lzdq6btw.cn Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dcvvspvdj.qadjjh.tw/66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc
Effective URL:
https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Submission: On March 21 via manual (March 21st 2022, 10:51:48 am UTC) from GB — Scanned from GB

Summary HTTP 47 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 11 domains to perform 47 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is lzdq6btw.cn.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 4th 2022. Valid for: a year.

This is the only time lzdq6btw.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3032::ac43:d172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3030::6815:d63	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3034::ac43:debe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	185.66.201.42 185.66.201.42	201702 (SKHOSTING-EU) (SKHOSTING-EU)
2	185.66.200.220 185.66.200.220	201702 (SKHOSTING-EU) (SKHOSTING-EU)
8	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	185.66.200.127 185.66.200.127	201702 (SKHOSTING-EU) (SKHOSTING-EU)
47	11

1 2606:4700:3032::ac43:d172 (United States)

ASN13335 (CLOUDFLARENET, US)

dcvvspvdj.qadjjh.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

lzdq6btw.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3030::6815:d63 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::ac43:debe (United States)

ASN13335 (CLOUDFLARENET, US)

img.publicdn.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.66.201.42 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: affilist.com

qoaaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.66.200.220 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu

uprimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.66.200.127 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.127.skhosting.eu

aff-a.advertica-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	blogspot.com 1.bp.blogspot.com — Cisco Umbrella Rank: 8530	340 KB
8	baidu.com hm.baidu.com — Cisco Umbrella Rank: 8656	58 KB
6	jsdelivr.cc cdn.jsdelivr.cc — Cisco Umbrella Rank: 250869	104 KB
4	publicdn.xyz img.publicdn.xyz — Cisco Umbrella Rank: 336404	120 KB
4	lzdq6btw.cn lzdq6btw.cn	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	189 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	362 B
2	uprimp.com uprimp.com — Cisco Umbrella Rank: 182770	936 B
2	qoaaa.com qoaaa.com — Cisco Umbrella Rank: 276392	2 KB
1	advertica-cdn.com aff-a.advertica-cdn.com	11 KB
1	qadjjh.tw dcvvspvdj.qadjjh.tw	1 KB
47	11

	Domain	Requested by
14	1.bp.blogspot.com	lzdq6btw.cn
8	hm.baidu.com	lzdq6btw.cn
6	cdn.jsdelivr.cc	lzdq6btw.cn
4	img.publicdn.xyz	lzdq6btw.cn
4	lzdq6btw.cn	dcvvspvdj.qadjjh.tw lzdq6btw.cn cdn.jsdelivr.cc
3	www.googletagmanager.com	lzdq6btw.cn www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com
2	uprimp.com	lzdq6btw.cn uprimp.com
2	qoaaa.com	lzdq6btw.cn qoaaa.com
1	aff-a.advertica-cdn.com	qoaaa.com
1	dcvvspvdj.qadjjh.tw
47	11

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-04` - `2023-02-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
qoaaa.com R3	`2022-02-06` - `2022-05-07`	3 months	crt.sh
uprimp.com R3	`2022-03-15` - `2022-06-13`	3 months	crt.sh
baidu.com GlobalSign Organization Validation CA - SHA256 - G2	`2022-02-21` - `2022-08-02`	5 months	crt.sh
aff-a.advertica-cdn.com R3	`2022-03-11` - `2022-06-09`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Frame ID: 91D6343855D7D900C87BD315142C4848
Requests: 44 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=164785989986628&xtt=7817123
Frame ID: 0794DF5F169E96A1C7A34222603667C5
Requests: 1 HTTP requests in this frame

Frame: https://qoaaa.com//4fe48aebd6/4f59451604/?placementName=mBanner&randomA=0_4844&maxw=0
Frame ID: 51F42B6D428BFE7CA8C9EA62F2DECA90
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🎉🛢️💰️Petron Corporation fuel subsidy!Petron Corporation fuel subsidy!🎁🛢️🎊

Page URL History Show full URLs

http://dcvvspvdj.qadjjh.tw/66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc Page URL
https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js
/npm/sweetalert2@([\d.]+)
sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

98 %
HTTPS

64 %
IPv6

11
Domains

11
Subdomains

11
IPs

4
Countries

846 kB
Transfer

1636 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dcvvspvdj.qadjjh.tw/66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc Page URL
https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc
dcvvspvdj.qadjjh.tw/ 741 B
1 KB 480ms
218ms Document
text/html 2606:4700:3032::ac43:d172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://dcvvspvdj.qadjjh.tw/66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc
Protocol: HTTP/1.1
Server: 2606:4700:3032::ac43:d172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Date: Mon, 21 Mar 2022 10:51:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,GET,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,X_Requested_With,X-PINGOTHER,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w1oZEh0i%2B%2FQsT5pInQ7Vz3cOp3xYg5o27FvEH9BLUHwc58BVVb%2BYhz%2Bp17VwewWFstG66pEtVanNAXHfNHwoVZQ%2FYs%2BRTCSD7NRwkpvTqh9z8lPEYWBkFd0zt9L%2FrVFimqd6odtSF6LZeL6HY2trgE64"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ef6222e0a4175d7-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Primary Request / Show response
lzdq6btw.cn/HysFBlPL/petron-m/ 84 KB
15 KB 459ms
199ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Requested by: Host: dcvvspvdj.qadjjh.tw
URL: http://dcvvspvdj.qadjjh.tw/66dae31qf2plRX9xAmdvQS0nXmEtJ31fR2IESn8hBAUGATAMdiMPOCEHWFsDXwU8awQBFV5LCSc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e4dc4d6e56f1a8347edde53bed3790a424463ac4fbadcf80eb3a63c8f7de78a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: http://dcvvspvdj.qadjjh.tw/

Response headers

date: Mon, 21 Mar 2022 10:51:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bA3wkaZuyw6zZPEAqB0TCrCrYxWVj2p6l0CupfNIy%2ByTlYHnhvEcay5WgPW7%2B60u83japQwyJFPIStVrE9XggfV11pff7l6T%2BfIhui01IUqtZzOCa7pQNWYZeuzuPdxWnGFiLWe7POtxlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ef62231282a74e5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/ 87 KB
32 KB 172ms
67ms Script
text/javascript 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3393
x-guploader-uploadid: ADPycdvCxHltiuPjHL-zbbsBVwle0-vgYS2_pOmv1wzzQZrGSBqUE4vr5WQ_17FuwcGb_O0Ved79CT2MXZTd7QgSd4c
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
server: cloudflare
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAlwRsgWrJSbVUadfHwG%2BXC0gmGoJTvDbJZVQPrX7pc70j6CoScoSagXdOAk0a4pyiOhq8dU51bj%2FNPwYsPZsAJ2Vb%2FgyjTn%2BIDGAKc0fBtKLOrlBRUSvvHjgLMFfE0iVfaMc3PGxVTFXvrqAUA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647502217775195
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 89501
cf-ray: 6ef622332e2106c1-LHR
expires: Mon, 21 Mar 2022 10:55:06 GMT

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/ 62 KB
16 KB 167ms
62ms Script
text/javascript 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2052
x-guploader-uploadid: ADPycdu1uLyqvDmhguSZuTbI1iQCXdFSsjn9qfpazj_rw9BTzdDYAlrjdbWX5xLwqRvP4JuzcRyzK0e7bN4Tq1Un0CU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
server: cloudflare
etag: W/"c99230d2575380d7f95ff626606d2426"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC2aFAIDAbllXjv1jn3rIaCwy2hQ43JNR8VDO8PP07hVY1JNkZnti8Wp%2FvY88cTeChhZCv3mNh9WVoVznzwcRcdxrSOlbMfsnU9pw%2B0cuLldKfNcCdlR4UzcuIMroBoRQ%2BU7B1P59GPVbo1z%2BQU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647502614200576
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 63473
cf-ray: 6ef622332e2706c1-LHR
expires: Mon, 21 Mar 2022 10:52:04 GMT

GET
H2 200 sweetalert2.all.min.js Show response
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/ 71 KB
20 KB 215ms
109ms Script
text/javascript 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2248
x-guploader-uploadid: ADPycduBJeczL34Fvv9CSG8cSkqydq7iCeR_jCmOfQB5qU4sf79MEXqRyNxK75Up_HX1Mqv3OV7JZo24-ffqVzW7jI8
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
server: cloudflare
etag: W/"80924b62e5b3ac73aa4849776b439770"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B21rAwgIoCMVa8R6OlO4gVxneTx5fTlT4MbMAC9hm35RxXI6oZMg0AgfAlPJS3OJq6eWjIA%2Ft4KhAPL5cI%2FoUBob0yZb0iO2OISNwNs3V11P%2BUX1%2BIdLLOIMhYRiDyjeOCvA3VnLPwo66IXhiWc%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647502839791727
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 72765
cf-ray: 6ef622332e2806c1-LHR
expires: Mon, 21 Mar 2022 11:14:11 GMT

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/ 5 KB
2 KB 169ms
64ms Script
text/javascript 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1564
x-guploader-uploadid: ADPycduuQyxQaCGdR-Qr2gUp_Co_g3rSN8_EaUB46Jv2wu4lFcQHn3AtqBz1_rc2lR9yYQ-UR5L9JCZuXboJ91K5ISAVz4PrSg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
server: cloudflare
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MiFyKVt50MtZ3H26%2FYELiLqvlxaUGDVPRC6aydsRsQ7LHHsR%2F15r1sxELXhyVbRrI2j7zOQO5lGA%2B%2Fu%2FQ56jjqn8djKn58xTzdKBiAWhr6jwnffYdecSJi82INV8uaF9kaJqumV%2B4ku4onV5xuw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647502963816044
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 4798
cf-ray: 6ef622332e2a06c1-LHR
expires: Mon, 21 Mar 2022 11:25:35 GMT

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/ 21 KB
8 KB 216ms
111ms Script
text/javascript 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1594
x-guploader-uploadid: ADPycduvncBLA0gxm2jhB0xBiFcB9ljkEJNPjkQtZv47AnL5fPX0bMXS2cf5SLGxbSyGNf7QQBvdtKZagx9cccWcvqeCNqbuvQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
server: cloudflare
etag: W/"31c898c6d2ea13c30441657ff1900d81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=027cXrzLOpvO4GzGAyuONQX4%2BIzKzKf5RZpb%2FvdQast0RAro8HGQgflB%2FYtQusbeNAYuk5eC1TUxN%2Bc9xt0uX9nYr%2FY3KAWP2IL%2BQ%2FwcGXtURN1rycZ7m77Bc06yHpq7g298u1m2wFSOej7uqPA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647503084523089
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 21236
cf-ray: 6ef622332e2b06c1-LHR
expires: Mon, 21 Mar 2022 11:25:05 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/ 158 KB
25 KB 169ms
65ms Stylesheet
text/css 2606:4700:3030::6815:d63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2094
x-guploader-uploadid: ADPycdu1gxpiPS08v65ejSyWJ6gtfHZpcsepSs3IWtEOIkbdCNyOtcM2ty9EePRH4AYvdz3ej4P_RYV58hFL7Ow21tI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
server: cloudflare
etag: W/"feba0d0760607b9e21393156949afcd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DjzA43LeNy%2BeJuRtOzeX1YMBIct8%2BW3KY7dg5FT7gAtdKNCFHCHTvx4fvzFC2Wtvmn6hr%2BxgDR4Iwg1YOUoNpzz6Ov7BQt8kJqw9Qv4%2B7R69Fa6PbtmZM%2FWanu%2B4hdlQfjBAPoVQi1gmRt5y70A%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1647502692716912
content-type: text/css
cache-control: public, max-age=3600
x-goog-stored-content-length: 161415
cf-ray: 6ef622332e1d06c1-LHR
expires: Mon, 21 Mar 2022 10:45:38 GMT

GET
H2 200 sur.css
lzdq6btw.cn/HysFBlPL/petron-m/static/ 14 KB
4 KB 61ms
60ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lzdq6btw.cn/HysFBlPL/petron-m/static/sur.css
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bc3d4c69d2b85b7b972b8b1b1d35fe0274346231a64d63207e64b528ca2dfa3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 16 Feb 2022 04:09:48 GMT
server: cloudflare
etag: W/"620c790c-398e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlaVhX8VsiyYiLwFnZULcEkYzZhbvB%2F7XZ0kHFhg7%2FoUFH8nRtB91h0KX%2FmlGFk64PY2X3It5cD53aTWog%2B%2BXEjXlh7suu1S9Ehd5avBuatFQfQMbtIqFfVWTqXUN6ULBWvPuKd%2BRqoPZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 6ef6223279d174e5-LHR
expires: Mon, 21 Mar 2022 22:50:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
63 KB 241ms
112ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-27XV1EJY28

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96940463181f55542aedc5b211ea4576a12ada5fbfc1803e67daa779f2287d4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64301
x-xss-protection: 0
expires: Mon, 21 Mar 2022 10:51:39 GMT

GET
H2 200 flbsy-zuobian.png
img.publicdn.xyz/upload/ 26 KB
26 KB 224ms
102ms Image
image/png 2606:4700:3034::ac43:debe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.publicdn.xyz/upload/flbsy-zuobian.png
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2c10df0d1ff18964fbc0c06d56b313e6ae114d713831cb2dc707d670e1173be

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=ODfReA==, md5=3jF2CT2UCmwmrhzc4DEvug==
date: Mon, 21 Mar 2022 10:51:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1649
x-guploader-uploadid: ADPycdt6Zhv3gyBvw_o_UDlIeBjh4xneiSae42Rugx75Cnu6QBrF9VYsV6Mi4-JaXluN8RYE9udYwQLdomxEyLSoNWk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26192
last-modified: Wed, 16 Feb 2022 03:34:53 GMT
server: cloudflare
etag: "de3176093d940a6c26ae1cdce0312fba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DnSOzvR9zypPjxMV8HTcjdQJHBF9Rxnn1hozDLZi3hRFSv1RdSWDFqUs8YjaVDzmapfEuHa%2BOxfdaiqUv0bMs6pgpCEh7ZwhZNerQMSFqQg6aVSxtcT6J2EB0I8MDPuRYOhExpRTRwXvTWBdGVe"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1644982493305365
content-type: image/png
cache-control: public, max-age=14400
x-goog-stored-content-length: 26192
accept-ranges: bytes
cf-ray: 6ef62234bcca88aa-LHR
expires: Mon, 21 Mar 2022 11:18:51 GMT

GET
H2 200 flbsy-youbian.png
img.publicdn.xyz/upload/ 3 KB
4 KB 314ms
193ms Image
image/png 2606:4700:3034::ac43:debe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.publicdn.xyz/upload/flbsy-youbian.png
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2ed66c496426b789189122494fbc0f028c69a1ebccbf57220675d5ffc4b4039

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=qAsNdw==, md5=YGMoxW4DtHmUFq6ZF2yVjw==
date: Mon, 21 Mar 2022 10:51:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1771
x-guploader-uploadid: ADPycdvG_RoL9L6SbCNvmd4R5UyrScd3WDDQymNzJ8gWhaHjE4PO04ThcAUHi-mBwlMKBgx_opUkWYjDRuO8hKyul5VrMbTtaw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3295
last-modified: Wed, 16 Feb 2022 03:34:52 GMT
server: cloudflare
etag: "606328c56e03b4799416ae99176c958f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aNqgwQgV0Al1hV1gTd0BW8zL%2BEeBtcNDG%2FHDH%2Br3gMSC7L30vO4w9S8z6tdSd8jQJ4CwXDnWjAzVnm9M8zG5Wa6VwrGO54K%2B3kgVDkrYilW6684VMsFUE6WfDbT8gI0rOqRNgow85N1QZGFqhYqT"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1644982492827755
content-type: image/png
cache-control: public, max-age=14400
x-goog-stored-content-length: 3295
accept-ranges: bytes
cf-ray: 6ef62234bccc88aa-LHR
expires: Mon, 21 Mar 2022 11:08:10 GMT

GET
H2 200 flbsy-img.jpg
img.publicdn.xyz/upload/ 64 KB
64 KB 315ms
194ms Image
image/jpeg 2606:4700:3034::ac43:debe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.publicdn.xyz/upload/flbsy-img.jpg
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f00be2a50e704ca44b0a99b91337513051a6ca58ff147dc8364576cb6250f89

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=f/oFdA==, md5=DrP1rpqefTClYR4kf3VwbQ==
date: Mon, 21 Mar 2022 10:51:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3068
x-guploader-uploadid: ADPycdvUfLQr1BUDFixhsE4qrDcBOHaQRUdu0LYf9q9aZwh8rH2eUERswTeB-w19Fe_pX7CZnXX5BjnN64KllNF6SN8
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65314
last-modified: Wed, 16 Feb 2022 03:34:52 GMT
server: cloudflare
etag: "0eb3f5ae9a9e7d30a5611e247f75706d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqWpaZWtgDvPk8yd0hkUGaUVKPjU0TcPxBbR2hWxr2G84lAv0deY7%2B3tM9cCALsBJ68se2Hv9FD6t8JbxNxeaiy1uMpYtsWbHdQ0mKnq8N7nR0HY%2B8yMV9m5O8yMt5a7eecvUSJ3%2FLRC3uDrnj99"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1644982492367883
content-type: image/jpeg
cache-control: public, max-age=14400
x-goog-stored-content-length: 65314
accept-ranges: bytes
cf-ray: 6ef62234bcce88aa-LHR
expires: Mon, 21 Mar 2022 10:46:08 GMT

GET
H2 200 Germany_outbox.png
1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/ 44 KB
44 KB 298ms
104ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/Germany_outbox.png

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 08:28:32 GMT
x-content-type-options: nosniff
age: 8587
content-disposition: inline;filename="Germany_outbox.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44729
x-xss-protection: 0
server: fife
etag: "v605"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 09:39:41 GMT

GET
H2 200 bix1.png
1.bp.blogspot.com/-C4q400wZ8rE/YdDHUyoLHHI/AAAAAAAABhY/xPB_rcBtYq8TCmqL7HKOoqK8AA3TdtOyQCNcBGAsYHQ/s16000/ 27 KB
27 KB 389ms
194ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-C4q400wZ8rE/YdDHUyoLHHI/AAAAAAAABhY/xPB_rcBtYq8TCmqL7HKOoqK8AA3TdtOyQCNcBGAsYHQ/s16000/bix1.png

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2ac044d3adef3c564ee94ac760e91e8662a2c4500536fe3997499a86b893d240

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 08:20:38 GMT
x-content-type-options: nosniff
age: 9061
content-disposition: inline;filename="bix1.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27918
x-xss-protection: 0
server: fife
etag: "v619"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 04 Jan 2022 08:46:02 GMT

GET
H2 200 bix2.png
1.bp.blogspot.com/-2oHMGU1lNK0/YdDHUxClWXI/AAAAAAAABhU/865Ayokeb1stVwYGG708gKfP4zCZYtVgQCNcBGAsYHQ/s16000/ 7 KB
7 KB 290ms
96ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-2oHMGU1lNK0/YdDHUxClWXI/AAAAAAAABhU/865Ayokeb1stVwYGG708gKfP4zCZYtVgQCNcBGAsYHQ/s16000/bix2.png

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

24e8a4f033a91a6d5934e24ce83cbe5e4e2a3e42aba13c513b3a6f1a12832f56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:26:54 GMT
x-content-type-options: nosniff
age: 1485
content-disposition: inline;filename="bix2.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7078
x-xss-protection: 0
server: fife
etag: "v618"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 04 Jan 2022 08:46:02 GMT

GET
H2 200 Germany_inbox.png
1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/ 14 KB
14 KB 455ms
261ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/Germany_inbox.png

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:57:20 GMT
x-content-type-options: nosniff
age: 10459
content-disposition: inline;filename="Germany_inbox.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14208
x-xss-protection: 0
server: fife
etag: "v605"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 04:28:47 GMT

GET
H2 200 flbsy-box3.png
img.publicdn.xyz/upload/ 25 KB
25 KB 314ms
193ms Image
image/png 2606:4700:3034::ac43:debe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.publicdn.xyz/upload/flbsy-box3.png
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 902ef4a66b5952b06f4efe3b951baabce43d52870a571eefc199c577dc91bad3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash: crc32c=Bi/pAQ==, md5=fs0FwtTWgO4lZJvEYYMntQ==
date: Mon, 21 Mar 2022 10:51:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1877
x-guploader-uploadid: ADPycdvun_QEZeKbrhZNcyFwjWxCmrrzT-AywYzFYRFdSnk6hdutGh_tpIuKfPy3AgjwIS_qB1ZmiprLjrxMTFsb121lWUXObA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25384
last-modified: Wed, 16 Feb 2022 04:07:06 GMT
server: cloudflare
etag: "7ecd05c2d4d680ee25649bc4618327b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0R4XaiOqDp3p5MRs0LLt2di72pLEN4xjrtbSNZzEyu0%2BuZZqQAbLBW7phsawjM0zh6RkaV3BOLyOqlR5mL5a8Jd3OTKOdBhH9FN9PRdvMABwO5xxDK9QQpSKkxcqJN%2BkN86qb6uVuWvAjkpEmMmp"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1644984426062924
content-type: image/png
cache-control: public, max-age=14400
x-goog-stored-content-length: 25384
accept-ranges: bytes
cf-ray: 6ef62234bccf88aa-LHR
expires: Mon, 21 Mar 2022 11:20:22 GMT

GET
H2 200 responsive.js Show response
qoaaa.com/js/ 3 KB
1013 B 425ms
116ms Script
application/javascript 185.66.201.42
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://qoaaa.com/js/responsive.js
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.201.42 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: affilist.com
Software: nginx /
Resource Hash: 4987d5f43ecfeeb96384876eb9247b9653c4cb66628a594cfe87e922ab0a18b5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:40 GMT
content-encoding: br
last-modified: Tue, 21 Dec 2021 14:23:16 GMT
server: nginx
etag: W/"61c1e354-b1d"
content-type: application/javascript

GET
H2 200 bnr.php Show response
uprimp.com/ 427 B
681 B 339ms
112ms Script
application/javascript 185.66.200.220
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Requested by: Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.200.220 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.220.skhosting.eu
Software: nginx /
Resource Hash: 869bdff302f855ca4c61b84ce098906dfb87248f8105f2c06c2ceba572b6f847

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Mar 2022 10:51:39 GMT
last-modified: Mon, 21 Mar 2022 10:51:39 GMT
server: nginx
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag: noindex, nofollow, noarchive, nosnippet
expires: Mon, 21 Mar 2022 10:51:39 GMT

GET
H3 200 155031550_159487379338596_4083130769817005691_n.jpg
1.bp.blogspot.com/-1r43YqdXplM/YdL3a3myh2I/AAAAAAAABto/Z2Tgd3WQAYAnYSccoHpseVnXMm0MxG85QCNcBGAsYHQ/ 14 KB
14 KB 376ms
291ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-1r43YqdXplM/YdL3a3myh2I/AAAAAAAABto/Z2Tgd3WQAYAnYSccoHpseVnXMm0MxG85QCNcBGAsYHQ/155031550_159487379338596_4083130769817005691_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c698c3f44ade22c1287a99a1a381e8428bc7feaee6b89943a3258702ce6f0ac1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 08:40:25 GMT
x-content-type-options: nosniff
age: 7874
content-disposition: inline;filename="155031550_159487379338596_4083130769817005691_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14709
x-xss-protection: 0
server: fife
etag: "v6de"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 14 Jan 2022 10:07:15 GMT

GET
H3 200 170989089_136769308396553_1884143540668334315_n.jpg
1.bp.blogspot.com/-HT0Q02GLmrM/YdL3axtMTlI/AAAAAAAABts/I4fd82LYLYYZOHu73RoJmwv3gpRIq15cACNcBGAsYHQ/ 75 KB
75 KB 510ms
425ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-HT0Q02GLmrM/YdL3axtMTlI/AAAAAAAABts/I4fd82LYLYYZOHu73RoJmwv3gpRIq15cACNcBGAsYHQ/170989089_136769308396553_1884143540668334315_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f03eb59cbbdf34f68901297ff1641cefcb629d886dae84b7b8fcc3ca904dd8e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:37:36 GMT
x-content-type-options: nosniff
age: 11643
content-disposition: inline;filename="170989089_136769308396553_1884143540668334315_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77089
x-xss-protection: 0
server: fife
etag: "v6df"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 21 Jan 2022 13:15:22 GMT

GET
H3 200 10.jpg
1.bp.blogspot.com/-z6pHn1M6944/YdL3ahZExoI/AAAAAAAABtc/v2XUATz6uJkXdaftDfR0jtO0_qOqQLL-ACNcBGAsYHQ/ 14 KB
14 KB 316ms
231ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-z6pHn1M6944/YdL3ahZExoI/AAAAAAAABtc/v2XUATz6uJkXdaftDfR0jtO0_qOqQLL-ACNcBGAsYHQ/10.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1bdc48bd5351f9949972e167f0f291924c35d83dfc798e4557cd79a9c1f5213f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:50:24 GMT
x-content-type-options: nosniff
age: 10875
content-disposition: inline;filename="10.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14452
x-xss-protection: 0
server: fife
etag: "v6dd"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 21 Jan 2022 13:15:22 GMT

GET
H3 200 11.jpg
1.bp.blogspot.com/-iA_xocTXtvM/YdL3azpdKMI/AAAAAAAABtk/xa5Rxi3jRIYqMwcP0NAN82g4P1NzSvijACNcBGAsYHQ/ 11 KB
11 KB 350ms
264ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-iA_xocTXtvM/YdL3azpdKMI/AAAAAAAABtk/xa5Rxi3jRIYqMwcP0NAN82g4P1NzSvijACNcBGAsYHQ/11.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ed26bfc8033da419bcf577f5934fb91a075e8aa71882c8d3396bd5b01f2b7ec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:04:20 GMT
x-content-type-options: nosniff
age: 13639
content-disposition: inline;filename="11.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11670
x-xss-protection: 0
server: fife
etag: "v6dd"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 14 Jan 2022 10:07:15 GMT

GET
H3 200 127.jpg
1.bp.blogspot.com/-CuBOqC224TU/YdL3wk-MpDI/AAAAAAAABuA/SGzIOYeY0iAQjUBLAKyqQwYvaXBGkEKHgCNcBGAsYHQ/ 10 KB
10 KB 509ms
424ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-CuBOqC224TU/YdL3wk-MpDI/AAAAAAAABuA/SGzIOYeY0iAQjUBLAKyqQwYvaXBGkEKHgCNcBGAsYHQ/127.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e97b15ea4486b5e4e6760d47970e38904b2ab55c33563c1308f8ba46537d03a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:06:26 GMT
x-content-type-options: nosniff
age: 13513
content-disposition: inline;filename="127.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10492
x-xss-protection: 0
server: fife
etag: "v6e1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 21 Jan 2022 13:15:22 GMT

GET
H3 200 95708401_2102053903274362_4198003199497469952_n.jpg
1.bp.blogspot.com/-GB46jqOc6I8/YVy4U-WKroI/AAAAAAAAHjg/3zaux-pMQAMQsOVanTc1qROoM9R51BzngCLcBGAsYHQ/s320/ 23 KB
23 KB 178ms
93ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-GB46jqOc6I8/YVy4U-WKroI/AAAAAAAAHjg/3zaux-pMQAMQsOVanTc1qROoM9R51BzngCLcBGAsYHQ/s320/95708401_2102053903274362_4198003199497469952_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f70d2bee3dbb24e95d68f9643b1563f98e71f1e185b18af7877f96d69656781e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:07:21 GMT
x-content-type-options: nosniff
age: 13458
content-disposition: inline;filename="95708401_2102053903274362_4198003199497469952_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23303
x-xss-protection: 0
server: fife
etag: "v1e39"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 21:17:23 GMT

GET
H3 200 160648709_140010968017147_6876748915514855042_n.jpg
1.bp.blogspot.com/-iAFOj9PAz-k/YTJ_zUtRbeI/AAAAAAAAEoU/Cn-6wVUazKYz2nNNHskPhDGezjoijPjTgCLcBGAsYHQ/s320/ 37 KB
37 KB 182ms
97ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-iAFOj9PAz-k/YTJ_zUtRbeI/AAAAAAAAEoU/Cn-6wVUazKYz2nNNHskPhDGezjoijPjTgCLcBGAsYHQ/s320/160648709_140010968017147_6876748915514855042_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

99d5e6c124dc412ffa102a27b9afc4a33bb56ae21ab3aed3c81bafd820395a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 09:17:49 GMT
x-content-type-options: nosniff
age: 5630
content-disposition: inline;filename="160648709_140010968017147_6876748915514855042_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37921
x-xss-protection: 0
server: fife
etag: "v128b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 07 Jan 2022 00:25:20 GMT

GET
H3 200 144025101_240422051059131_6933435057865504424_n.jpg
1.bp.blogspot.com/-FAxP0LJ0tmw/YTJ_zSt3fCI/AAAAAAAAEoQ/bb2RPWq9esIH-BFL7_pxkI7WrEoY5IT-wCLcBGAsYHQ/s320/ 21 KB
21 KB 510ms
425ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-FAxP0LJ0tmw/YTJ_zSt3fCI/AAAAAAAAEoQ/bb2RPWq9esIH-BFL7_pxkI7WrEoY5IT-wCLcBGAsYHQ/s320/144025101_240422051059131_6933435057865504424_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9278771b53304ad62196ca692a8dd9a4e1734ed7f76041dee6011ad61d31bb83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 08:53:51 GMT
x-content-type-options: nosniff
age: 7068
content-disposition: inline;filename="144025101_240422051059131_6933435057865504424_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21290
x-xss-protection: 0
server: fife
etag: "v128b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 29 Dec 2021 03:49:09 GMT

GET
H3 200 174047983_145156920881639_7102361323584101097_n.jpg
1.bp.blogspot.com/-b8o3pdt_qfg/YTJ_zVTAkdI/AAAAAAAAEoY/VN_3rfOBPTs6L0FbcG_D3CjFmAkwd97pwCLcBGAsYHQ/s320/ 26 KB
27 KB 256ms
171ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-b8o3pdt_qfg/YTJ_zVTAkdI/AAAAAAAAEoY/VN_3rfOBPTs6L0FbcG_D3CjFmAkwd97pwCLcBGAsYHQ/s320/174047983_145156920881639_7102361323584101097_n.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7a8607c6f57a44ed667d83418c08c1f37d0895a4c75d2d17f6d858b6856f14ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 08:07:19 GMT
x-content-type-options: nosniff
age: 9860
content-disposition: inline;filename="174047983_145156920881639_7102361323584101097_n.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27130
x-xss-protection: 0
server: fife
etag: "v128c"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 17:06:09 GMT

GET
H3 200 %25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-53.jpg
1.bp.blogspot.com/-az2tY1oxDlk/YTJ_0dMvi8I/AAAAAAAAEog/QQ_YeiFtsgM4k1NSkz_XadBJKdfXWjzsACLcBGAsYHQ/s0/ 15 KB
15 KB 279ms
194ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-az2tY1oxDlk/YTJ_0dMvi8I/AAAAAAAAEog/QQ_YeiFtsgM4k1NSkz_XadBJKdfXWjzsACLcBGAsYHQ/s0/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-53.jpg

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

49b9d1a630355b147d9b11596f883cb456d9f0875451df86f15fa41028ad7490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 07:45:32 GMT
x-content-type-options: nosniff
age: 11167
content-disposition: inline;filename="___-53.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-53.jpg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15148
x-xss-protection: 0
server: fife
etag: "v128b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:46:17 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
63 KB 200ms
115ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP3DQB03D8

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

370148b6a68b780a6cd975086f4a95fa7a98836da3c83fb5412f08cfa8045559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64299
x-xss-protection: 0
expires: Mon, 21 Mar 2022 10:51:39 GMT

GET
H2 200 bnr_xload.php Show response
uprimp.com/ Frame 0794 0
255 B 97ms
96ms Document
text/html 185.66.200.220
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=164785989986628&xtt=7817123
Requested by: Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.200.220 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.220.skhosting.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/

Response headers

server: nginx
date: Mon, 21 Mar 2022 10:51:39 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 21 Mar 2022 10:51:39 GMT
last-modified: Mon, 21 Mar 2022 10:51:39 GMT
cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet

GET
H3 200 yuming.js Show response
lzdq6btw.cn/HysFBlPL/petron-m/ 269 B
772 B 247ms
246ms XHR
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lzdq6btw.cn/HysFBlPL/petron-m/yuming.js?1647859899831&_=1647859899482
Requested by: Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab09cdfc22bcca11647c7eed53c651f515e2d420a5adf341e44a7d9eac827e3c

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Feb 2022 04:09:48 GMT
server: cloudflare
etag: W/"620c790c-10d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0ZLQ20NT2IyHCsnuG7C7OwEK4TR8Klz%2FQ2PeUCcyOkOvOp8wlhAws2b4b5D7wy9FINVGgsR4O9ayYvHyEUPa9FyajnQtcJWc5SGYBbDM1x%2B6ApE9OtnEtVWjk840zoWq4bExugPNQB2dA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ef622361b91887f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 21 Mar 2022 22:51:39 GMT

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 40 KB
15 KB 1458ms
672ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

eeb6faa48b5b278fa20297aabec4f843558e84cf52dba96ae2e1aaa6deab2d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 21 Mar 2022 10:51:40 GMT
Content-Encoding: gzip
Server: apache
Etag: 38c64524d01486a5e0c5c7fb90fb28d8
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 14611

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 40 KB
15 KB 1458ms
672ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?255bf6352b453a458133f5dd1d97c35b

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

551befb0579f3e68fa071a02baf9978bba3c47e613f4a59ea7e3777792eb2146

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 21 Mar 2022 10:51:40 GMT
Content-Encoding: gzip
Server: apache
Etag: 824868b526d201d71f0cb58188defc3f
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 14605

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 35 KB
13 KB 1266ms
463ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?c7f1b3f152598f901bc0aad793b18b59

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

10d27ce261d80eba92136d87230fa1cee96d86733433d91d0f2e662763ce0edd

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 21 Mar 2022 10:51:40 GMT
Content-Encoding: gzip
Server: apache
Etag: 45f2b5c539f10231fe5f8722a2b7bad5
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 12997

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 35 KB
13 KB 1556ms
734ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?3883cd39b3c18ae26539940d487c3741

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

b7fba71a67bd4d686900d5bc2677233f52fd7f4397dffaa7aea708196fd3214f

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 21 Mar 2022 10:51:40 GMT
Content-Encoding: gzip
Server: apache
Etag: 962113e9879356f36a12526b0b4fd30b
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 13004

POST
H2 204 collect
www.google-analytics.com/g/ 0
345 B 315ms
106ms Ping
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-27XV1EJY28&gtm=2oe3e0&_p=275062406&sr=1600x1200&ul=en-us&cid=1253850806.1647859900&_s=1&dl=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd&dr=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&dt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A&sid=1647859899&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-27XV1EJY28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Mar 2022 10:51:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://lzdq6btw.cn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
63 KB 245ms
245ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP3DQB03D8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-27XV1EJY28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82df9bc7b7a52a3a123d20ef3a6be1a7e5eef02b33f2d3a65c023b02d70c4df2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:39 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64300
x-xss-protection: 0
expires: Mon, 21 Mar 2022 10:51:39 GMT

GET
H3 200 tb55.php Show response
lzdq6btw.cn/HysFBlPL/j/ 482 B
732 B 249ms
249ms XHR
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lzdq6btw.cn/HysFBlPL/j/tb55.php?c=petron-m&np=taoluming&_=1647859899483
Requested by: Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66c7a22328ada0331d2e77242f2ba706d10071b028bf3de6ba4061f03de3d791

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M9v8v4m5nmRcOZzBQN7s2CXkFgdr6h4MO%2BNgAtikuDi952%2FtLIdMrKCohqfUxRmisoCyZkaPx3%2BtmHp2w%2FaqLqYfr2axa8a5tjLHsrkTzfb%2FudkJPqv%2FwXQ9EpD2RFsXWY4TULjPw1kjSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 6ef62237af04887f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 403ms
315ms Ping
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP3DQB03D8&gtm=2oe3e0&_p=275062406&sr=1600x1200&ul=en-us&cid=1253850806.1647859900&_s=1&dl=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd&dr=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&dt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A&sid=1647859899&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP3DQB03D8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Mar 2022 10:51:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://lzdq6btw.cn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 446ms
446ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=895658642&si=c7f1b3f152598f901bc0aad793b18b59&su=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&v=1.2.91&lv=1&sn=47861&r=0&ww=1600&ct=!!&u=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd%231647859900335&tt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Mar 2022 10:51:41 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 470ms
469ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=601517954&si=3883cd39b3c18ae26539940d487c3741&su=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&v=1.2.91&lv=1&sn=47862&r=0&ww=1600&ct=!!&u=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd%231647859900335&tt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Mar 2022 10:51:42 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 435ms
435ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=12476451&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&v=1.2.91&lv=1&sn=47862&r=0&ww=1600&ct=!!&u=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd%231647859900335&tt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Mar 2022 10:51:42 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 451ms
450ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1461930410&si=255bf6352b453a458133f5dd1d97c35b&su=http%3A%2F%2Fdcvvspvdj.qadjjh.tw%2F&v=1.2.91&lv=1&sn=47862&r=0&ww=1600&ct=!!&u=https%3A%2F%2Flzdq6btw.cn%2FHysFBlPL%2Fpetron-m%2F%3F_t%3D1647859898jrd%231647859900335&tt=%F0%9F%8E%89%F0%9F%9B%A2%EF%B8%8F%F0%9F%92%B0%EF%B8%8FPetron%20Corporation%20fuel%20subsidy!Petron%20Corporation%20fuel%20subsidy!%F0%9F%8E%81%F0%9F%9B%A2%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: lzdq6btw.cn
URL: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Mar 2022 10:51:42 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H2 200 / Show response
qoaaa.com//4fe48aebd6/4f59451604/ Frame 51F4 459 B
823 B 530ms
530ms Document
text/html 185.66.201.42
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://qoaaa.com//4fe48aebd6/4f59451604/?placementName=mBanner&randomA=0_4844&maxw=0
Requested by: Host: qoaaa.com
URL: https://qoaaa.com/js/responsive.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.201.42 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: affilist.com
Software: nginx /
Resource Hash: 9fc8c7f706f64afbaf5d0c2fadef7b5e44b4bc351856cad7dcf23ef1303677b2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://lzdq6btw.cn/HysFBlPL/petron-m/?_t=1647859898jrd

Response headers

server: nginx
date: Mon, 21 Mar 2022 10:51:42 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br

GET
H2 200 8242_99613DW114-EN-300x50.jpeg
aff-a.advertica-cdn.com/generic/ Frame 51F4 12 KB
11 KB 772ms
114ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aff-a.advertica-cdn.com/generic/8242_99613DW114-EN-300x50.jpeg
Requested by: Host: qoaaa.com
URL: https://qoaaa.com//4fe48aebd6/4f59451604/?placementName=mBanner&randomA=0_4844&maxw=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.200.127 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: c1d234037427910069651f7c0d4dd503b361b19ac5543f62bcd930fc7727ceb7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://qoaaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 10:51:44 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 14:27:49 GMT
server: nginx
etag: W/"5fe9eb65-2ea7"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
x-server: cdnbts
expires: Wed, 20 Apr 2022 10:51:44 GMT

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lzdq6btw.cn/	1970-01-20 19:15:31	Name: _ga_27XV1EJY28 Value: GS1.1.1647859899.1.0.1647859899.0
.lzdq6btw.cn/	1970-01-20 19:15:31	Name: _ga Value: GA1.1.1253850806.1647859900
.lzdq6btw.cn/	1970-01-20 19:15:31	Name: _ga_YP3DQB03D8 Value: GS1.1.1647859899.1.0.1647859899.0
.hm.baidu.com/	1970-01-25 20:29:45	Name: HMACCOUNT_BFESS Value: D095A853940E05F2
.lzdq6btw.cn/	1970-01-20 10:29:55	Name: Hm_lvt_c7f1b3f152598f901bc0aad793b18b59 Value: 1647859901
.lzdq6btw.cn/	1969-12-31 23:59:59	Name: Hm_lpvt_c7f1b3f152598f901bc0aad793b18b59 Value: 1647859901
.lzdq6btw.cn/	1970-01-20 10:29:55	Name: Hm_lvt_3883cd39b3c18ae26539940d487c3741 Value: 1647859902
.lzdq6btw.cn/	1969-12-31 23:59:59	Name: Hm_lpvt_3883cd39b3c18ae26539940d487c3741 Value: 1647859902
.lzdq6btw.cn/	1970-01-20 10:29:55	Name: Hm_lvt_9e84975b629767c58a8becc81600bb23 Value: 1647859902
.lzdq6btw.cn/	1969-12-31 23:59:59	Name: Hm_lpvt_9e84975b629767c58a8becc81600bb23 Value: 1647859902
.lzdq6btw.cn/	1970-01-20 10:29:55	Name: Hm_lvt_255bf6352b453a458133f5dd1d97c35b Value: 1647859902
.lzdq6btw.cn/	1969-12-31 23:59:59	Name: Hm_lpvt_255bf6352b453a458133f5dd1d97c35b Value: 1647859902

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
aff-a.advertica-cdn.com
cdn.jsdelivr.cc
dcvvspvdj.qadjjh.tw
hm.baidu.com
img.publicdn.xyz
lzdq6btw.cn
qoaaa.com
uprimp.com
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
185.66.200.127
185.66.200.220
185.66.201.42
2606:4700:3030::6815:d63
2606:4700:3032::ac43:d172
2606:4700:3034::ac43:debe
2a00:1450:4001:800::200e
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2001
2a06:98c1:3121::7
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef
10d27ce261d80eba92136d87230fa1cee96d86733433d91d0f2e662763ce0edd
1bdc48bd5351f9949972e167f0f291924c35d83dfc798e4557cd79a9c1f5213f
24e8a4f033a91a6d5934e24ce83cbe5e4e2a3e42aba13c513b3a6f1a12832f56
2ac044d3adef3c564ee94ac760e91e8662a2c4500536fe3997499a86b893d240
2bc3d4c69d2b85b7b972b8b1b1d35fe0274346231a64d63207e64b528ca2dfa3
32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60
370148b6a68b780a6cd975086f4a95fa7a98836da3c83fb5412f08cfa8045559
4987d5f43ecfeeb96384876eb9247b9653c4cb66628a594cfe87e922ab0a18b5
49b9d1a630355b147d9b11596f883cb456d9f0875451df86f15fa41028ad7490
551befb0579f3e68fa071a02baf9978bba3c47e613f4a59ea7e3777792eb2146
5e4dc4d6e56f1a8347edde53bed3790a424463ac4fbadcf80eb3a63c8f7de78a
66c7a22328ada0331d2e77242f2ba706d10071b028bf3de6ba4061f03de3d791
6f00be2a50e704ca44b0a99b91337513051a6ca58ff147dc8364576cb6250f89
7a8607c6f57a44ed667d83418c08c1f37d0895a4c75d2d17f6d858b6856f14ff
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81
82df9bc7b7a52a3a123d20ef3a6be1a7e5eef02b33f2d3a65c023b02d70c4df2
869bdff302f855ca4c61b84ce098906dfb87248f8105f2c06c2ceba572b6f847
902ef4a66b5952b06f4efe3b951baabce43d52870a571eefc199c577dc91bad3
9278771b53304ad62196ca692a8dd9a4e1734ed7f76041dee6011ad61d31bb83
96940463181f55542aedc5b211ea4576a12ada5fbfc1803e67daa779f2287d4e
99d5e6c124dc412ffa102a27b9afc4a33bb56ae21ab3aed3c81bafd820395a77
9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f
9fc8c7f706f64afbaf5d0c2fadef7b5e44b4bc351856cad7dcf23ef1303677b2
a2ed66c496426b789189122494fbc0f028c69a1ebccbf57220675d5ffc4b4039
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709
ab09cdfc22bcca11647c7eed53c651f515e2d420a5adf341e44a7d9eac827e3c
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d
b7fba71a67bd4d686900d5bc2677233f52fd7f4397dffaa7aea708196fd3214f
c1d234037427910069651f7c0d4dd503b361b19ac5543f62bcd930fc7727ceb7
c698c3f44ade22c1287a99a1a381e8428bc7feaee6b89943a3258702ce6f0ac1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6
e2c10df0d1ff18964fbc0c06d56b313e6ae114d713831cb2dc707d670e1173be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e97b15ea4486b5e4e6760d47970e38904b2ab55c33563c1308f8ba46537d03a0
ed26bfc8033da419bcf577f5934fb91a075e8aa71882c8d3396bd5b01f2b7ec9
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
eeb6faa48b5b278fa20297aabec4f843558e84cf52dba96ae2e1aaa6deab2d72
f03eb59cbbdf34f68901297ff1641cefcb629d886dae84b7b8fcc3ca904dd8e9
f70d2bee3dbb24e95d68f9643b1563f98e71f1e185b18af7877f96d69656781e

lzdq6btw.cn Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

98 %HTTPS

64 %IPv6

11 Domains

11 Subdomains

11 IPs

4 Countries

846 kBTransfer

1636 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lzdq6btw.cn Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

98 %
HTTPS

64 %
IPv6

11
Domains

11
Subdomains

11
IPs

4
Countries

846 kB
Transfer

1636 kB
Size

12
Cookies

47 HTTP transactions
0 data transactions