194a44fdb421ba6aae
GET /image.gif HTTP/1.1
Host: i.zangnei.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://kuyabq119.top/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:01 GMT
Content-Type: image/gif
Content-Length: 270284
Connection: keep-alive
Server: nginx/1.10.3 (Ubuntu)
Last-Modified: Wed, 24 Aug 2022 10:12:07 GMT
ETag: "6305f977-41fcc"
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 ianxun22:5 (Cdn Cache Server V2.0), 1.1 PS-AMS-01bF296:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63c291fd_PS-AMS-01AYh98_20406-14599
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 2175819460672736c13f80229392182e
64ace482254905d5221e351d6f8e4ce2c2b366d8
54a32a23b4f0bc67999171718e0f37b95a20de6e12f5191c8d13a39b8a063e01
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 13 Jan 2023 18:41:08 GMT
Expires: Fri, 20 Jan 2023 18:41:07 GMT
Etag: "64ace482254905d5221e351d6f8e4ce2c2b366d8"
Cache-Control: max-age=543725,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 789608125eb70b3d-OSL
image.qkf7jq3b.space/n2MgydKZEk.jpg
172.67.130.137200 OK 59 kB URL HTTP/2 image.qkf7jq3b.space/n2MgydKZEk.jpg
IP 172.67.130.137:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1024, components 3\012- data
Hash c4d4076b7558eac63e3edfde0ffbdafb
0d652f48e6b9a452f0a471563161d15015046c08
f7495063bb8f49b32a707d360127f928c14964efba7bc4376fb02b393f48d52d
GET /n2MgydKZEk.jpg HTTP/1.1
Host: image.qkf7jq3b.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 11:29:01 GMT
content-type: image/jpeg
content-length: 58621
last-modified: Fri, 08 Jul 2022 14:19:52 GMT
etag: "62c83d08-e4fd"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,DELETE
access-control-allow-header: Content-Type,*
cache-control: max-age=432000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FPH%2FzSlxxjsojNGcJn2JThbYNprqIxB8SZnx8o3YRQAWbAU%2BraVkX%2FSWhxqVfdruIpgc71i5l2IBAgkBQgr1IwqNGhsq8gdMPSq4n%2FlJwP5BNCwvS4s0nTzvGzzWgJIlBW6VmFPgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 789608117931b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b63f507a34dec00da8907a238931429e
754af1e0c8c1910b508aa406e5518cf1c36f1f50
a4adb74f38e4454b7037f468a8d319014dbfa2386d8da8910157fde0901c7a10
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A4ADB74F38E4454B7037F468A8D319014DBFA2386D8DA8910157FDE0901C7A10"
Last-Modified: Fri, 13 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Sat, 14 Jan 2023 17:28:43 GMT
Date: Sat, 14 Jan 2023 11:29:01 GMT
Connection: keep-alive
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
13.227.254.64200 OK 902 kB URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP 13.227.254.64:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 902313
last-modified: Thu, 15 Dec 2022 02:17:25 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 14 Jan 2023 05:01:49 GMT
etag: "8b4a95ea7cfbb7fb4d2b18efca5145f3"
x-cache: Hit from cloudfront
via: 1.1 c2e4ac979e01c116ae8349b7d6d1489a.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: PDftEP1wR4KphQDRv6GukFEMKiUvAydiPmK_du54WHNledIM84GAHA==
age: 23232
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1211090324&si=35de381cc0c648645971ed1374c15f1f&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62895&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1211090324&si=35de381cc0c648645971ed1374c15f1f&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62895&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1211090324&si=35de381cc0c648645971ed1374c15f1f&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62895&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 14 Jan 2023 11:29:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A84BED73A7261899; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?b6267909077517b271f24efcf233727e
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?b6267909077517b271f24efcf233727e
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash c4473cf2dc5e415c8f26feb6c71baad6
5a4005c4346cb9158641eb9842bafd61e0c73e9f
592d70b2e5797e82b982ffcd1bcbd5851e506954f68106a67c4cdd885c5cfb77
GET /hm.js?b6267909077517b271f24efcf233727e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Sat, 14 Jan 2023 11:29:01 GMT
Etag: ead692dc74327df3a5926bf836779b38
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=DAA7871EF5FD7D26; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
kzett.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
13.227.254.117200 OK 393 kB URL HTTP/2 kzett.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
IP 13.227.254.117:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 393 kB (393378 bytes)
Hash a930de5ec6e818c397927d0c8e288eb4
5740c07c68ec2828cf3544a76afa1755077a6f57
e5a218bd1dc9bc6410f36069969a1c36a3f34f0d42079c4bd02ec8c19421bee0
GET /65e7e65f41ad1c2cb20bb39e08e6b041.gif HTTP/1.1
Host: kzett.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 393378
last-modified: Tue, 03 Jan 2023 03:28:21 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 13 Jan 2023 15:05:26 GMT
etag: "a930de5ec6e818c397927d0c8e288eb4"
x-cache: Hit from cloudfront
via: 1.1 8c73194b247676a80d86714cba2447a4.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: YyrA5256OjJ_Vmr_eda7f_X_qhe9F8-95kGL2rPF0r74hW1zFc6JOQ==
age: 73415
X-Firefox-Spdy: h2
kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
13.227.254.86200 OK 919 kB URL HTTP/2 kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP 13.227.254.86:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 919 kB (918679 bytes)
Hash 956582dd3aa22ca9b19bdd1d5e091e24
c2d80e05f59981f6ed58a8231f502bd990894d6b
88e686882e64a0e199c79bd83b7102885b67242b5d0b49a1f37674c0bb3ddd8e
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kzerr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 918679
last-modified: Mon, 19 Dec 2022 07:54:21 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 13 Jan 2023 12:17:05 GMT
etag: "956582dd3aa22ca9b19bdd1d5e091e24"
x-cache: Hit from cloudfront
via: 1.1 ffa0d2acb6ab662531e95cf2a187fa40.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: FKTmeEjvg-JSl2agqhKnoPDc1EN3iaPjm2t-QH50yzzJ0sGkwMyHEg==
age: 83517
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?907c53db77eb917e697c6a2d35a42159
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?907c53db77eb917e697c6a2d35a42159
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (624)
Hash 9ebb02c4f7b5094666620bfffb43f95e
ea05ec7002107c683bad9ae4b339901a3d08a13a
b621f77821621f987b130f1d441c307968e2e2f070506a28dd889caa466813f1
GET /hm.js?907c53db77eb917e697c6a2d35a42159 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sat, 14 Jan 2023 11:29:01 GMT
Etag: 032553199f9c1d163cfb22536806fac8
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5805178AFD869734; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
xinchacha2dv.ocsp-certum.com/
95.101.10.193200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 0c55aab870e51d37ed3ea9d47737da37
51032778498545786f3c571449bc5834969c4081
e3dd2694eaa1654640ee6b84db99518891e255ad9901f573ed7df806339b05ac
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
X-N: S
kuyabq119.top/template/m1938pc/ads/meigaomei.gif
122.10.10.136200 OK 671 kB URL HTTP/1.1 kuyabq119.top/template/m1938pc/ads/meigaomei.gif
IP 122.10.10.136:0
ASN #134548 DXTL Tseung Kwan O Service
File type GIF image data, version 89a, 960 x 60\012- data
Size 671 kB (671196 bytes)
Hash 38d591e68e8d0ed4e8df4a32805d31be
8589e0abcdd2dacc4de614431a19721303b885f1
692fe8bc9a984f0bb9567eaf689e2d27ac88f04ec57a8385b2f2130ddc432d29
GET /template/m1938pc/ads/meigaomei.gif HTTP/1.1
Host: kuyabq119.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kuyabq119.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 11:29:00 GMT
Content-Type: image/gif
Content-Length: 671196
Last-Modified: Mon, 26 Dec 2022 11:30:05 GMT
Connection: keep-alive
ETag: "63a985bd-a3ddc"
Expires: Mon, 13 Feb 2023 11:29:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xinchacha2dv.ocsp-certum.com/
95.101.10.193200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 0c55aab870e51d37ed3ea9d47737da37
51032778498545786f3c571449bc5834969c4081
e3dd2694eaa1654640ee6b84db99518891e255ad9901f573ed7df806339b05ac
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
X-N: S
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2df3824f85bfc3af747dcee20c00e153
03b5f41e1b9fd831bc1d31869cb5a3cc41f45620
b5c1d10514b6b95fdd3afc120b69e633d85ddd0d6d6cf16cc2ff77d60540d1e8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5C1D10514B6B95FDD3AFC120B69E633D85DDD0D6D6CF16CC2FF77D60540D1E8"
Last-Modified: Fri, 13 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Sat, 14 Jan 2023 17:28:30 GMT
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash ceaf4e1b1b06e24773c46a013c03cfff
fa72c67c32c4655387d7969443f7d60eed337340
96dde0004ea985a5383095eb4bee03edd074239a18ecdf1173ebce7915365d94
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: MISS
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=896
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
X-N: S
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=891064095&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=891064095&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=891064095&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 14 Jan 2023 11:29:02 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=ED92E5043D9F6CD1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 791262ab8f686005015c6116c8d880f9
3ffd3b22797a5f6a287c34485b4a8a7e12418f87
06baab58b8e262b29ab4708fb6a8a946f5bc8b3f6c3beba822406541d7d72ae9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06BAAB58B8E262B29AB4708FB6A8A946F5BC8B3F6C3BEBA822406541D7D72AE9"
Last-Modified: Sat, 14 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 14 Jan 2023 17:29:02 GMT
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1397036197&si=907c53db77eb917e697c6a2d35a42159&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1397036197&si=907c53db77eb917e697c6a2d35a42159&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1397036197&si=907c53db77eb917e697c6a2d35a42159&su=http%3A%2F%2Fwww.225km.com%2F&v=1.3.0&lv=1&sn=62896&r=0&ww=1268&u=http%3A%2F%2Fkuyabq119.top%2F&tt=%E4%B9%85%E4%B9%85%E7%BD%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 14 Jan 2023 11:29:02 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F4452672AFB10D8A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dee8bf5ae0cda3d1201b8eda22256b4b
0b01a5dde498cd232a58033bd76937a251ba87b4
75c473718fcabe972eded0274e6ba18fb47f8a958b2a550bbd3c4c903f2aaa61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75C473718FCABE972EDED0274E6BA18FB47F8A958B2A550BBD3C4C903F2AAA61"
Last-Modified: Fri, 13 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18019
Expires: Sat, 14 Jan 2023 16:29:21 GMT
Date: Sat, 14 Jan 2023 11:29:02 GMT
Connection: keep-alive
8499221.com/8499/320x185.gif
172.247.109.214200 OK 189 kB URL HTTP/2 8499221.com/8499/320x185.gif
IP 172.247.109.214:0
File type GIF image data, version 89a, 320 x 185\012- data
Size 189 kB (188752 bytes)
Hash b509f2dc9b21ae7425713b0313a9e0ae
f8d9ab2e41c442872a8193cdefbfd24972c25d49
9ca2b0643406090c29973b82953032ca7f0027b0ae2d871e5de77e89ce2f1c21
GET /8499/320x185.gif HTTP/1.1
Host: 8499221.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 11:29:02 GMT
content-type: image/gif
content-length: 188752
last-modified: Wed, 28 Dec 2022 08:15:26 GMT
etag: "2e150-5f0def882b185"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8b1acb1cdf4d6469b0b9aae9667d5ef1
a0bef4099d59aa3ba0fc554ff16a364938c0ed09
4d202eca3601cca5bdd36d227109eed0f778cc3bbdd61b247eaf980fff1bdbc1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:02 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 11 Jan 2023 15:27:12 GMT
Expires: Wed, 18 Jan 2023 15:27:11 GMT
Etag: "a0bef4099d59aa3ba0fc554ff16a364938c0ed09"
Cache-Control: max-age=359288,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 789608172e58b518-OSL
lc.ezfxpuo.cn/gg/960x120-2.gif
218.66.171.192200 OK 217 kB URL HTTP/2 lc.ezfxpuo.cn/gg/960x120-2.gif
IP 218.66.171.192:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 217 kB (217136 bytes)
Hash 6ebdbf3cf0e36bc52170fc96d24ca694
b2276ae9fbb42e5de246232eeac1750ab781ffec
7c244c47c7c3c579c18595af820f67e580e33afcf32240832c6e202270b57994
GET /gg/960x120-2.gif HTTP/1.1
Host: lc.ezfxpuo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: NgxFence
date: Sat, 14 Jan 2023 11:29:02 GMT
content-type: image/gif
content-length: 217136
x-oss-request-id: 63A4A4FC1F856337391224CB
etag: "6EBDBF3CF0E36BC52170FC96D24CA694"
last-modified: Sat, 02 Jul 2022 01:53:26 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 210259037520302579
x-oss-storage-class: Standard
content-md5: br2/PPDja8UhcPyW0kymlA==
x-oss-server-time: 1
x-cache: HIT
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2
qp.ezfxpuo.cn/300x250.gif
218.66.171.78200 OK 158 kB URL HTTP/2 qp.ezfxpuo.cn/300x250.gif
IP 218.66.171.78:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 158 kB (157769 bytes)
Hash acdc62fea37fc13909e00e26ec730616
d3faf5daf8632482a2e75358696b417736e63b76
1e789e44315008799ae67b1a14e09a1d1900e852b579d57a6a2cbaa63094d3e9
GET /300x250.gif HTTP/1.1
Host: qp.ezfxpuo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: NgxFence
date: Sat, 14 Jan 2023 11:29:02 GMT
content-type: image/gif
content-length: 157769
x-oss-request-id: 63A4A4FCDA8A7932391F812B
etag: "ACDC62FEA37FC13909E00E26EC730616"
last-modified: Mon, 03 Oct 2022 10:13:11 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2276169507902994919
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: rNxi/qN/wTkJ4A4m7HMGFg==
x-oss-server-time: 56
x-cache: HIT
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2
ky.lvcfgus.cn/960X60.gif
218.66.171.198200 OK 254 kB IP 218.66.171.198:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 254 kB (253519 bytes)
Hash f744e995971941b6a95fcd2636f5a545
ac9c1230e04eab9e31512d2afe440fe5f0367dc5
59b1a138fa72df587e61916179965cbd819f91aec53ce6ab606949a7e06b3063
GET /960X60.gif HTTP/1.1
Host: ky.lvcfgus.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: NgxFence
date: Sat, 14 Jan 2023 11:29:02 GMT
content-type: image/gif
content-length: 253519
x-oss-request-id: 63A4A4F122AAFC3439A9E542
etag: "F744E995971941B6A95FCD2636F5A545"
last-modified: Tue, 29 Nov 2022 08:27:54 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17987192695826819902
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 90TplZcZQbapX80mNvWlRQ==
x-oss-server-time: 1
x-cache: HIT
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2
88883aaa.com/d5fccf5f1d6046b28ccae6f509cc6f61.gif
45.61.212.52200 OK 566 kB URL HTTP/1.1 88883aaa.com/d5fccf5f1d6046b28ccae6f509cc6f61.gif
IP 45.61.212.52:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 566 kB (565668 bytes)
Hash 7faaf25b3ed4ab8031e869603846de73
6ff1d7fdc43329a1b4b9d0091c71d60bc3337516
96bf2f7ea23e8e832c4a4504ffb1443b36da12f6759b67bef896f1b72c236439
GET /d5fccf5f1d6046b28ccae6f509cc6f61.gif HTTP/1.1
Host: 88883aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63a42dd2-8a1a4"
Date: Thu, 22 Dec 2022 20:32:41 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 22 Dec 2022 10:13:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-22
Content-Length: 565668
www.xmaadebabsddxs.com/new/logo/1.gif
20.187.75.50200 OK 332 kB URL HTTP/1.1 www.xmaadebabsddxs.com/new/logo/1.gif
IP 20.187.75.50:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 200 x 200\012- data
Size 332 kB (332214 bytes)
Hash 71df98e6d8dd1d6925402fae60190946
ab970b7f32e40a759c98fa6f8aa80fea8135659e
8ab04ea9eccb6c43cbd7b55f28566cfd2b691f995705be926b809fd1dc5da4fc
GET /new/logo/1.gif HTTP/1.1
Host: www.xmaadebabsddxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:02 GMT
Content-Type: image/gif
Content-Length: 332214
Connection: keep-alive
Last-Modified: Thu, 07 Jul 2022 06:50:05 GMT
ETag: "62c6821d-511b6"
Accept-Ranges: bytes
Server: cdn
X-Cache-Status: MISS
ldbbs.ldmnq.com/bbs/topic/images/2022-12/6f0dd539-c567-4d6f-9643-256c5a357277.gif
120.52.95.239200 OK 924 kB URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/6f0dd539-c567-4d6f-9643-256c5a357277.gif
IP 120.52.95.239:0
ASN #133119 China Unicom IP network
File type GIF image data, version 89a, 620 x 250\012- data
Size 924 kB (923609 bytes)
Hash 215e3108b0b5d58a2649146c1b07bd2a
eb53fd999b589db24f9978af8b4a6fa4689adfe2
f05c966ece6496fe400a5bce5f0eec6a3ff6c0076d861c4e6fe240fb33b0a9d1
GET /bbs/topic/images/2022-12/6f0dd539-c567-4d6f-9643-256c5a357277.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:02 GMT
Content-Type: image/gif
Content-Length: 923609
Connection: keep-alive
Server: openresty
Age: 2075111
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "215e3108b0b5d58a2649146c1b07bd2a"
Last-Modified: Wed, 21 Dec 2022 11:03:30 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HElangfang-AREACUCC1-CACHE27[6],CHN-HElangfang-AREACUCC1-CACHE26[0,TCP_HIT,3],CHN-TJ-GLOBAL1-CACHE51[153],CHN-TJ-GLOBAL1-CACHE37[147,TCP_MISS,151]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS3V4Yuj2dtD/qEPCgVU/YmcsGGW5cs2
x-amz-request-id: 00000185345A99FD940C870B875C3118
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes
ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif
120.52.95.239200 OK 1.1 MB URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif
IP 120.52.95.239:0
ASN #133119 China Unicom IP network
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.1 MB (1082384 bytes)
Hash a2513b4510f6797c4cbe4012fc79c64c
41f15aa49c66eed88a541224dedda5d215f9e7ef
16e775f7ac1e0368c216cdcf70bc3d56d7d952d7653898dbb8093efcd712cc71
GET /bbs/topic/images/2022-12/8a42cd46-12a9-46a4-8563-ee14a925192c.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kuyabq119.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 11:29:02 GMT
Content-Type: image/gif
Content-Length: 1082384
Connection: keep-alive
Server: openresty
Age: 2090951
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "a2513b4510f6797c4cbe4012fc79c64c"
Last-Modified: Wed, 21 Dec 2022 06:06:41 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HElangfang-AREACUCC1-CACHE34[3],CHN-HElangfang-AREACUCC1-CACHE30[0,TCP_HIT,2],CHN-TJ-GLOBAL1-CACHE54[16],CHN-TJ-GLOBAL1-CACHE30[0,TCP_HIT,13]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSFhv2Sr1BDL3xCdwQqA6DE4Gw8YvJHp
x-amz-request-id: 00000185334A8E1F900DAF7A4A1D6950
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes