r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9527
Expires: Tue, 27 Sep 2022 17:54:29 GMT
Date: Tue, 27 Sep 2022 15:15:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 15:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sMrsuEYrX7A99J_NB5Wqw4YFjrG3MAdHkxhJmrILkdyczztuxXtWAg==
Age: 12
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: X4lIxsp-UJKvLqfcMVkmySINAwnwAykqElTXOQFMkJT4IJDUrXqNuw==
age: 21089
X-Firefox-Spdy: h2
12bet1.com/
301 Moved Permanently 0 B IP
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 12bet1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 27 Sep 2022 15:15:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.12bet1.com/index.php
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 15:15:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 27 Sep 2022 15:10:46 GMT
Expires: Tue, 27 Sep 2022 16:02:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OP-tAn8es8h57G8gxDj8dVMC7NR-pzlbKZgnPKpefev6znVxvtovXg==
Age: 297
www.12bet1.com/index.php
200 OK 514 B IP
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (580), with CRLF line terminators
Hash d17a52fe6f15d3dd6dee226ffe636dc6
74e0ee67be444c0b44ce332ac800a44e0e302ac3
b62558804ae01e6344f5644b9f5d899d4a73fe301a6c7ba59485b609e21cafa7
GET /index.php HTTP/1.1
Host: www.12bet1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:15:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4029
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:43 GMT
Last-Modified: Tue, 27 Sep 2022 14:08:34 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
www.12bet1.com/common.js
200 OK 352 B IP
ASN #398823 PEGTECHINC-AP-02
File type HTML document, ISO-8859 text, with CRLF line terminators
Hash 55e6445b4ca93fa1730ae6011d237dcf
328a4dbbd9f66cdce553edd77e7c2ad87ebc90ca
eb1a7e790e1e871b098a6ac07da1f672a8914bb8952f2493252ca9f39fd45f8a
GET /common.js HTTP/1.1
Host: www.12bet1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.12bet1.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:15:33 GMT
Content-Type: application/x-javascript
Content-Length: 352
Connection: keep-alive
www.12bet1.com/tj.js
200 OK 212 B IP
ASN #398823 PEGTECHINC-AP-02
File type HTML document, ASCII text, with CRLF line terminators
Hash 72ab465492591f393467c12533ad898f
18c5dbee7dca865b090b15284367d8f63ae2a983
ab2cef7254cdcbac8b7351f69a3672894ea048d787d7a68cb51fb87fdeeaae3f
GET /tj.js HTTP/1.1
Host: www.12bet1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.12bet1.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:15:33 GMT
Content-Type: application/x-javascript
Content-Length: 212
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: N2uzaaAZ0xUHhp4XB7pKyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wT1gWqw/f0jk0K54aUkpDn+TUqM=
104.233.169.232/zhong/zhuan.js
200 OK 561 B URL HTTP/1.1 104.233.169.232/zhong/zhuan.js
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document, ASCII text, with very long lines (357), with CRLF line terminators
Hash d55f858620a7c55fe42212cf0fd3b7f6
88e0a6a07d09bc5110b5b974848cc0f63b626785
17d79df94fae0c45aa7c68676cf9026e3d9c0cc5a50cf4ec9c905bc21b8ac579
Analyzer Verdict Alert fortinet Phishing
GET /zhong/zhuan.js HTTP/1.1
Host: 104.233.169.232
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.12bet1.com/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:13 GMT
Content-Type: application/javascript
Last-Modified: Wed, 21 Sep 2022 03:17:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632a8241-526"
Expires: Wed, 28 Sep 2022 03:23:13 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13593
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 15:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13593
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 15:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13593
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 15:15:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 347dca206e13a3b13953f0ab398310b4
be60bbc96c832ae385cc9ae5828bd32703011b21
f6da888a54a0c6c73466f2c2a72dd875514a39d81b760a6b0116b4dd56ef31dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10211
x-amzn-requestid: 3ea4ac84-2465-4bd1-8ade-863de3c9576e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfSuGoQoAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145aa-7843b82728ead9a053c689d1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MMrek5LO9ukZjB6VV-5McuE_maDzwTOihucz0kwxuaTJMNOpTchoJA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:52:00 GMT
age: 62625
etag: "be60bbc96c832ae385cc9ae5828bd32703011b21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:42:47 GMT
age: 63178
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:25:52 GMT
age: 49793
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vx-yM_jeJvOaa1UizK5OoDJFkvKnajg2ezLF2l2qnN_OhdTE6I4taQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:05:55 GMT
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
age: 50990
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91d97447a6a35813e57d942f685544c4
3b660de9902fbfcf2efb477f40480b08545ebc5f
08c1ea19c4918273da12c9a2e962edf4463c486a30f60c8a279a45e5edcf972a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11881
x-amzn-requestid: 4562e550-9c0f-407b-be2a-3c5d8901d444
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2apSEPuIAMF5TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c0b08-5c5f052f146d25a7190412d1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:13:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EAiLlHN2h6EPX0idrlQG4TIyGBMt_In0_Tpy79foal99j4xoRasO-A==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:23:49 GMT
age: 60716
etag: "3b660de9902fbfcf2efb477f40480b08545ebc5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:49:18 GMT
age: 62787
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
104.233.169.232/zhong/zhuan.html
200 OK 740 B URL HTTP/1.1 104.233.169.232/zhong/zhuan.html
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 4fe8481f455e0115518ad93ff4d7c482
06ab2878dfb8484ab6ad978e61bc35fbaa0e1b85
a62731d7dcc40bc147fea3282556d7f46272b5e315f00193d6e74297ffaa12d3
Analyzer Verdict Alert fortinet Phishing
GET /zhong/zhuan.html HTTP/1.1
Host: 104.233.169.232
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.12bet1.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:14 GMT
Content-Type: text/html
Content-Length: 740
Last-Modified: Wed, 21 Sep 2022 17:08:53 GMT
Connection: keep-alive
ETag: "632b4525-2e4"
Accept-Ranges: bytes
104.233.169.231/tj/21269951.js
200 OK 2.4 kB URL HTTP/1.1 104.233.169.231/tj/21269951.js
IP
ASN #398993 PEGTECHINC-AP-03
File type ASCII text, with very long lines (4898), with CRLF line terminators
Hash 2521db691f1637ccbd59effdd2626c1a
935514e87be55ad25edfa06088fc6e28e965fef0
a85cb258c6e5cf8e0f5abd5678baf031be8991c86be0f9d847b721048fdf50e7
GET /tj/21269951.js HTTP/1.1
Host: 104.233.169.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.233.169.232/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:15 GMT
Content-Type: application/javascript
Last-Modified: Tue, 07 Jun 2022 10:32:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"629f294f-1324"
Expires: Wed, 28 Sep 2022 03:23:15 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.232/favicon.ico
404 Not Found 146 B URL HTTP/1.1 104.233.169.232/favicon.ico
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: 104.233.169.232
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.233.169.232/zhong/zhuan.html
Cookie: __tins__21269951=%7B%22sid%22%3A%201664291743739%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201664293543739%7D; __51cke__=; __51laig__=1
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 27 Sep 2022 15:23:16 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
ia.51.la/go1?id=21269951&rt=1664291743739&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1664291743739&tt=&kw=&cu=http%253A%252F%252F104.233.169.232%252Fzhong%252Fzhuan.html&pu=http%253A%252F%252Fwww.12bet1.com%252F
200 0 B URL HTTP/1.1 ia.51.la/go1?id=21269951&rt=1664291743739&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1664291743739&tt=&kw=&cu=http%253A%252F%252F104.233.169.232%252Fzhong%252Fzhuan.html&pu=http%253A%252F%252Fwww.12bet1.com%252F
IP
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21269951&rt=1664291743739&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1664291743739&tt=&kw=&cu=http%253A%252F%252F104.233.169.232%252Fzhong%252Fzhuan.html&pu=http%253A%252F%252Fwww.12bet1.com%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.233.169.232/
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 27 Sep 2022 15:15:46 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=6024ef314b64f4c9d40; path=/
HWWAFSESTIME=1664291742046; path=/
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/0.18934960284283275
404 Not Found 146 B URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/0.18934960284283275
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /0.18934960284283275 HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.233.169.232/
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 27 Sep 2022 15:23:17 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
200 OK 6.0 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (402), with CRLF, LF line terminators
Hash adab6d125e0e267275413e0767e6beee
d9bd6194680181b53484b143df7b9e3adfa99124
deca383f5d5f9ce4a9d85873b747ff895bfa212a8792c77dc632d545c43e71ef
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.233.169.232/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/html;Charset=utf-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/swiper.min.css
200 OK 3.3 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/swiper.min.css
IP
ASN #398993 PEGTECHINC-AP-03
File type Unicode text, UTF-8 (with BOM) text, with very long lines (17459)
Hash 3b0f19c6e3d95b50787117fc26d47c7f
33799bc7c5f9ebda4adde8d59116a87fc2cce23f
39c608aa9656788524e36287f3a9e0070085695a439e4081a5bfd48c3b6f83b3
GET /template/m1938pc/static/css/swiper.min.css HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/css
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f8af40a-4562"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/mm-content.css
200 OK 1.2 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/mm-content.css
IP
ASN #398993 PEGTECHINC-AP-03
File type Unicode text, UTF-8 (with BOM) text, with very long lines (5801), with no line terminators
Hash 76ecc7f14395c9c245ab4680a1e91a9b
da43895dfbca7e765fc48074bd1a99f3f99e7b2f
558517b1de50b57098f465778566a5bb4eb3a92c479f184a48718ed35c128d29
GET /template/m1938pc/static/css/mm-content.css HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/css
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f8af40a-16ac"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.229/D2JS/XBHF.js
200 OK 0 B URL HTTP/1.1 104.233.169.229/D2JS/XBHF.js
IP
ASN #398993 PEGTECHINC-AP-03
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /D2JS/XBHF.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Tue, 07 Jun 2022 10:27:45 GMT
Connection: keep-alive
ETag: "629f2821-0"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/white.css
200 OK 2.7 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/white.css
IP
ASN #398993 PEGTECHINC-AP-03
File type Unicode text, UTF-8 (with BOM) text, with very long lines (9686), with no line terminators
Hash 7933fc27d8caee0d754ebcca26d86cb6
34ead7c5764c131aa9af3beb44896ee6d93db737
03ca7265c6cbf65cef4f6543008c3e3c640b07fc91e0995ace574747090dded8
GET /template/m1938pc/static/css/white.css HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/css
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f8af40a-25d9"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/style.css
200 OK 13 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/style.css
IP
ASN #398993 PEGTECHINC-AP-03
File type Unicode text, UTF-8 (with BOM) text, with very long lines (53899), with no line terminators
Hash 179ebf48e5746ee1df49578f05194670
ddcdbcbe2daa27cc94fa87870bec511433c2d7ed
584ed5e23c331bb276c8de16e8cbdd07d1792bd95d17e7f45cea7e50a7c0d53e
GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/css
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f8af40a-d28f"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.229/D2JS/SBHF.js
200 OK 1.1 kB URL HTTP/1.1 104.233.169.229/D2JS/SBHF.js
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash afb07a10327f9a1f6cdf60bb13664b29
8dcf361356291fd086437c446ca91eb1e472878d
499c9d41ef0b83039681c548ce270c2ca367cc317d71445e874de6a69a7056d9
GET /D2JS/SBHF.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 27 Sep 2022 10:52:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332d5e5-13ec"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.229/D2JS/zhumi.js
200 OK 87 B URL HTTP/1.1 104.233.169.229/D2JS/zhumi.js
IP
ASN #398993 PEGTECHINC-AP-03
Hash f00397de93cc4037468768adbdf9e0ec
c6ea69c4a61ac735b1584bcddafece64221e6455
b35af84129b1a8b9a0158ee60e291bcf53da29a364009e9a0cdf06237161a76b
GET /D2JS/zhumi.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Content-Length: 87
Last-Modified: Tue, 07 Jun 2022 10:46:09 GMT
Connection: keep-alive
ETag: "629f2c71-57"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
104.233.169.229/D2JS/ZBHF.js
200 OK 477 B URL HTTP/1.1 104.233.169.229/D2JS/ZBHF.js
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 69d9691c7eac3a4533ab58dd35e5fa1e
1bbab64f097850824aeb6ff2ada11fc12054a59e
de04312ec8e5eefece38d8891ecbe05cd13f172062afd53e2c0ac5d6b0f7c328
GET /D2JS/ZBHF.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 27 Sep 2022 10:52:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332d5f1-5ac"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/bootstrap.min.css
200 OK 27 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/bootstrap.min.css
IP
ASN #398993 PEGTECHINC-AP-03
File type Unicode text, UTF-8 (with BOM) text, with very long lines (493)
Hash 009318d8ae281e66da9d7eaf20de9350
5598f58336a95bd4208b7ebddeb204d43865a70e
80683f9d898f82ebd9b8335a25cf57e68b84c836c4765a42c7bc17b43bea16e2
GET /template/m1938pc/static/css/bootstrap.min.css HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: text/css
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f8af40a-2212e"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.229/D2JS/DH.js
200 OK 949 B URL HTTP/1.1 104.233.169.229/D2JS/DH.js
IP
ASN #398993 PEGTECHINC-AP-03
File type HTML document, Unicode text, UTF-8 text
Hash 583fd472de73127cb2013915283531bd
fb7a88118a5ab79b544dbf3611f3a578f4436674
55fc2a0e9011e0c670893344820bc7a36afdcc66eb65a1fc9533c0af45e9c40e
GET /D2JS/DH.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 16 Sep 2022 16:04:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63249e96-177c"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
104.233.169.229/D2JS/lm.js
200 OK 0 B URL HTTP/1.1 104.233.169.229/D2JS/lm.js
IP
ASN #398993 PEGTECHINC-AP-03
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /D2JS/lm.js HTTP/1.1
Host: 104.233.169.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Tue, 07 Jun 2022 10:27:53 GMT
Connection: keep-alive
ETag: "629f2829-0"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
104.233.169.231/tj/21269939.js
200 OK 2.4 kB URL HTTP/1.1 104.233.169.231/tj/21269939.js
IP
ASN #398993 PEGTECHINC-AP-03
File type ASCII text, with very long lines (4898), with CRLF line terminators
Hash a1904484812be0e37d4e70cc37389c03
e08343ccd5a20be1a5ded08417f948cd5c70e57b
db95dd4837a4235658e81512d48586be2f352ff41e651ff494d09341f81a9008
GET /tj/21269939.js HTTP/1.1
Host: 104.233.169.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 07 Jun 2022 10:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"629f2935-1324"
Expires: Wed, 28 Sep 2022 03:23:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 53be7a412e9256cd4e034dd7e69a5422
275b687b42a003ec3252f923685186134c7b6148
85a237c5d76398a1579894268833f65483c3bd4b68f5906d62533d7862d6d5cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85A237C5D76398A1579894268833F65483C3BD4B68F5906D62533D7862D6D5CB"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1603
Expires: Tue, 27 Sep 2022 15:42:32 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 53be7a412e9256cd4e034dd7e69a5422
275b687b42a003ec3252f923685186134c7b6148
85a237c5d76398a1579894268833f65483c3bd4b68f5906d62533d7862d6d5cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85A237C5D76398A1579894268833F65483C3BD4B68F5906D62533D7862D6D5CB"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1603
Expires: Tue, 27 Sep 2022 15:42:32 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 53be7a412e9256cd4e034dd7e69a5422
275b687b42a003ec3252f923685186134c7b6148
85a237c5d76398a1579894268833f65483c3bd4b68f5906d62533d7862d6d5cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85A237C5D76398A1579894268833F65483C3BD4B68F5906D62533D7862D6D5CB"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1603
Expires: Tue, 27 Sep 2022 15:42:32 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 53be7a412e9256cd4e034dd7e69a5422
275b687b42a003ec3252f923685186134c7b6148
85a237c5d76398a1579894268833f65483c3bd4b68f5906d62533d7862d6d5cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85A237C5D76398A1579894268833F65483C3BD4B68F5906D62533D7862D6D5CB"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1603
Expires: Tue, 27 Sep 2022 15:42:32 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
ddcdn.pic-726-baidu.com/uptu/20220923/62vT5SXm/1.jpg
200 OK 6.5 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/62vT5SXm/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 778c624eeb12426a21bb61e6cc6d99c3
82ce809c2210a58340fab1937668ed855db3cdba
de6ab84cb5a0b5ef19a752419d4c6a04c7ee63019886f32136b6afdd23764c3e
GET /uptu/20220923/62vT5SXm/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 6482
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8780
content-disposition: inline; filename="1.webp"
etag: "632f1334-224c"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:52 GMT
vary: Accept
cf-cache-status: HIT
age: 62945
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326ae9feb506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/5Nh0ksty/1.jpg
200 OK 5.3 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/5Nh0ksty/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8bd09a0e2b0a19f77971222a5ce906f7
9e321ef3111b726d98f83ba8dc04e3d077002601
f57d796c96db28300c38dca93a61e8b29298a346e6bbec2a99e5d439b0fe9df3
GET /uptu/20220923/5Nh0ksty/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 5264
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7154
content-disposition: inline; filename="1.webp"
etag: "632f1333-1bf2"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:51 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326aea00b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/KcKNSsCt/1.jpg
200 OK 10 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/KcKNSsCt/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a16124d88967ce9488663e7628a641a1
4d7570fbd212de805f4b6932b36d8272ae20c19f
6b67345b78627ab02aaf475c003013c79d52b9abdbfce1d8bb4612e5fe3b7b13
GET /uptu/20220923/KcKNSsCt/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 10092
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10885
content-disposition: inline; filename="1.webp"
etag: "632f1336-2a85"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:54 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326aea02b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/VShDrdNH/1.jpg
200 OK 7.8 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/VShDrdNH/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bba53f6a22d753c7b2a3c6db1663b33e
0c68c6a0a1394677642500deca441080a7fd8327
ae16d405e9d3fdf8351d13c7f78274f87b067ecea25ef4152339c93505d9ff55
GET /uptu/20220923/VShDrdNH/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 7798
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8913
content-disposition: inline; filename="1.webp"
etag: "632f1339-22d1"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:57 GMT
vary: Accept
cf-cache-status: HIT
age: 62945
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa07b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/ScAYPiuE/1.jpg
200 OK 6.4 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/ScAYPiuE/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2c823cb3768054b462677e97c1105ff8
421a944d5139ced5d178d303ce0233bc009582c1
8db9d16eeed888dbecab11d2110a71290b28b4068de97d56d80466bc17d94f8d
GET /uptu/20220923/ScAYPiuE/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 6424
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7792
content-disposition: inline; filename="1.webp"
etag: "632f1338-1e70"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:56 GMT
vary: Accept
cf-cache-status: HIT
age: 62945
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa08b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/oO6CwRAv/1.jpg
200 OK 4.4 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/oO6CwRAv/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8e90f05c1287868fb92d68253c377942
ac0091b0d142df1bb32932f16a029ac108d3597a
46bf06a52b4f7caf961e8c3ed21dfabca84a9c5abb1e978cf54e0f05ab561143
GET /uptu/20220923/oO6CwRAv/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 4404
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6628
content-disposition: inline; filename="1.webp"
etag: "632f1337-19e4"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:55 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa16b506-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 53be7a412e9256cd4e034dd7e69a5422
275b687b42a003ec3252f923685186134c7b6148
85a237c5d76398a1579894268833f65483c3bd4b68f5906d62533d7862d6d5cb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "85A237C5D76398A1579894268833F65483C3BD4B68F5906D62533D7862D6D5CB"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1603
Expires: Tue, 27 Sep 2022 15:42:32 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
ddcdn.pic-726-baidu.com/uptu/20220923/wj16dzaF/1.jpg
200 OK 6.8 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/wj16dzaF/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash aff748f59f402f5f737c670acce8109d
226f34b951306785d76903318bc67ae01472736c
7eac4791f25626dc50fdd35c2972626ee95f9a6e7a8f054db9a4b8fe83c90577
GET /uptu/20220923/wj16dzaF/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 6806
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9109
content-disposition: inline; filename="1.webp"
etag: "632f1339-2395"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:57 GMT
vary: Accept
cf-cache-status: HIT
age: 62945
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326aea04b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/NlJmfMma/1.jpg
200 OK 8.8 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/NlJmfMma/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ec891cd0f858451975f6a6354ceb22be
7a3f4ef1eecb380b87c6dd0805afb15bea46e83d
832458efcc7056e782a3255781f517549d29681adde0fca0a6c15084b4d87df2
GET /uptu/20220923/NlJmfMma/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 8750
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9409
content-disposition: inline; filename="1.webp"
etag: "632f1337-24c1"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:55 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa12b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/x8ePgDOo/1.jpg
200 OK 8.5 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/x8ePgDOo/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 16ee68249965cc2aed02e3280a9aab52
18e0d5e5b018c2e394619b154dce9b17438a9d60
0c8a1e4b30502c368bb73109ed92d439aa3d52cd08f19e2cc99018807e832473
GET /uptu/20220923/x8ePgDOo/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 8534
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9589
content-disposition: inline; filename="1.webp"
etag: "632f1339-2575"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:57 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa1ab506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/k3dwowaL/1.jpg
200 OK 6.5 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/k3dwowaL/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash aa036e01868e379e5fb07d76feaec152
ec9cbaac517638d6a1a6850fca468cbd802be2f2
259e2c117a5ca7039b9c20c4f01cb5aeef933c2938ceb19b874b7196d4b784a9
GET /uptu/20220923/k3dwowaL/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 6456
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7760
content-disposition: inline; filename="1.webp"
etag: "632f1336-1e50"
expires: Wed, 26 Oct 2022 21:46:44 GMT
last-modified: Sat, 24 Sep 2022 14:24:54 GMT
vary: Accept
cf-cache-status: HIT
age: 62944
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326afa1cb506-OSL
X-Firefox-Spdy: h2
chuantu.xyz/t6/742/1664196537x2728309756.gif
200 OK 143 kB URL HTTP/1.1 chuantu.xyz/t6/742/1664196537x2728309756.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 143 kB (142771 bytes)
Hash 50e1ecc2ba3db0fcf6b081ba3a499ca2
e89fc9c43132ff33900430842817bd1455533b46
7571359d9da05ec6286c8846ff10f0cda1ed6da94bd7af990b03d427bd66b218
GET /t6/742/1664196537x2728309756.gif HTTP/1.1
Host: chuantu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 15:15:49 GMT
Content-Type: image/gif
Content-Length: 142771
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:57 GMT
ETag: "22db3-5e993f36ec9b7"
Cache-Control: max-age=43200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=miLZiejaRWsN6oqicWVYJRx7GTmBU2JXFe5PInVOMIpsTrF4XgmV3Z%2B6m1mdt1Ab9LeYUdVFR7MfeWk0GbBDrK79Tydn4dCZIjZGPnjphGdggtq0au3ijwNjMfkk6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75153268daf00b51-OSL
alt-svc: h2=":443"; ma=60
sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff
200 OK 13 kB URL HTTP/1.1 sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff
IP
ASN #398993 PEGTECHINC-AP-03
File type Web Open Font Format, TrueType, length 13408, version 1.0\012- data
Hash 99af6debcdaba3e7ffe01b4c3cbccacb
4efda64b06cd7c294f6214623bcb634f3def3bd1
1106aebd6819da7203324abc443186658c8f54180a460ccc5b83553c5ce34f72
Analyzer Verdict Alert fortinet Phishing
GET /template/m1938pc/static/fonts/font_593233_jsu8tlct5shpk3xr.woff HTTP/1.1
Host: sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/template/m1938pc/static/css/style.css
Cookie: PHPSESSID=8ingqff3p9oug4oic3btrb7hr4; __tins__21269939=%7B%22sid%22%3A%201664291747061%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201664293547061%7D; __51cke__=; __51laig__=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 15:23:19 GMT
Content-Type: font/woff
Content-Length: 13408
Last-Modified: Sat, 17 Oct 2020 13:39:22 GMT
Connection: keep-alive
ETag: "5f8af40a-3460"
Accept-Ranges: bytes
chuantu.xyz/t6/742/1664196641x2728309538.gif
200 OK 251 kB URL HTTP/1.1 chuantu.xyz/t6/742/1664196641x2728309538.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 251 kB (250881 bytes)
Hash 4e7fc46c8e78d510b464b44c7432515d
802e692757374e8f1c34758edcbec7cf6c12c746
947448224f63bf5d6d3a33c8258b36fdca4757f97501e69b03fc592385cde3e9
GET /t6/742/1664196641x2728309538.gif HTTP/1.1
Host: chuantu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 15:15:49 GMT
Content-Type: image/gif
Content-Length: 250881
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:50:41 GMT
ETag: "3d401-5e993f9a162a1"
Cache-Control: max-age=43200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gj%2BcJUKGLdqx8ERHN70MX%2Fop6HvPJB3O2qCbO98gDgQ4WsOSuaRTp%2FLQwXP6BX092hmfgrNEBMfKWZNhpCr4kb4FBQSA2k%2BEo1Zu5D4Jj5KB0HwxK2QjktWO5VZ7Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75153268df54fac0-OSL
alt-svc: h2=":443"; ma=60
ddcdn.pic-726-baidu.com/uptu/20220923/WzvpqKwi/1.jpg
200 OK 7.4 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/WzvpqKwi/1.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1b7a42077479d9f5562a643b2a083f32
b55ed45c8668c1c476c048a910b03ec71a18bcbc
2c5a7c691b618264759dd9fb69a880cc0473084b164b45b52a482d55e7349610
GET /uptu/20220923/WzvpqKwi/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/webp
content-length: 7352
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8795
content-disposition: inline; filename="1.webp"
etag: "632f1339-225b"
expires: Wed, 26 Oct 2022 21:03:27 GMT
last-modified: Sat, 24 Sep 2022 14:24:57 GMT
vary: Accept
cf-cache-status: HIT
age: 65542
accept-ranges: bytes
server: cloudflare
cf-ray: 7515326b1a5fb506-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 877b69b5af5106a0faecde8f74f5f7b5
9cfdee9ce1813527660de4abbfae8d17fca823a3
2f9c56a5312cbe8318bdd7614bb098e9994f8e0a21f574ab571029c02ff6b0a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:49 GMT
Server: ECS (amb/6B98)
Content-Length: 278
cdn.jsjsjs.xyz/happy/newyear/kongkong/960x60ns.gif
200 OK 406 kB URL HTTP/2 cdn.jsjsjs.xyz/happy/newyear/kongkong/960x60ns.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 406 kB (406419 bytes)
Hash 91949a67089d61d1c111d50f6e101660
fab540d8a71b28159836bf995e398a9569314e47
35ede3c11832a2e4f6562a484535420d010601981e3b07fdc271f160b0a81507
GET /happy/newyear/kongkong/960x60ns.gif HTTP/1.1
Host: cdn.jsjsjs.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/gif
content-length: 406419
last-modified: Wed, 16 Feb 2022 13:39:39 GMT
etag: "620cfe9b-63393"
expires: Wed, 05 Oct 2022 01:58:46 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1948623
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsPTULfve%2FSZ4jXuFtA%2BINfNqQW8rKh1vtMpW%2Bvermo0OWrUVsf2J1TRBDFUF9X%2FeLiOagEOrIZSOAyJRx6aePk356v5Caa%2FUPMMAQT3LIAtybu6w0GlmUB0Qiw9O7Tq%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326bfdf2b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 59fec73694bcbbade08908beb5dd4189
39c14da5a42b4878a05a309f4c440edbb2e54376
8035396205bd4aa53e1ad259e34a0eebd590c2ba65b2aac61cec5ce48992c82f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8035396205BD4AA53E1AD259E34A0EEBD590C2BA65B2AAC61CEC5CE48992C82F"
Last-Modified: Tue, 27 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12572
Expires: Tue, 27 Sep 2022 18:45:21 GMT
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash 877b69b5af5106a0faecde8f74f5f7b5
9cfdee9ce1813527660de4abbfae8d17fca823a3
2f9c56a5312cbe8318bdd7614bb098e9994f8e0a21f574ab571029c02ff6b0a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:49 GMT
Last-Modified: Tue, 27 Sep 2022 15:15:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
dvcasha2.ocsp-certum.com/
200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP
ASN #20940 Akamai International B.V.
Hash cc231b95f1cb0e3df4327d16b77db0a4
b679a3184aa5ead0a7fdc2ed9feef9f2030e9eac
7b2ace294e5b66b495f3cc95cd25cb6f7b88c7d7c9ccfdc34b2462b8c05679ec
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=11
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
dvcasha2.ocsp-certum.com/
200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP
ASN #20940 Akamai International B.V.
Hash 3f8d1a3e095fe1362c804b2452612a65
8b8e2759f913c992b79a1e6d4a46496653dc0f47
957a64e6309291c3296b7dd5454bf1a1e280ed3158972fdb43cac3965f12ffc9
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=899
Date: Tue, 27 Sep 2022 15:15:49 GMT
Connection: keep-alive
X-N: S
ocsp.sectigo.com/
200 OK 472 B IP
Hash 4220d06767abc7866450f4ad80da2e22
34b18ee59270302d091fc4cc5ebee2e52bd00345
196d66be4bb44190989855c3d0cfdec60f1c390597180d2f66ffe244707d884a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 15:15:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 23:24:26 GMT
Expires: Mon, 03 Oct 2022 23:24:25 GMT
Etag: "34b18ee59270302d091fc4cc5ebee2e52bd00345"
Cache-Control: max-age=547115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7515326c8f031c16-OSL
ddcdn.pic-726-baidu.com/uptu/20220923/B2a4nKHl/1.jpg
200 OK 6.5 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/B2a4nKHl/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash d155f78e41ee172b8a4ea1cfeb20514c
1c96b103943822936a0df79c8a34aba889723ad1
02fd396c23e65f8e52fe0e95a7ce3004dd00039d2198b794ec6e4f41130ed85a
GET /uptu/20220923/B2a4nKHl/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/jpeg
content-length: 6525
last-modified: Sat, 24 Sep 2022 14:24:52 GMT
etag: "632f1334-197d"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326afa0bb506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/yosN263f/1.jpg
200 OK 5.0 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/yosN263f/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 411x400, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash d671fccadc0d5a3c83a6d4f9236b3ab9
4fc18f27d644f5523d3d855067ff7b09c14bd02d
f0ba3230473be204f950148d909e946b2d0d329d1f9b3a8a5b52b7c148a37734
GET /uptu/20220923/yosN263f/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/jpeg
content-length: 5037
last-modified: Sat, 24 Sep 2022 14:24:58 GMT
etag: "632f133a-13ad"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326afa2db506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/f55ABN7n/1.jpg
200 OK 9.8 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/f55ABN7n/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 243a97527498e6286814970d6a4d7843
e62e087a6f18250316dd83ee656aa19c0f931f88
e457be2d8a10ea73d77faf42fa83cebb04d562489a926156bb88d076030ab513
GET /uptu/20220923/f55ABN7n/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/jpeg
content-length: 9802
last-modified: Sat, 24 Sep 2022 14:24:53 GMT
etag: "632f1335-264a"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326aea01b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/74gArfTz/1.jpg
200 OK 9.4 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/74gArfTz/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 664b6774eca4ed1887be13b0c6ecf8f1
da48abdc54b2a0f3554a5cd0c1dfdda743abd62a
4edb2042594535afe878589fd0ff8d029cc248399f95652c14514ee17ede60a1
GET /uptu/20220923/74gArfTz/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/jpeg
content-length: 9352
last-modified: Sat, 24 Sep 2022 14:24:52 GMT
etag: "632f1334-2488"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326afa18b506-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/uptu/20220923/00yHZTva/1.jpg
200 OK 5.9 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220923/00yHZTva/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 41e6b0cc532b1633cb83d67732b02a42
6f6eeee73990770fab879f6b192d984958c4bc59
1e054d702513b900f30ee635a1aff72e817691e90ebcca14fc6e115dead8a101
GET /uptu/20220923/00yHZTva/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/jpeg
content-length: 5943
last-modified: Sat, 24 Sep 2022 14:24:51 GMT
etag: "632f1333-1737"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326afa06b506-OSL
X-Firefox-Spdy: h2
kveii.com/dc0247b33019ed0ca09c321bb6fb4656.gif
301 Moved Permanently 162 B URL HTTP/2 kveii.com/dc0247b33019ed0ca09c321bb6fb4656.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /dc0247b33019ed0ca09c321bb6fb4656.gif HTTP/1.1
Host: kveii.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: text/html
content-length: 162
location: https://kvhfff.top/dc0247b33019ed0ca09c321bb6fb4656.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
s2.loli.net/2022/05/19/aVEGPj9cBSfIL3t.gif
200 OK 47 kB URL HTTP/2 s2.loli.net/2022/05/19/aVEGPj9cBSfIL3t.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Hash 2b9c30b086d03d90a45a9174aef7b408
e87dbe76669e2f402826dd598bb047d793b1e20c
f1eb3044b464fb4b4b8f3e081295bc19cc4cddc9361adb34ad7fb73b93b25de6
GET /2022/05/19/aVEGPj9cBSfIL3t.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:50 GMT
content-type: image/gif
content-length: 46855
last-modified: Thu, 19 May 2022 10:49:37 GMT
etag: "628620c1-b707"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uST2sLLpcMe75WBCG8XdfsZ315mQIlvarU4RUp0ggDMazcksg0WQNx%2BjJrxSONN6tXwIMLlGS9Gq8mldOGJnPsh550pBH%2Fp9WE2r5qDcMXdv6RnGFT7hIb1Ug0ct"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75153268efe2b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash d332e71991f476b843959cb2cae034f0
35bd9493ead83389bbda34267de9362a5bc22977
6b8909b4b10c01293121b50a060a1ae8dd6254577233301d2c1146f0c6f92f13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:50 GMT
Server: ECS (amb/6B98)
Content-Length: 280
kvhfff.top/dc0247b33019ed0ca09c321bb6fb4656.gif
200 OK 796 kB URL HTTP/2 kvhfff.top/dc0247b33019ed0ca09c321bb6fb4656.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 796 kB (795791 bytes)
Hash a0fc10963ea2b912c10e39e46df5cd72
fa9e7953732f63170e38ed2dec8e945ba6f083e4
7ba4e934ee23a0c156e0b14b61757398bfff3e6c41b4b1ab72d803e39169b469
GET /dc0247b33019ed0ca09c321bb6fb4656.gif HTTP/1.1
Host: kvhfff.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:50 GMT
content-type: image/gif
content-length: 795791
last-modified: Wed, 23 Mar 2022 06:52:01 GMT
etag: "623ac391-c248f"
expires: Tue, 04 Oct 2022 03:40:10 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2028940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AkKzrhMn94eGJXUE2kbMRPBdHopiWGq2eGlyZd3Mir0ObGfafcQEKlPZADTbf9Qz8gL%2FN8iEZxuL3RKGDPr3oxcHmqGrS1pb5S3lPAPuW0X81Oryryzb2un8uUf0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326eb99ab512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash d332e71991f476b843959cb2cae034f0
35bd9493ead83389bbda34267de9362a5bc22977
6b8909b4b10c01293121b50a060a1ae8dd6254577233301d2c1146f0c6f92f13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:50 GMT
Last-Modified: Tue, 27 Sep 2022 15:15:50 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 6ee10fe008bd06222c1ddca3c3082e1d
c8f159ad3cd53208cbaa1ed1b883555f6b3a5d68
69f5349a82ac75e433bb6001517007ac89926157e79020baf6bcc6319f26912d
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Tue, 27 Sep 2022 15:03:43 GMT
last-modified: Mon, 26 Sep 2022 16:08:27 GMT
expires: Mon, 03 Oct 2022 16:08:26 GMT
etag: "c8f159ad3cd53208cbaa1ed1b883555f6b3a5d68"
cache-control: max-age=603442,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb5
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 751520b31a349be0-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1664291023
via: cache8.l2de2[0,0,304-0,H], cache17.l2de2[0,0], cache7.se1[0,0,200-0,H], cache1.se1[1,0], cache1.se1[3,0]
age: 727
x-cache: HIT TCP_MEM_HIT dirn:11:27322441
x-swift-savetime: Tue, 27 Sep 2022 15:11:51 GMT
x-swift-cachetime: 1312
timing-allow-origin: *, *
eagleid: 2ff62c9516642917504177858e, 2ff62c9516642917504177858e
ddcdn.pic-726-baidu.com/uptu/20220828/ZA9FMzLs/1.jpg
200 OK 11 kB URL HTTP/2 ddcdn.pic-726-baidu.com/uptu/20220828/ZA9FMzLs/1.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 304x405, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 240x320, components 3\012- data
Hash 41818079eec5778bc011b1a095bacf6e
f20b4639c92dfde6ee5c911df1417c4d5f050da5
e49ad1a5f9c04fe14bfad23d55e45ccebca23afbebb9c581062c66c4a9607d93
GET /uptu/20220828/ZA9FMzLs/1.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:50 GMT
content-type: image/jpeg
content-length: 10959
last-modified: Wed, 31 Aug 2022 13:33:23 GMT
etag: "630f6323-2acf"
expires: Thu, 27 Oct 2022 15:15:49 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7515326afa2eb506-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash bffbd9373e1b10c6033b3375a26b2fac
0061226b45fc6cc89b29547479575711a0a97875
13e4522fe1118785f12261e2ab790f422b2010c5ec820e7716bfcc456a1e066b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4413
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 15:15:50 GMT
Last-Modified: Tue, 27 Sep 2022 14:02:17 GMT
Server: ECS (amb/6B98)
X-Cache: HIT
Content-Length: 727
ia.51.la/go1?id=21269939&rt=1664291747061&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&ing=1&ekc=&sid=1664291747061&tt=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&kw=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&cu=http%253A%252F%252Fsdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz%252F&pu=http%253A%252F%252F104.233.169.232%252F
200 0 B URL HTTP/1.1 ia.51.la/go1?id=21269939&rt=1664291747061&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&ing=1&ekc=&sid=1664291747061&tt=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&kw=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&cu=http%253A%252F%252Fsdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz%252F&pu=http%253A%252F%252F104.233.169.232%252F
IP
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21269939&rt=1664291747061&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&ing=1&ekc=&sid=1664291747061&tt=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&kw=%25E8%2599%258E%25E5%25A6%25B9AV(humeiav.com)&cu=http%253A%252F%252Fsdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz%252F&pu=http%253A%252F%252F104.233.169.232%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 27 Sep 2022 15:15:50 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=7d6ab4cf204fd7b7a4d; path=/
HWWAFSESTIME=1664291749248; path=/
img.cuphg.xyz/images/6332cf04847e8bdf898dec41.gif
302 Found 562 kB URL HTTP/2 img.cuphg.xyz/images/6332cf04847e8bdf898dec41.gif
IP
File type GIF image data, version 89a, 960 x 80\012- data
Size 562 kB (561802 bytes)
Hash 6992b4cd488bb4437ec954ab09a3fa00
e41fc5970be04ab5801e80ce785ff0832b305793
54d436cbf368311b0aa7bb497ac1b5a4330067953e11b4ad2da233e07e923d05
GET /images/6332cf04847e8bdf898dec41.gif HTTP/1.1
Host: img.cuphg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/a05e49430263416c83728fd4b411f485
cache-control: max-age=3600
X-Firefox-Spdy: h2
ddcdn.comtucdncom.com/images/2022/07/05/siwa23127.jpg
200 OK 239 kB URL HTTP/1.1 ddcdn.comtucdncom.com/images/2022/07/05/siwa23127.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3\012- data
Size 239 kB (239422 bytes)
Hash d5f9d0bcc55cf3464e2c2e340c9d8557
d3103f3fef16b8c3e796178d9937b07b2e099b37
e57392abf419d42c57325a54c9d16ad06e0e548b9d3bdf1dd4b8fa593f16da2f
GET /images/2022/07/05/siwa23127.jpg HTTP/1.1
Host: ddcdn.comtucdncom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 27 Sep 2022 15:15:50 GMT
Content-Type: image/jpeg
Content-Length: 239422
Last-Modified: Thu, 11 Aug 2022 12:14:52 GMT
Connection: keep-alive
ETag: "62f4f2bc-3a73e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ddcdn.comtucdncom.com/images/2022/07/12/wuma9193.jpg
200 OK 299 kB URL HTTP/1.1 ddcdn.comtucdncom.com/images/2022/07/12/wuma9193.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 820x462, components 3\012- data
Size 299 kB (299070 bytes)
Hash 9308f0620497a3ba6aeb9381be4cfd78
74445e8f0f68fdadccfdaadda49be8d2593b9e17
43abba8e40c1d62be1e009d7d1bd9f8433b14ec1c01ba8f54db9129167d18652
GET /images/2022/07/12/wuma9193.jpg HTTP/1.1
Host: ddcdn.comtucdncom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 27 Sep 2022 15:15:50 GMT
Content-Type: image/jpeg
Content-Length: 299070
Last-Modified: Thu, 11 Aug 2022 12:15:59 GMT
Connection: keep-alive
ETag: "62f4f2ff-4903e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
push.zhanzhang.baidu.com/push.js
200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Tue, 27 Sep 2022 15:15:50 GMT
Etag: "4078521116"
Expires: Wed, 27 Sep 2023 15:15:50 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=265625BC7ECAA38BE14F76F4111ED48C:FG=1; max-age=31536000; expires=Wed, 27-Sep-23 15:15:50 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
s2.loli.net/2022/05/11/3e9RFLlWvUAP7Vp.gif
200 OK 959 kB URL HTTP/2 s2.loli.net/2022/05/11/3e9RFLlWvUAP7Vp.gif
IP
File type GIF image data, version 89a, 960 x 80\012- data
Size 959 kB (959138 bytes)
Hash 0d623030b97e875ce6d2673ec66532d2
0403ed2b35c44fd932220042ca9a775b42b28513
37e036137455e3f33d77ab25b270c20f36b47f853b7cd16a95ae7569ee40c152
GET /2022/05/11/3e9RFLlWvUAP7Vp.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:49 GMT
content-type: image/gif
content-length: 959138
last-modified: Tue, 10 May 2022 17:32:49 GMT
etag: "627aa1c1-ea2a2"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iEPBUCH%2FErh9QB20yPCLwwE%2FVw8%2FOCWyrQwbyMp%2BFUqn1xiSmTVx8sljUsGeRf6Onph66lBV28QY3AYenKMsOOBJ7PKq%2F0GmqOkvz%2BgZPPVS2nZq2601AJJsVWls"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75153268ffe6b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 42aa14a3f00ec1b546ff82fec7e3bec3
0038bc027096240d5d9af8fe2768ea97950cad42
3f5d4a018f9172e666d0d2a525e9c959c0f8730302004f52303dbb3f3a717861
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 15:15:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 14:35:39 GMT
Expires: Mon, 03 Oct 2022 14:35:38 GMT
Etag: "0038bc027096240d5d9af8fe2768ea97950cad42"
Cache-Control: max-age=515386,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751532731f3a1c16-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 03579ffc14c5ef0a9b1ac5707127797d
984c718a290100839794c8aa0920aaf7b5e7f389
2c8998a15be8cb741b6ce56e9e758252f8b25c70b00a8cfb5ec2e280f15bc645
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 15:15:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 01:29:07 GMT
Expires: Mon, 03 Oct 2022 01:29:06 GMT
Etag: "984c718a290100839794c8aa0920aaf7b5e7f389"
Cache-Control: max-age=468194,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75153276fb5e1c16-OSL
87929881825.com/2f33e44a8bfb496da9314b983f27e40a.gif
200 OK 0 B URL HTTP/1.1 87929881825.com/2f33e44a8bfb496da9314b983f27e40a.gif
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /2f33e44a8bfb496da9314b983f27e40a.gif HTTP/1.1
Host: 87929881825.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "630caef8-e97ec"
Date: Sat, 24 Sep 2022 01:25:58 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 29 Aug 2022 12:20:08 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-27
Content-Length: 956396
fadacaitp.com/68-960-60.gif
200 OK 0 B URL HTTP/2 fadacaitp.com/68-960-60.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /68-960-60.gif HTTP/1.1
Host: fadacaitp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sdjkewu623usdj666.humeiav-hdfyerndgvctf26.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 15:15:50 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Sat, 25 Jun 2022 13:09:16 GMT
etag: W/"62b708fc-52fd2"
expires: Thu, 27 Oct 2022 11:29:10 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
38.53.124.236
104.21.63.42
23.36.79.10
93.184.220.29
103.143.19.103
20.210.226.238
47.246.44.205
45.89.209.74