Report - schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

Report Overview

Submitted URL
schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
IP
38.238.219.2
ASN
#134548 DXTL Tseung Kwan O Service
Submitted
2024-03-29 09:10:43
Access
public
Website Title
衢州翁雷机械设备有限公司
Final URL
www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tu.jnctpsy8888.cc	unknown	2023-08-02	2023-10-02	2024-02-21	428 B	833 kB	198.2.211.78
1cdn.yuanpinghengkangfuyouxiangongsi.top	unknown	2022-12-13	2023-06-16	2024-03-10	447 B	375 kB	123.6.40.242
www.schaffenhausshepherds.net	unknown	2022-07-01	2019-08-01	2024-01-30	1.7 kB	3.5 kB	38.238.219.2
ia.51.la	59607	2005-01-17	2017-10-31	2024-03-28	2.0 kB	604 B	203.107.86.226
ad.xmmnsl.com	341119	2019-10-01	2022-03-20	2024-02-26	872 B	575 kB	194.53.53.6
www.qwlcy.com	unknown	unknown	No data	No data	2.3 kB	229 kB	23.83.129.20
sxlmggx12.com	unknown	2023-10-26	2023-10-27	2024-03-08	417 B	273 kB	156.251.153.52
jt.112248.vip	unknown	2023-06-15	2023-10-22	2024-03-24	435 B	0 B	0.0.0.0
js.users.51.la	53024	2005-01-17	2012-05-30	2024-03-28	811 B	11 kB	47.246.44.243
bhjt.lkj-lijn.com	unknown	2023-10-13	2023-10-15	2024-02-25	863 B	468 kB	172.67.6.119
lbfm.lbpictupian.com	unknown	2022-10-07	2022-10-09	2024-03-22	8.7 kB	164 kB	172.67.28.138
zbb.bbb.hmajwvynt.com	unknown	unknown	No data	No data	439 B	60 kB	23.225.112.98
www.imageoss.com	unknown	2019-06-29	2020-03-20	2024-03-20	454 B	125 kB	104.21.55.185
9129666tp.com	unknown	2023-06-08	2023-06-08	2023-11-08	413 B	903 kB	198.2.209.177
383tu.oss-cn-hangzhou.aliyuncs.com	unknown	2012-04-01	2023-09-18	2024-02-24	446 B	300 kB	47.110.178.111
fmlb.netlbtu.com	187701	2021-04-20	2021-09-14	2024-01-30	3.3 kB	0 B	0.0.0.0
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-03-28	1.1 kB	12 kB	103.235.46.191
schaffenhausshepherds.net	unknown	unknown	No data	No data	429 B	234 B	38.238.219.2
push.zhanzhang.baidu.com	57139	1999-10-11	2015-07-22	2024-03-28	338 B	750 B	182.61.201.94
api.share.baidu.com	44629	1999-10-11	2013-04-25	2024-03-28	426 B	114 B	14.215.182.161
bba9603w.com	unknown	2023-11-01	2023-11-01	2024-03-10	416 B	363 kB	149.104.32.244

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	hmajwvynt.com	Sinkholed
2024-03-29	medium	112248.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t	54 B	2024-03-29	2024-03-29
Pretty URL www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t IP 38.238.219.2 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:10:52 Last Seen2024-03-29 10:10:52 Times Seen1 Hash b86227585d746c45fd486671bc763a02 985136e760bfd18944f0ab16d7da287693fda637 79be24d17350276a32a9d57f0b4ac395f7f4cba83bebaac44d45611b71f95dfa Loading...

	www.schaffenhausshepherds.net/common.js	1.5 kB	2024-03-29	2024-03-29
Pretty URL www.schaffenhausshepherds.net/common.js IP 38.238.219.2 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:10:52 Last Seen2024-03-29 10:10:53 Times Seen2 Hash cb02c03dbfb6de9dda3a760485df6cd9 9a9ca07b5a8c5cde32df30a7e496374412ddd0c5 a5f1cfe0e45c2ad2d0f60a168a0d11cbf7f9941b0ea4d9964150d322851c37c0 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-28
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.201.94 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-28 21:29:48 Times Seen19046 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	www.qwlcy.com/	143 B	2023-03-07	2024-04-28
Pretty URL www.qwlcy.com/ IP 23.83.129.20 ASN #19148 LEASEWEB-USA-PHX Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10:43 Last Seen2024-04-28 06:49:33 Times Seen521 Hash 505ee2fc0aa4093acc780dc6d51bb16f ab12eb0282ec450aa9df50665de7bd00d7ccf27e f905214b1216ef14d72c5c4595be49f0dade082f6630b77801a158b3869e1d95 Loading...

	js.users.51.la/21858475.js	5.1 kB	2024-03-29	2024-03-29
Pretty URL js.users.51.la/21858475.js IP 47.246.44.243 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:10:52 Last Seen2024-03-29 10:10:53 Times Seen2 Hash ee0a106411811a679e9d9700e372b27a d253cf7fbf983dd831704c96880042e003534e12 cd2903120bc47cef3cd186e658c72243fc4f0d409efce458fd1ad60473e24a9a Loading...

	www.qwlcy.com/	143 B	2023-03-07	2024-04-28
Pretty URL www.qwlcy.com/ IP 23.83.129.20 ASN #19148 LEASEWEB-USA-PHX Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10:40 Last Seen2024-04-28 06:49:33 Times Seen506 Hash 3d81914875488308e30ace18c518677c 04ebc5bd84675bdd16f371c1e0b8e8e00f0624bc 364f7dc20bd4a6da10f0d4e44c514461c7443cbbb64bdef1c8f91fbde29219a7 Loading...

	unknown	37 B	2023-04-11	2024-04-28
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-04-28 21:46:41 Times Seen21962 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t	0 B	2023-03-07	2024-04-29
Pretty URL www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t IP 38.238.219.2 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-29 00:04:06 Times Seen37152274 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.qwlcy.com/	143 B	2023-03-07	2024-04-02
Pretty URL www.qwlcy.com/ IP 23.83.129.20 ASN #19148 LEASEWEB-USA-PHX Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10:40 Last Seen2024-04-02 13:17:56 Times Seen442 Hash 638fe3fadb57c83d38d886341791d15d 79aad82d50b511320a187b7bb0c32e6b4c1635a0 6c43c1fc5aa15c19f64c2e5edc38e0f7093ea48ac5e2bd4a8e9420d2a7913d57 Loading...

	hm.baidu.com/hm.js?a59bfc1e6bba65cfa9419a19e29c9e44	30 kB	2024-03-29	2024-03-29
Pretty URL hm.baidu.com/hm.js?a59bfc1e6bba65cfa9419a19e29c9e44 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen2 Hash 3c21731b744fa2717a7b1f507b429e99 7744fa042b68c1e557f2ced3c5241e5742329f04 b8c52a5137dbd3c51d5e2122aae8c8ea5c5db426e5f387b6fdb8adcfbae812ed Loading...

	unknown	304 B	2024-03-29	2024-03-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash bcfda09848b2244873ae853033a4aef6 3f5e18559dd952426b60a3e749e54f92da6ea274 2e2d36cf61facebeb545be8b25d452c3987094bce5949d918e616d945bdef455 Loading...

	www.schaffenhausshepherds.net/tj.js	102 B	2024-03-29	2024-03-29
Pretty URL www.schaffenhausshepherds.net/tj.js IP 38.238.219.2 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen2 Hash 8e071994d1d091f6f319dd1880880e2b 095ccdee1414987b84ec423eebc7697fb678c33e f0aa685845450fe404c44d61d35abb981688214162dabaa7a6ad63bc673c316b Loading...

	www.qwlcy.com/	254 B	2024-03-29	2024-03-29
Pretty URL www.qwlcy.com/ IP 23.83.129.20 ASN #19148 LEASEWEB-USA-PHX Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash 6e6c9551c181b726629949f575bc6630 488a35230a1d643e4d68f4508cd3451c9f19145b 687a2318d2ed12fe70610574c383acc86bcc642d63804b4273baca4dd0fae603 Loading...

	js.users.51.la/21861001.js	4.9 kB	2024-03-29	2024-03-29
Pretty URL js.users.51.la/21861001.js IP 47.246.44.243 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen2 Hash c4a36f3458c40eaf52709fb4116cc5c5 9a80110a120cc0b6ac181400b3cfe994920b046f 3d0eb8cb186ced9e7823a23adc6fdacf7058022f9a591908a2e011cee590d5b5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - e3471d422acc12711d028bf23894f76e	466 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash e3471d422acc12711d028bf23894f76e 1ebe768db98ea526d2cffe005ebf5d0f8108bb5a 995ee7cb87d1d06c6592fc7391348eebd9ada080b9ec622436a7a0272c0fbdaf Loading...

		Size	First Seen	Last Seen
	#1 Write - 7e9dd6da1f76995a83a08122f642b0f7	447 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash 7e9dd6da1f76995a83a08122f642b0f7 60329f25e2cfeb988beba5715813cd0528259af1 ce90b39d3f08b959eb2c0731af0598c8b72a26348aec6b28a15d842ed0d78817 Loading...

	#2 Write - 5ca43bacc1a303939f32878923241660	82 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash 5ca43bacc1a303939f32878923241660 d4c010cb7371834f8dd56261ca016c8cbf47113c 9dd0009adf2eebff467fca4862207b531ecd7fadc45a3f9b40e3cfe021b02a26 Loading...

	#3 Write - 627521a42ab136c8fdf76bdf55c37a80	101 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 10:10:53 Last Seen2024-03-29 10:10:53 Times Seen1 Hash 627521a42ab136c8fdf76bdf55c37a80 4639621a54c7aed3087ec6eb084982ec9fc2a622 eb8e33d1570307b4c3a0b97ca1def096656a3426fb89e2280e3e2986cf029590 Loading...

HTTP Transactions (57)

URL IP Response Size

schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

38.238.219.2

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
IP
38.238.219.2:80
ASN
#134548 DXTL Tseung Kwan O Service

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t HTTP/1.1
Host: schaffenhausshepherds.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 29 Mar 2024 09:10:17 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

38.238.219.2

200 OK

807 B

URL User Request GET HTTP/1.1
www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
IP
38.238.219.2:80
ASN
#134548 DXTL Tseung Kwan O Service

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
807 B (807 bytes)
Hash
1272095dcf33178401851a1c73deb809
4dc33233d45d48863967db933bffb074dc05a60d
1907d113d87cd9f3ee64d11f6e212d5831479d0985ad64e1358954eaa36cde17

HTTP Headers

GET /wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t HTTP/1.1
Host: www.schaffenhausshepherds.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 09:10:18 GMT
Content-Type: text/html
Content-Length: 807
Connection: keep-alive

www.schaffenhausshepherds.net/common.js

38.238.219.2

200 OK

684 B

URL GET HTTP/1.1
www.schaffenhausshepherds.net/common.js
IP
38.238.219.2:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type
JavaScript source, ASCII text, with very long lines (443), with CRLF line terminators
Size
684 B (684 bytes)
Hash
cb02c03dbfb6de9dda3a760485df6cd9
9a9ca07b5a8c5cde32df30a7e496374412ddd0c5
a5f1cfe0e45c2ad2d0f60a168a0d11cbf7f9941b0ea4d9964150d322851c37c0

HTTP Headers

GET /common.js HTTP/1.1
Host: www.schaffenhausshepherds.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 09:10:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.schaffenhausshepherds.net/tj.js

38.238.219.2

200 OK

102 B

URL GET HTTP/1.1
www.schaffenhausshepherds.net/tj.js
IP
38.238.219.2:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type
HTML document, ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
8e071994d1d091f6f319dd1880880e2b
095ccdee1414987b84ec423eebc7697fb678c33e
f0aa685845450fe404c44d61d35abb981688214162dabaa7a6ad63bc673c316b

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.schaffenhausshepherds.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 09:10:19 GMT
Content-Type: application/x-javascript
Content-Length: 102
Connection: keep-alive

push.zhanzhang.baidu.com/push.js

182.61.201.94

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.94:80
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 29 Mar 2024 09:10:19 GMT
Etag: "4078521116"
Expires: Sat, 29 Mar 2025 09:10:19 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=C59752AA2310280E5596FE8FA0F8D81D:FG=1; max-age=31536000; expires=Sat, 29-Mar-25 09:10:19 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

js.users.51.la/21858475.js

47.246.44.243

200 OK

5.1 kB

URL GET HTTP/1.1
js.users.51.la/21858475.js
IP
47.246.44.243:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5068), with no line terminators
Size
5.1 kB (5068 bytes)
Hash
ee0a106411811a679e9d9700e372b27a
d253cf7fbf983dd831704c96880042e003534e12
cd2903120bc47cef3cd186e658c72243fc4f0d409efce458fd1ad60473e24a9a

HTTP Headers

GET /21858475.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 29 Mar 2024 09:10:19 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1711703419
Via: cache11.l2de2[161,160,200-0,M], cache16.l2de2[162,0], ens-cache3.se2[183,182,200-0,M], ens-cache1.se2[184,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 29 Mar 2024 09:10:19 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9517117034197301098e

www.schaffenhausshepherds.net/favicon.ico

38.238.219.2

200 OK

1.2 kB

URL GET HTTP/1.1
www.schaffenhausshepherds.net/favicon.ico
IP
38.238.219.2:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.schaffenhausshepherds.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Cookie: __tins__21858475=%7B%22sid%22%3A%201711703420114%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201711705220114%7D; __51cke__=; __51laig__=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 09:10:20 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 03 Apr 2024 09:10:20 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

api.share.baidu.com/s.gif?l=http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

14.215.182.161

200 OK

0 B

URL GET HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
IP
14.215.182.161:80
ASN
#4134 Chinanet

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 29 Mar 2024 09:10:20 GMT

ia.51.la/go1?id=21858475&rt=1711703420114&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1711703420114&tt=%25E8%25A1%25A2%25E5%25B7%259E%25E7%25BF%2581%25E9%259B%25B7%25E6%259C%25BA%25E6%25A2%25B0%25E8%25AE%25BE%25E5%25A4%2587%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252Fwpwe%252FZGF2aW4ub2htc0B3aXBmbGkuY29t&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21858475&rt=1711703420114&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1711703420114&tt=%25E8%25A1%25A2%25E5%25B7%259E%25E7%25BF%2581%25E9%259B%25B7%25E6%259C%25BA%25E6%25A2%25B0%25E8%25AE%25BE%25E5%25A4%2587%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252Fwpwe%252FZGF2aW4ub2htc0B3aXBmbGkuY29t&pu=
IP
203.107.86.226:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21858475&rt=1711703420114&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1711703420114&tt=%25E8%25A1%25A2%25E5%25B7%259E%25E7%25BF%2581%25E9%259B%25B7%25E6%259C%25BA%25E6%25A2%25B0%25E8%25AE%25BE%25E5%25A4%2587%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=&cu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252Fwpwe%252FZGF2aW4ub2htc0B3aXBmbGkuY29t&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Fri, 29 Mar 2024 09:10:20 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=365f607ab728f6cfb482042c05e3b25ec89b4228b00513c55357cb55e3d2aca8; Path=/; HttpOnly
acw_tc=ac11000117117034206301463e1d6a43ba50ea2cfd46aa8180b0b3afdd604a;path=/;HttpOnly;Max-Age=1800

ad.xmmnsl.com/uploads/images/1710823159.gif

194.53.53.6

200 OK

320 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710823159.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint2F:20:D3:CC:95:C0:8A:15:99:65:55:1B:2A:EC:24:E5:6E:07:B9:80
ValiditySat, 03 Feb 2024 10:48:36 GMT - Fri, 03 May 2024 10:48:35 GMT

File type
GIF image data, version 89a, 960 x 120
Size
320 kB (319959 bytes)
Hash
b8d9cb6869549186b023175920acd14f
a536d395998f8115b71f2d0f69a3d7fb1b19c429
c608171502e554e90239ff546673d2e0fdf70efbcd8b87d2271130bac942e78c

HTTP Headers

GET /uploads/images/1710823159.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 319959
last-modified: Tue, 19 Mar 2024 04:39:19 GMT
etag: "65f916f7-4e1d7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q73FDDZuXa5f2yhAicI7V77xvyhP5CEbgOVeZfRdhY0BxlrbSJ7wZ%2FB1ILPdZoHa6TwhoCvPQSxQKxOlMJACGxxMxPhrj4uyqyNi9Dz3ADiWhexnJ%2Bo4TQCgtjE8HtCg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ed8a2956ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1705062043.gif

194.53.53.6

200 OK

254 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1705062043.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint2F:20:D3:CC:95:C0:8A:15:99:65:55:1B:2A:EC:24:E5:6E:07:B9:80
ValiditySat, 03 Feb 2024 10:48:36 GMT - Fri, 03 May 2024 10:48:35 GMT

File type
GIF image data, version 89a, 980 x 50
Size
254 kB (253985 bytes)
Hash
9952c689456954e7a8afebc444dbd985
ebc86b44d3010cbbd572650b2c0f9cd2cbe396eb
500a0029895fd33faffdd312254c06b1d471ee2d99ad9ee5ca7617ccf3f7ebf6

HTTP Headers

GET /uploads/images/1705062043.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 253985
last-modified: Fri, 12 Jan 2024 12:20:43 GMT
etag: "65a12e9b-3e021"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W0UkrFQsc9JGmdVaGaOO8uFyt%2FI194%2Byl1zNyu5jBLVuoFdyusFEKwcaDTT56dUEEHspImkB97vUqlumYFrxinCanGTOynLDwiPsSbfN86J13YH88dPEO8hdhX5FoK2k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ed9a2e56ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bhjt.lkj-lijn.com/nanshen/img/2480.gif

172.67.6.119

200 OK

132 kB

URL GET HTTP/2
bhjt.lkj-lijn.com/nanshen/img/2480.gif
IP
172.67.6.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectlkj-lijn.com
Fingerprint6F:A6:31:0D:FA:B7:D6:D0:DA:B1:03:FE:A1:16:FE:BB:10:43:92:8C
ValiditySun, 11 Feb 2024 01:12:13 GMT - Sat, 11 May 2024 01:12:12 GMT

File type
GIF image data, version 89a, 960 x 80
Size
132 kB (132545 bytes)
Hash
c01e2eb86f8ef948ed3c6a4bec193c2e
75e3e01692b0a2d5f5c7414f43f21fab66b201d9
9bbbd9256592921eead5e58efc0c510d58339f89f5ca1c1c29f147bc7e6595e7

HTTP Headers

GET /nanshen/img/2480.gif HTTP/1.1
Host: bhjt.lkj-lijn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 132545
last-modified: Sat, 24 Feb 2024 13:13:29 GMT
etag: "65d9eb79-205c1"
expires: Sun, 21 Apr 2024 21:52:02 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-methods: GET,POST
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 559100
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ee38cb5693-OSL
X-Firefox-Spdy: h2

bhjt.lkj-lijn.com/nanshen/img/46.80.gif

172.67.6.119

200 OK

334 kB

URL GET HTTP/2
bhjt.lkj-lijn.com/nanshen/img/46.80.gif
IP
172.67.6.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectlkj-lijn.com
Fingerprint6F:A6:31:0D:FA:B7:D6:D0:DA:B1:03:FE:A1:16:FE:BB:10:43:92:8C
ValiditySun, 11 Feb 2024 01:12:13 GMT - Sat, 11 May 2024 01:12:12 GMT

File type
GIF image data, version 89a, 960 x 80
Size
334 kB (334447 bytes)
Hash
951b69336d9c15a474f41f1570950b3d
dbeb8fd225c80ce43707842386496340cd8d9bb4
76cce8df402fc0d22d11148e2c3234c754729790550a898bf49b5040b6c0e27a

HTTP Headers

GET /nanshen/img/46.80.gif HTTP/1.1
Host: bhjt.lkj-lijn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 334447
last-modified: Fri, 24 Nov 2023 15:00:29 GMT
etag: "6560ba8d-51a6f"
expires: Thu, 25 Apr 2024 13:35:14 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-methods: GET,POST
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 243308
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ee38c85693-OSL
X-Firefox-Spdy: h2

js.users.51.la/21861001.js

47.246.44.243

200 OK

4.9 kB

URL GET HTTP/1.1
js.users.51.la/21861001.js
IP
47.246.44.243:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://www.qwlcy.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (4898), with no line terminators
Size
4.9 kB (4898 bytes)
Hash
c4a36f3458c40eaf52709fb4116cc5c5
9a80110a120cc0b6ac181400b3cfe994920b046f
3d0eb8cb186ced9e7823a23adc6fdacf7058022f9a591908a2e011cee590d5b5

HTTP Headers

GET /21861001.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Content-Length: 4898
Connection: keep-alive
Date: Fri, 29 Mar 2024 09:10:21 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1711703421
Via: cache10.l2de2[171,170,200-0,M], cache9.l2de2[172,0], ens-cache20.se2[195,195,200-0,M], ens-cache1.se2[197,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 29 Mar 2024 09:10:21 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9517117034210351707e

www.qwlcy.com/template/m1938pc/ads/img/1.gif

23.83.129.20

200 OK

254 B

URL GET HTTP/2
www.qwlcy.com/template/m1938pc/ads/img/1.gif
IP
23.83.129.20:443
ASN
#19148 LEASEWEB-USA-PHX

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectwww.700515.com
Fingerprint43:CD:75:78:F9:B7:C5:DE:F8:A7:BC:06:6C:4A:12:BD:63:34:95:B4
ValidityWed, 27 Mar 2024 13:16:52 GMT - Tue, 25 Jun 2024 13:16:51 GMT

File type
GIF image data, version 89a, 16 x 17
Size
254 B (254 bytes)
Hash
b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

HTTP Headers

GET /template/m1938pc/ads/img/1.gif HTTP/1.1
Host: www.qwlcy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 254
last-modified: Thu, 21 Apr 2022 12:25:50 GMT
etag: "62614d4e-fe"
expires: Sun, 28 Apr 2024 09:10:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.imageoss.com/images/2024/01/30/960x60fa0d76e22c8fa07b.gif

104.21.55.185

200 OK

125 kB

URL GET HTTP/2
www.imageoss.com/images/2024/01/30/960x60fa0d76e22c8fa07b.gif
IP
104.21.55.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.imageoss.com
FingerprintC7:20:2B:6C:32:33:52:CD:A1:FC:99:A4:33:ED:D5:C3:75:12:1B:5C
ValidityTue, 05 Mar 2024 18:39:41 GMT - Mon, 03 Jun 2024 18:39:40 GMT

File type
GIF image data, version 89a, 960 x 60
Size
125 kB (124710 bytes)
Hash
76028be65c7091ef215890b255128ff0
7d4deda0b9201c95d7d2648e3e8b453f5f165609
f91ba1fe289c19571741252954f1da1161b2c71e9ee36b3ad720d25b9240fbf8

HTTP Headers

GET /images/2024/01/30/960x60fa0d76e22c8fa07b.gif HTTP/1.1
Host: www.imageoss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 124710
last-modified: Tue, 30 Jan 2024 12:23:31 GMT
etag: "65b8ea43-1e726"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 238936
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zon15XfcYnhfjXNkKMDLsDdFYiAiFHgkO0sIPJ3h4Pa0o7C%2BnzccUl6qAfQeN4JnVudUYQZC710fd2HwFMpecE5NnQ3xjY8er8ugiTG5UxltyX030uJKz9lf8gEHt7E4QWou"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9efd85e568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.qwlcy.com/template/m1938pc/images/video-play.png

23.83.129.20

200 OK

1.6 kB

URL GET HTTP/2
www.qwlcy.com/template/m1938pc/images/video-play.png
IP
23.83.129.20:443
ASN
#19148 LEASEWEB-USA-PHX

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectwww.700515.com
Fingerprint43:CD:75:78:F9:B7:C5:DE:F8:A7:BC:06:6C:4A:12:BD:63:34:95:B4
ValidityWed, 27 Mar 2024 13:16:52 GMT - Tue, 25 Jun 2024 13:16:51 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1567 bytes)
Hash
be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4

HTTP Headers

GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: www.qwlcy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/template/m1938pc/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/png
content-length: 1567
last-modified: Thu, 21 Apr 2022 12:26:08 GMT
etag: "62614d60-61f"
expires: Sun, 28 Apr 2024 09:10:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/tspli4gfkiq0002tspli4gfkiq023939.jpg

172.67.28.138

200 OK

7.4 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/tspli4gfkiq0002tspli4gfkiq023939.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp
Size
7.4 kB (7398 bytes)
Hash
3bda6330e6f70f42861e4691ed1fae0b
6b9c6c97f876c90d83f542a2c9da38c1a8e26d64
469d327aee42632eae18e3474327b93c112cf4c038e6ae2d13139301f62eec3a

HTTP Headers

GET /upload/vod/2020/05-22/00/tspli4gfkiq0002tspli4gfkiq023939.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/webp
content-length: 7398
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8552
content-disposition: inline; filename="tspli4gfkiq0002tspli4gfkiq023939.webp"
etag: "5ec6a5fa-2168"
last-modified: Thu, 21 May 2020 16:02:02 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 86beb9ef7bc55695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/qewyc1p3kv20603qewyc1p3kv250797.jpg

172.67.28.138

200 OK

7.3 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/qewyc1p3kv20603qewyc1p3kv250797.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
7.3 kB (7278 bytes)
Hash
4f5fbfcbb32aeebadcfc64fa68456b09
c85b72513b2a643cb14ef9282adde5e997ab8f55
ddcc94d279653c573b619a1c44bd19ce4e8339f88bce73451bf2e80007c54985

HTTP Headers

GET /upload/vod/2020/03-28/06/qewyc1p3kv20603qewyc1p3kv250797.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 7278
last-modified: Fri, 27 Mar 2020 22:03:50 GMT
etag: "5e7e7846-1c6e"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef9be15695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/quhbzhnrg2s0002quhbzhnrg2s144051.jpg

172.67.28.138

200 OK

6.5 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/quhbzhnrg2s0002quhbzhnrg2s144051.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.5 kB (6542 bytes)
Hash
f889c52cfae784ed71a1034b738785db
52d67a4369d7bd1fe50422f2fcb9a70b1e134d52
6d33ea476da32ac365bbd1288fa2b33cd24ab0d1ee8663edf8e2f5e48717b6e4

HTTP Headers

GET /upload/vod/2020/05-22/00/quhbzhnrg2s0002quhbzhnrg2s144051.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/webp
content-length: 6542
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7613
content-disposition: inline; filename="quhbzhnrg2s0002quhbzhnrg2s144051.webp"
etag: "5ec6a606-1dbd"
last-modified: Thu, 21 May 2020 16:02:14 GMT
vary: Accept
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 86beb9ef8bd15695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/coqjlfkdfb30603coqjlfkdfb351807.jpg

172.67.28.138

200 OK

10 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/coqjlfkdfb30603coqjlfkdfb351807.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
10 kB (10436 bytes)
Hash
8625a2794d858f7f99bd16e5325e35d6
ad433e894c88af88908b9c3690c061ed5adfddee
cd4b7bfd610a2345cb11b943285939bb4fa5d45a85d16a5e94eaef8c2b9ee910

HTTP Headers

GET /upload/vod/2020/03-28/06/coqjlfkdfb30603coqjlfkdfb351807.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 10436
last-modified: Fri, 27 Mar 2020 22:03:51 GMT
etag: "5e7e7847-28c4"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bbf5695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/0alwwxw2gtu00020alwwxw2gtu013931.jpg

172.67.28.138

200 OK

7.9 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/0alwwxw2gtu00020alwwxw2gtu013931.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
7.9 kB (7928 bytes)
Hash
dac3fb727059fa0ee9089fa928f2b3d2
c1f7eb37aa3fb2d9edbffff940d6584dd2cdb76a
b10d10f76b514d97a6b3439609dcab6f892284d88ada9cd20f94c5d0cafa5021

HTTP Headers

GET /upload/vod/2020/05-22/00/0alwwxw2gtu00020alwwxw2gtu013931.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 7928
last-modified: Thu, 21 May 2020 16:02:01 GMT
etag: "5ec6a5f9-1ef8"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc45695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/amq5qrpo4dz0002amq5qrpo4dz124035.jpg

172.67.28.138

200 OK

9.3 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/amq5qrpo4dz0002amq5qrpo4dz124035.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 320x240, components 3
Size
9.3 kB (9348 bytes)
Hash
efd33af6d62553488a81c74a5eab7232
e18dfe7458bed9d17a9412d46e1eb5beb6482d46
12e6caf2aa3ecf8e2018c5b705ecc05232902ee2367b26ace0607301218bd09d

HTTP Headers

GET /upload/vod/2020/05-22/00/amq5qrpo4dz0002amq5qrpo4dz124035.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 9348
last-modified: Thu, 21 May 2020 16:02:13 GMT
etag: "5ec6a605-2484"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc85695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/01thfs1aqr0060301thfs1aqr049786.jpg

172.67.28.138

200 OK

9.2 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/01thfs1aqr0060301thfs1aqr049786.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
9.2 kB (9158 bytes)
Hash
0fafd53100ae5848d0745a9188ee790e
4437ff1bd77606d500ca14c63c061d9e4b45856f
7c334a4d0eddeff6913c5fb528627d81a7b8d8674378cf63c6ffc01fb091b2f0

HTTP Headers

GET /upload/vod/2020/03-28/06/01thfs1aqr0060301thfs1aqr049786.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 9158
last-modified: Fri, 27 Mar 2020 22:03:49 GMT
etag: "5e7e7845-23c6"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef9be55695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/ropsdqca5ai0002ropsdqca5ai134043.jpg

172.67.28.138

200 OK

6.3 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/ropsdqca5ai0002ropsdqca5ai134043.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 240x320, components 3
Size
6.3 kB (6270 bytes)
Hash
552c5e01b67cc9c0ac8ae6b0e9cf8fd7
d6d3cb69c437dead63e50926f9bf5b6a97b65a9c
9be72117753cd167fa8fa2d378d809b9fdaaa5d8d8cdb99c4f7410590560bb5c

HTTP Headers

GET /upload/vod/2020/05-22/00/ropsdqca5ai0002ropsdqca5ai134043.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 6270
last-modified: Thu, 21 May 2020 16:02:13 GMT
etag: "5ec6a605-187e"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef8bd05695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/l3w4alqere30603l3w4alqere348777.jpg

172.67.28.138

200 OK

10 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/l3w4alqere30603l3w4alqere348777.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
10 kB (10374 bytes)
Hash
ff527e370b6bb2b5be1a62eb9e972cd3
02d6aeff81755f4b718721b4e001bd19b1bca7c1
dbd2cf6135e4b5383e8750fe0e0c56d6d0fcfeaa9035e6d94a2649fc572c07a4

HTTP Headers

GET /upload/vod/2020/03-28/06/l3w4alqere30603l3w4alqere348777.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 10374
last-modified: Fri, 27 Mar 2020 22:03:48 GMT
etag: "5e7e7844-2886"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9efabf15695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/5hm3cpdag1100025hm3cpdag11204099.jpg

172.67.28.138

200 OK

9.1 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/5hm3cpdag1100025hm3cpdag11204099.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 320x240, components 3
Size
9.1 kB (9103 bytes)
Hash
36121ce7ac9d820f02c57cd338a46fdd
65b17798e734b40ee17299085a5e430522b6f01f
99544b6ac285e9d9313c0610700405f48d03dcff8f99db9f2e9585738ca6bd0b

HTTP Headers

GET /upload/vod/2020/05-22/00/5hm3cpdag1100025hm3cpdag11204099.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 9103
last-modified: Thu, 21 May 2020 16:02:20 GMT
etag: "5ec6a60c-238f"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef8bd75695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/t1qirs4yk2d0002t1qirs4yk2d124027.jpg

172.67.28.138

200 OK

11 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/t1qirs4yk2d0002t1qirs4yk2d124027.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 320x240, components 3
Size
11 kB (11377 bytes)
Hash
f309eba4b5f36ffbb9f8585a9bfef059
46ae67fa1b29cc6446c701f1e8807d3d0cd28bcd
a234599c293561f002df979c6cfbb9b049c580be5ead6f1e6e2d8a03b2a97e2e

HTTP Headers

GET /upload/vod/2020/05-22/00/t1qirs4yk2d0002t1qirs4yk2d124027.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 11377
last-modified: Thu, 21 May 2020 16:02:12 GMT
etag: "5ec6a604-2c71"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc75695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/ey0uis41ax00002ey0uis41ax0033947.jpg

172.67.28.138

200 OK

11 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/ey0uis41ax00002ey0uis41ax0033947.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
11 kB (11106 bytes)
Hash
410935fb3247b7fe923ea917aabed373
5a5f1931def9e9d295e57019e77baddb2147b4ce
96f819bf8c6e423359821f21cd9fa20b4d5737a6458651a10f697a2355378bce

HTTP Headers

GET /upload/vod/2020/05-22/00/ey0uis41ax00002ey0uis41ax0033947.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 11106
last-modified: Thu, 21 May 2020 16:02:03 GMT
etag: "5ec6a5fb-2b62"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc65695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/05-22/00/nqu01xtumwn0002nqu01xtumwn164067.jpg

172.67.28.138

200 OK

10 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/05-22/00/nqu01xtumwn0002nqu01xtumwn164067.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 320x240, components 3
Size
10 kB (10070 bytes)
Hash
794d3c38f3982c00e8e40f014173c5d4
8ce004304fe5c7dca159a6410aedcb6d6625e1b2
d37747407b408fe55fca86136797815f8aadc7575ff281683d9fa71ae0a3dcf9

HTTP Headers

GET /upload/vod/2020/05-22/00/nqu01xtumwn0002nqu01xtumwn164067.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 10070
last-modified: Thu, 21 May 2020 16:02:16 GMT
etag: "5ec6a608-2756"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef8bd55695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/h415rq5hvmm0603h415rq5hvmm47767.jpg

172.67.28.138

200 OK

8.3 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/h415rq5hvmm0603h415rq5hvmm47767.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
8.3 kB (8254 bytes)
Hash
1fc80dc0bb0506af92a6a74b8a8522bf
fd3deaec887d1d9cca057c59b05a3444555ba5a2
d677de10d4676b302358df1c9a9a734d2935ca373210a2eb9c7adc209829a8ff

HTTP Headers

GET /upload/vod/2020/03-28/06/h415rq5hvmm0603h415rq5hvmm47767.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 8254
last-modified: Fri, 27 Mar 2020 22:03:47 GMT
etag: "5e7e7843-203e"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef9bdb5695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/3wsk3b4e0o006033wsk3b4e0o055842.jpg

172.67.28.138

200 OK

8.1 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/3wsk3b4e0o006033wsk3b4e0o055842.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
8.1 kB (8129 bytes)
Hash
549d825294df5c80bbd567f77d7d9777
f5936fe5c18338e24bcc04e9a4f4c8c37778a6ec
bed85a6f0f7f94343211343bb7907162fa2da55deabd87cab785a5df310c5159

HTTP Headers

GET /upload/vod/2020/03-28/06/3wsk3b4e0o006033wsk3b4e0o055842.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 8129
last-modified: Fri, 27 Mar 2020 22:03:55 GMT
etag: "5e7e784b-1fc1"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc35695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/sycpnh0xwbr0603sycpnh0xwbr54829.jpg

172.67.28.138

200 OK

8.7 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/sycpnh0xwbr0603sycpnh0xwbr54829.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
8.7 kB (8736 bytes)
Hash
16cf1e5f0c4148164d415fb2827d7520
2471655e0708e5dbb2fbb4d7b9ef4f384f8d3569
81449a16ab4bf119941bf7d782109eb800a86e40e10d7392b2d41b5e0119e7ce

HTTP Headers

GET /upload/vod/2020/03-28/06/sycpnh0xwbr0603sycpnh0xwbr54829.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 8736
last-modified: Fri, 27 Mar 2020 22:03:54 GMT
etag: "5e7e784a-2220"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc25695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/mgkh5nhx5db0603mgkh5nhx5db53819.jpg

172.67.28.138

200 OK

7.4 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/mgkh5nhx5db0603mgkh5nhx5db53819.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
7.4 kB (7381 bytes)
Hash
b387ee5fbdbe502bd8d55670da77d3d6
3b96f5050e7aadba9c230f7e963b71421ff0c3b3
9205af05a2919ebfa01805e305c32b6eec95352da7e0537303ddbc7d7c78a79d

HTTP Headers

GET /upload/vod/2020/03-28/06/mgkh5nhx5db0603mgkh5nhx5db53819.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 7381
last-modified: Fri, 27 Mar 2020 22:03:53 GMT
etag: "5e7e7849-1cd5"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef7bc15695-OSL
X-Firefox-Spdy: h2

lbfm.lbpictupian.com/upload/vod/2020/03-28/06/eq1exwb5cyn0603eq1exwb5cyn46755.jpg

172.67.28.138

200 OK

8.2 kB

URL GET HTTP/2
lbfm.lbpictupian.com/upload/vod/2020/03-28/06/eq1exwb5cyn0603eq1exwb5cyn46755.jpg
IP
172.67.28.138:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.qwlcy.com/
Certificate
IssuerCloudflare, Inc.
Subjectlbpictupian.com
Fingerprint62:1A:47:3F:33:41:F6:6C:4A:C6:9D:E0:67:70:07:49:BA:F1:31:CB
ValidityTue, 02 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
8.2 kB (8232 bytes)
Hash
dbb943e67d220775edd7d5c91be925f0
8358cec62e4bd4ebd987a4cc86bd86ff47bc0c95
71c53ccdb8a6d5ab877dd65df81e816633aaf004c3a1ee78f1bd1c42edaba716

HTTP Headers

GET /upload/vod/2020/03-28/06/eq1exwb5cyn0603eq1exwb5cyn46755.jpg HTTP/1.1
Host: lbfm.lbpictupian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/jpeg
content-length: 8232
last-modified: Fri, 27 Mar 2020 22:03:46 GMT
etag: "5e7e7842-2028"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 86beb9ef9bee5695-OSL
X-Firefox-Spdy: h2

zbb.bbb.hmajwvynt.com/fgajajytrsw6kys3yjs3.gif

23.225.112.98

200 OK

60 kB

URL GET HTTP/2
zbb.bbb.hmajwvynt.com/fgajajytrsw6kys3yjs3.gif
IP
23.225.112.98:443
ASN
#40065 CNSERVERS

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectzbb.bbb.hmajwvynt.com
Fingerprint33:E5:7C:88:A0:5A:41:1D:FD:EC:D7:01:17:D6:A0:BF:6B:BD:DC:01
ValidityFri, 22 Mar 2024 02:43:39 GMT - Thu, 20 Jun 2024 02:43:38 GMT

File type
GIF image data, version 89a, 980 x 100
Size
60 kB (60087 bytes)
Hash
49bf4fec48a868b09c87af8c7cd6cad5
60d486ff371697e3065bbcb2b8da7724c3390e40
5afbe47d1097d2885bee952c7fde5cca41b67cc0ac1f238a375b93be51a20832

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fgajajytrsw6kys3yjs3.gif HTTP/1.1
Host: zbb.bbb.hmajwvynt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: image/gif
content-length: 60087
last-modified: Wed, 14 Feb 2024 02:43:07 GMT
etag: "65cc28bb-eab7"
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2

9129666tp.com/cd.gif

198.2.209.177

200 OK

902 kB

URL GET HTTP/1.1
9129666tp.com/cd.gif
IP
198.2.209.177:443
ASN
#54600 PEG-SV

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subject9129666tp.com
FingerprintFB:18:40:46:38:E1:09:B8:C0:35:C7:63:B1:3F:01:33:D8:47:88:91
ValidityFri, 02 Feb 2024 15:11:48 GMT - Thu, 02 May 2024 15:11:47 GMT

File type
GIF image data, version 89a, 960 x 120
Size
902 kB (902421 bytes)
Hash
f088f3b109d803b0fe7078b682fe644b
4258ca57d88c448e2bff997bf3ee25b3ddbab416
ece4f0de4435b65a579efbb03abd6f7e5d018e123c51a98e53a9794c8bda5af1

HTTP Headers

GET /cd.gif HTTP/1.1
Host: 9129666tp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 29 Mar 2024 09:10:21 GMT
Content-Type: image/gif
Content-Length: 902421
Connection: keep-alive
Last-Modified: Wed, 14 Feb 2024 10:32:25 GMT
ETag: "65cc96b9-dc515"
Expires: Tue, 09 Apr 2024 18:31:16 GMT
Cache-Control: max-age=2592000
Via: s202311201973
CDN-Cache: HIT
Accept-Ranges: bytes

383tu.oss-cn-hangzhou.aliyuncs.com/gonggao/960x60.gif

47.110.178.111

200 OK

299 kB

URL GET HTTP/1.1
383tu.oss-cn-hangzhou.aliyuncs.com/gonggao/960x60.gif
IP
47.110.178.111:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://www.qwlcy.com/
Certificate
IssuerGlobalSign nv-sa
Subjectcn-hangzhou.oss.aliyuncs.com
FingerprintBA:B1:7D:10:E5:EF:BD:A3:65:22:81:6E:73:E8:F1:B9:DB:ED:27:15
ValidityMon, 19 Feb 2024 05:01:07 GMT - Sat, 22 Mar 2025 05:01:06 GMT

File type
GIF image data, version 89a, 960 x 80
Size
299 kB (299398 bytes)
Hash
f4b7967855549e81f65598b93a43d9db
6ab53e8a9af687c1dddad236af323080a04499cf
2e95dc2082af7cc833e0aef825efc261c04b69e3ec4350203854008cc4a12dc6

HTTP Headers

GET /gonggao/960x60.gif HTTP/1.1
Host: 383tu.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 29 Mar 2024 09:10:21 GMT
Content-Type: image/gif
Content-Length: 299398
Connection: keep-alive
x-oss-request-id: 6606857D7F57C5353173901D
Accept-Ranges: bytes
ETag: "F4B7967855549E81F65598B93A43D9DB"
Last-Modified: Sun, 17 Sep 2023 11:50:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8810428828543929982
x-oss-storage-class: Standard
x-oss-ec: 0048-00000105
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 9LeWeFVUnoH2VZi5OkPZ2w==
x-oss-server-time: 10

bba9603w.com/960-82.gif

149.104.32.244

200 OK

363 kB

URL GET HTTP/1.1
bba9603w.com/960-82.gif
IP
149.104.32.244:443
ASN
#40065 CNSERVERS

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectbba9603w.com
FingerprintC1:77:D2:EF:EB:16:1E:D5:33:D7:1B:FA:2F:59:A1:18:08:68:A7:E9
ValidityTue, 23 Jan 2024 03:30:47 GMT - Mon, 22 Apr 2024 03:30:46 GMT

File type
GIF image data, version 89a, 960 x 80
Size
363 kB (363137 bytes)
Hash
cfc733411b0bd7961c652d5bd0a8b2cd
6857644239d1763aebdccd5faf8687d0bd4cd5be
63c9f1f79be3b695561e66b6f771d02ad9153910b7ba262596cd63e397240563

HTTP Headers

GET /960-82.gif HTTP/1.1
Host: bba9603w.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/onex
Date: Fri, 29 Mar 2024 09:10:22 GMT
Content-Type: image/gif
Content-Length: 363137
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2023 05:17:03 GMT
ETag: "6541df4f-58a81"
Expires: Thu, 25 Apr 2024 08:58:50 GMT
X-One-Cache: HIT
Accept-Ranges: bytes

ia.51.la/go1?id=21861001&rt=1711703421426&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1711703421426&tt=9%25E8%2589%25B2&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fwww.qwlcy.com%252F&pu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252F

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21861001&rt=1711703421426&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1711703421426&tt=9%25E8%2589%25B2&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fwww.qwlcy.com%252F&pu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252F
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://www.qwlcy.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21861001&rt=1711703421426&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1711703421426&tt=9%25E8%2589%25B2&kw=%25E7%259F%25AD%25E8%25A7%2586%25E9%25A2%2591%252C%25E6%2590%259E%25E7%25AC%2591%25E8%25A7%2586%25E9%25A2%2591%252C%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%252C%25E5%2585%258D%25E8%25B4%25B9%25E8%25A7%2586%25E9%25A2%2591%252C%25E5%259C%25A8%25E7%25BA%25BF%25E8%25A7%2586%25E9%25A2%2591%252C%25E9%25A2%2584%25E5%2591%258A%25E7%2589%2587&cu=https%253A%252F%252Fwww.qwlcy.com%252F&pu=http%253A%252F%252Fwww.schaffenhausshepherds.net%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Fri, 29 Mar 2024 09:10:22 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=487261c8d88394beddf91337fb6a43701933e623349cb3d6155978648c316c68; Path=/; HttpOnly
acw_tc=ac11000117117034225827128e7273c62a0f2965787f897c32da78a5955575;path=/;HttpOnly;Max-Age=1800

hm.baidu.com/hm.js?a59bfc1e6bba65cfa9419a19e29c9e44

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?a59bfc1e6bba65cfa9419a19e29c9e44
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
https://www.qwlcy.com/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
3c21731b744fa2717a7b1f507b429e99
7744fa042b68c1e557f2ced3c5241e5742329f04
b8c52a5137dbd3c51d5e2122aae8c8ea5c5db426e5f387b6fdb8adcfbae812ed

HTTP Headers

GET /hm.js?a59bfc1e6bba65cfa9419a19e29c9e44 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 09:10:22 GMT
Etag: 68b6c48caf5d8aecce0819910c935fbe
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4B9F65C8D6FE00AC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

tu.jnctpsy8888.cc/jnc2023/mm888.gif

198.2.211.78

200 OK

833 kB

URL GET HTTP/1.1
tu.jnctpsy8888.cc/jnc2023/mm888.gif
IP
198.2.211.78:443
ASN
#54600 PEG-SV

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjecttu.jnctpsy8888.cc
FingerprintDE:09:C1:B9:80:BC:06:06:91:5B:E3:97:02:49:FB:B6:F7:07:83:A1
ValidityThu, 01 Feb 2024 18:10:12 GMT - Wed, 01 May 2024 18:10:11 GMT

File type
GIF image data, version 89a, 960 x 120
Size
833 kB (832563 bytes)
Hash
3fa269a595cb19b23411ab5cfff1e80a
08251fc37c09b622058b94e70f36ddfd1a8a9082
0213d222cde6635318d13abab105a6684a6fb00c14831e5302dbedf68d8b2d0e

HTTP Headers

GET /jnc2023/mm888.gif HTTP/1.1
Host: tu.jnctpsy8888.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:22 GMT
Content-Type: image/gif
Content-Length: 832563
Connection: keep-alive
Last-Modified: Thu, 14 Sep 2023 12:23:36 GMT
ETag: "6502fb48-cb433"
Expires: Sat, 27 Apr 2024 10:11:09 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes

hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1921584591&si=a59bfc1e6bba65cfa9419a19e29c9e44&su=http%3A%2F%2Fwww.schaffenhausshepherds.net%2F&v=1.3.0&lv=1&sn=60293&r=0&ww=1280&u=https%3A%2F%2Fwww.qwlcy.com%2F&tt=9%E8%89%B2

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1921584591&si=a59bfc1e6bba65cfa9419a19e29c9e44&su=http%3A%2F%2Fwww.schaffenhausshepherds.net%2F&v=1.3.0&lv=1&sn=60293&r=0&ww=1280&u=https%3A%2F%2Fwww.qwlcy.com%2F&tt=9%E8%89%B2
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
https://www.qwlcy.com/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1921584591&si=a59bfc1e6bba65cfa9419a19e29c9e44&su=http%3A%2F%2Fwww.schaffenhausshepherds.net%2F&v=1.3.0&lv=1&sn=60293&r=0&ww=1280&u=https%3A%2F%2Fwww.qwlcy.com%2F&tt=9%E8%89%B2 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 09:10:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FE4FA01C4072B44A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

sxlmggx12.com/ss3680.gif

156.251.153.52

200 OK

273 kB

URL GET HTTP/1.1
sxlmggx12.com/ss3680.gif
IP
156.251.153.52:443
ASN
#40065 CNSERVERS

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectsxlmggx12.com
Fingerprint83:62:6B:6F:C2:AB:57:BE:B2:35:45:C9:59:37:54:BA:1F:52:DB:40
ValidityWed, 17 Jan 2024 21:11:38 GMT - Tue, 16 Apr 2024 21:11:37 GMT

File type
GIF image data, version 89a, 960 x 80
Size
273 kB (273006 bytes)
Hash
47edb486593dd0847a49f45c4bf22c26
ba985b53b593000efbb0435bb858038903e93fec
73c3217ba59e961b7ef42283222cc37095f141cb98c6b50964fa246c6b1b5365

HTTP Headers

GET /ss3680.gif HTTP/1.1
Host: sxlmggx12.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/onex
Date: Fri, 29 Mar 2024 09:10:22 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 24 Apr 2024 09:07:28 GMT
X-One-Cache: HIT

1cdn.yuanpinghengkangfuyouxiangongsi.top/wns96080a.gif

123.6.40.242

200 OK

374 kB

URL GET HTTP/1.1
1cdn.yuanpinghengkangfuyouxiangongsi.top/wns96080a.gif
IP
123.6.40.242:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://www.qwlcy.com/
Certificate
IssuerSectigo Limited
Subject1cdn.yuanpinghengkangfuyouxiangongsi.top
FingerprintCE:05:79:17:67:EA:DF:17:71:55:41:BF:B4:76:F0:B8:57:12:F0:07
ValidityFri, 16 Jun 2023 00:00:00 GMT - Sat, 15 Jun 2024 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 80
Size
374 kB (374505 bytes)
Hash
61f0a03d052a9fa7c45384a259b5ba2e
d4ee20f085c53882170bf84dedc1f41995e1bd40
e1861e6ff229839c7d15fb0b166069fe773aad508c8d174661a7437e2b45632b

HTTP Headers

GET /wns96080a.gif HTTP/1.1
Host: 1cdn.yuanpinghengkangfuyouxiangongsi.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 02 Dec 2023 15:46:47 GMT
Etag: "61f0a03d052a9fa7c45384a259b5ba2e"
Content-Type: image/gif
Date: Fri, 22 Mar 2024 14:42:34 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 8121941456025080816
x-cos-request-id: NjVmZDk4ZGFfZjBhNmIwMDlfOTAzYV81NGY3MTE3
Content-Length: 374505
Accept-Ranges: bytes
X-NWS-LOG-UUID: 5662013786101602529
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Cache-Control: max-age=3600

fmlb.netlbtu.com/images/2021/7/30/dmm2385.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2385.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2385.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fmlb.netlbtu.com/images/2021/7/31/dmm7587.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/31/dmm7587.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/31/dmm7587.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fmlb.netlbtu.com/images/2021/7/30/dmm2382.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2382.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2382.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

jt.112248.vip/jingtai/szgg/1332wy100.gif

0.0.0.0

0 B

URL GET
jt.112248.vip/jingtai/szgg/1332wy100.gif
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jingtai/szgg/1332wy100.gif HTTP/1.1
Host: jt.112248.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fmlb.netlbtu.com/images/2021/7/30/dmm2383.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2383.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2383.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.qwlcy.com/template/m1938pc/css/zui.css

23.83.129.20

200 OK

98 kB

URL GET HTTP/2
www.qwlcy.com/template/m1938pc/css/zui.css
IP
23.83.129.20:443
ASN
#19148 LEASEWEB-USA-PHX

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectwww.700515.com
Fingerprint43:CD:75:78:F9:B7:C5:DE:F8:A7:BC:06:6C:4A:12:BD:63:34:95:B4
ValidityWed, 27 Mar 2024 13:16:52 GMT - Tue, 25 Jun 2024 13:16:51 GMT

File type

Size
98 kB (98415 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/m1938pc/css/zui.css HTTP/1.1
Host: www.qwlcy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: text/css
last-modified: Sun, 12 Jun 2022 13:35:14 GMT
vary: Accept-Encoding
etag: W/"62a5eb92-1806f"
expires: Fri, 29 Mar 2024 21:10:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

fmlb.netlbtu.com/images/2021/7/30/dmm2381.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2381.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2381.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fmlb.netlbtu.com/images/2021/7/30/dmm2384.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2384.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2384.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.qwlcy.com/

23.83.129.20

200 OK

51 kB

URL GET HTTP/2
www.qwlcy.com/
IP
23.83.129.20:443
ASN
#19148 LEASEWEB-USA-PHX

Requested by
http://www.schaffenhausshepherds.net/wpwe/ZGF2aW4ub2htc0B3aXBmbGkuY29t
Certificate
IssuerLet's Encrypt
Subjectwww.700515.com
Fingerprint43:CD:75:78:F9:B7:C5:DE:F8:A7:BC:06:6C:4A:12:BD:63:34:95:B4
ValidityWed, 27 Mar 2024 13:16:52 GMT - Tue, 25 Jun 2024 13:16:51 GMT

File type

Size
51 kB (51330 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.qwlcy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.schaffenhausshepherds.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:10:20 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

fmlb.netlbtu.com/images/2021/7/30/dmm2380.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2380.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2380.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.qwlcy.com/template/m1938pc/css/ate.css

23.83.129.20

200 OK

76 kB

URL GET HTTP/2
www.qwlcy.com/template/m1938pc/css/ate.css
IP
23.83.129.20:443
ASN
#19148 LEASEWEB-USA-PHX

Requested by
https://www.qwlcy.com/
Certificate
IssuerLet's Encrypt
Subjectwww.700515.com
Fingerprint43:CD:75:78:F9:B7:C5:DE:F8:A7:BC:06:6C:4A:12:BD:63:34:95:B4
ValidityWed, 27 Mar 2024 13:16:52 GMT - Tue, 25 Jun 2024 13:16:51 GMT

File type
ASCII text, with CRLF line terminators
Size
76 kB (75492 bytes)
Hash
b49992e1f195c8a7fae8874c7484979d
d061a88013db4f88c6e518f5a9aa17a308dee2f1
b2e1235651b1e3335d325cc40542cc55ed323f88d123a1ecf2356a9a9d77bc4d

HTTP Headers

GET /template/m1938pc/css/ate.css HTTP/1.1
Host: www.qwlcy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.qwlcy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:10:21 GMT
content-type: text/css
last-modified: Thu, 21 Apr 2022 12:25:48 GMT
vary: Accept-Encoding
etag: W/"62614d4c-126e4"
expires: Fri, 29 Mar 2024 21:10:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

fmlb.netlbtu.com/images/2021/7/30/dmm2379.jpg

0.0.0.0

0 B

URL GET
fmlb.netlbtu.com/images/2021/7/30/dmm2379.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.qwlcy.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/2021/7/30/dmm2379.jpg HTTP/1.1
Host: fmlb.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL