r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6854
Expires: Sun, 29 Jan 2023 16:36:25 GMT
Date: Sun, 29 Jan 2023 14:42:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4396
Expires: Sun, 29 Jan 2023 15:55:27 GMT
Date: Sun, 29 Jan 2023 14:42:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3243
Expires: Sun, 29 Jan 2023 15:36:14 GMT
Date: Sun, 29 Jan 2023 14:42:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 13:43:08 GMT
content-type: application/json
age: 3543
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rPhFUknacad6edt7wlSsTmJLQaa7gyiw2iUeqfZgW3hlrMr13e1z8tenNWNa19zyL/X1cUzJpZ8=
x-amz-request-id: V09H4R6QXYHNKFVP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 14:21:25 GMT
age: 1246
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 14:42:11 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 14:41:41 GMT
age: 31
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19518
Expires: Sun, 29 Jan 2023 20:07:30 GMT
Date: Sun, 29 Jan 2023 14:42:12 GMT
Connection: keep-alive
cardwellcremation.com/books/20230102_50922.html
118.107.17.253200 OK 3.5 kB URL HTTP/1.1 cardwellcremation.com/books/20230102_50922.html
IP 118.107.17.253:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1961)
Hash 0c636c821c0fb9616e7d64b9f417ff52
d034b8b6f30fe60c5da53fb6e6914735ccc19365
84e8ee5f6b28d1b9b6c5dae9b01d87c55f263388d843d03da5a68d2485645acf
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /books/20230102_50922.html HTTP/1.1
Host: cardwellcremation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 14:42:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
44.229.130.57101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.229.130.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VAz/izNwaFGMBTZWbwVpqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wQQjq7ywQbe7ST9bUlfAtumYauc=
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 1cb3489b8e09c6b5229f576d963520f3
ecc94334db6ebc8361788febb948e589b8aa3c90
87d69cef5b1068c8f9c2d741fbb0286743e1d3570bf1440ea91637d52a2cddeb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 02 Feb 2023 12:33:42 GMT
ETag: "ecc94334db6ebc8361788febb948e589b8aa3c90"
Last-Modified: Sun, 29 Jan 2023 12:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 666
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbb13e25b500-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 1cb3489b8e09c6b5229f576d963520f3
ecc94334db6ebc8361788febb948e589b8aa3c90
87d69cef5b1068c8f9c2d741fbb0286743e1d3570bf1440ea91637d52a2cddeb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 02 Feb 2023 12:33:42 GMT
ETag: "ecc94334db6ebc8361788febb948e589b8aa3c90"
Last-Modified: Sun, 29 Jan 2023 12:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 666
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbb13e85b523-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 1cb3489b8e09c6b5229f576d963520f3
ecc94334db6ebc8361788febb948e589b8aa3c90
87d69cef5b1068c8f9c2d741fbb0286743e1d3570bf1440ea91637d52a2cddeb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 02 Feb 2023 12:33:42 GMT
ETag: "ecc94334db6ebc8361788febb948e589b8aa3c90"
Last-Modified: Sun, 29 Jan 2023 12:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 666
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbb13bc4b515-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 1cb3489b8e09c6b5229f576d963520f3
ecc94334db6ebc8361788febb948e589b8aa3c90
87d69cef5b1068c8f9c2d741fbb0286743e1d3570bf1440ea91637d52a2cddeb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 02 Feb 2023 12:33:42 GMT
ETag: "ecc94334db6ebc8361788febb948e589b8aa3c90"
Last-Modified: Sun, 29 Jan 2023 12:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 666
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbb13abdb51b-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 1cb3489b8e09c6b5229f576d963520f3
ecc94334db6ebc8361788febb948e589b8aa3c90
87d69cef5b1068c8f9c2d741fbb0286743e1d3570bf1440ea91637d52a2cddeb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 02 Feb 2023 12:33:42 GMT
ETag: "ecc94334db6ebc8361788febb948e589b8aa3c90"
Last-Modified: Sun, 29 Jan 2023 12:33:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 666
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbb13e660b3d-OSL
www.rj58.cc/template/m1938pc/css/ate.css
216.83.52.98200 OK 4.5 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/css/ate.css
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type ASCII text, with CRLF line terminators
Hash 1164a38c5186eff1838f351d96dbd192
1f5c06f7969ca9602774591594b1d4170137cdc3
fec2bebf191e9c67f3ce3234909acb71fa272057962f230dce334cdfd514b3e2
GET /template/m1938pc/css/ate.css HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "0e0c8e4bbf9d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:55 GMT
Content-Length: 4498
www.rj58.cc/
216.83.52.98200 OK 17 kB IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1961), with CRLF, LF line terminators
Hash c1cc4b7d8fcb7483516cbc60f6548ce4
abebdf5453c9a0bafc573ea26214dfaf11705c44
f3e0ea3d65178f19c6efed9ab8d53d8eb00265b268e396667f2381c2b2d32f73
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET / HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cardwellcremation.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.2.34, ASP.NET
Date: Sun, 29 Jan 2023 14:40:55 GMT
Content-Length: 17138
www.rj58.cc/template/m1938pc/html9/ads/dsb.js
216.83.52.98200 OK 548 B URL HTTP/1.1 www.rj58.cc/template/m1938pc/html9/ads/dsb.js
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash a4552898485b63d0b1aadb2f232b82ca
265c24a6a42727ffef20b920b68ab4dc4c08bb8c
4691b45efca561cc0aa2ad83be41dfa5544d7fa1eaafc0f2bc9d62454ba760a4
GET /template/m1938pc/html9/ads/dsb.js HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 29 Jan 2023 08:02:06 GMT
Accept-Ranges: bytes
ETag: "05391fab733d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:55 GMT
Content-Length: 548
hm.baidu.com/hm.js?845a64ef313c15732a9952d3e7bc9879
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?845a64ef313c15732a9952d3e7bc9879
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash dcfca66cb6a253eddc9fb8069edfdf60
5fbb521b8d9a8736488b18583cede5cae6a1fb8c
8a6a1d7bb7a6dba7a64839b82a4d1ebef3800338daa6ab2e9e8ba35d3012aa86
GET /hm.js?845a64ef313c15732a9952d3e7bc9879 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: 8b060bd7dd48891a695872946f077572
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F2D988DBE2B8C95B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.rj58.cc/template/m1938pc/css/zui.css
216.83.52.98200 OK 18 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/css/zui.css
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type assembler source, Unicode text, UTF-8 (with BOM) text
Hash 7f37b117dfa0c501573846a4ae6deed2
3ec6f2715301305e6fcd49c4b79af4d276359878
3a2f44416c454990e7b961387e4205358658e68fb9c64de8ab77798188390cad
GET /template/m1938pc/css/zui.css HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "0e0c8e4bbf9d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:55 GMT
Content-Length: 17938
hm.baidu.com/hm.js?d832178dc2293a8aafacef89cf6cf2c0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?d832178dc2293a8aafacef89cf6cf2c0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash e6c0e9f561e5cdfa48b9ee1c773f0262
dccb9a68be276ba2375b765773f35d6fbf36b976
fbc5031be7bf7ed96a607e141eb019836d9e18763d85e55aa0ac6464ed80643d
GET /hm.js?d832178dc2293a8aafacef89cf6cf2c0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: 5dfcab4e2e6a918a9e868180b77756c6
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=BBBA91A533C3245A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?5182212a5be0c41dc5f6009156268935
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?5182212a5be0c41dc5f6009156268935
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash a04e1ff39d1a2e711c17a855d1ed8330
71c642fa7fbe1a4ffad59e622513a8f97228e326
3271265f690f7741c1665a9532059fde5a392fb334c4fa2b9ff6c0120677acc9
GET /hm.js?5182212a5be0c41dc5f6009156268935 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: 5e17d71d888c41581e2f4d0ef6df9502
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7D0597C9D4063AE2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?4776855d950d64543e4f03a8c31ece9b
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?4776855d950d64543e4f03a8c31ece9b
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (617)
Hash bfe37dcd0fe9b1b178bf556edd8cf03d
b37a4f8e0f7b267ebdb20c71416ff69b21153539
67d7f58578eee5e48d1e68355ffe5de85b62f07aff0d5480995cb85160fb8aba
GET /hm.js?4776855d950d64543e4f03a8c31ece9b HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: be029db1690aa70076d5e0d2375229dc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B21AA7DFB5626A0D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?07b4ab2e5098299deeb932f98dc93395
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?07b4ab2e5098299deeb932f98dc93395
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 186044014fedd4c1a4a942bc58fecd71
77c45e94fdb516fab0a6fa11125096e5f77d9409
3e0f236a57f22a38e43c3665fd1416cddb46e54f1ae2529b7db95bef21d0dc1a
GET /hm.js?07b4ab2e5098299deeb932f98dc93395 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: 8860753eb5da25426fd302468840789d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5A52C264E62DEBD8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?258a2e13a5ac06641ab1a740990c965e
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?258a2e13a5ac06641ab1a740990c965e
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 6b6f798633276b11763e0dca26ddd18b
46de5743c410f217eb5424e6ffc43e548034d87d
ea0fe9b1de08140f9aa8ff5e3ac90486b4fc6c4a74282eb432a51cc0b9ef1d54
GET /hm.js?258a2e13a5ac06641ab1a740990c965e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:13 GMT
Etag: e3c57d575481b7b73ddc75e246424feb
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=925C7309F025D951; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.rj58.cc/template/m1938pc/ads/logo.gif
216.83.52.98200 OK 5.5 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/ads/logo.gif
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 321 x 93\012- data
Hash 7ed5527b767bacb935b60dd9015acd98
bcbfc2eefaf29c89579e3b153f966e40d013722b
bc5ee36a538a2ba7fa6b36189cd71931ff9555836a4f48ab305e25456e11797b
GET /template/m1938pc/ads/logo.gif HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 20 Nov 2022 13:07:31 GMT
Accept-Ranges: bytes
ETag: "fc5888ce1fcd81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 5548
www.rj58.cc/template/m1938pc/ads/img/1.gif
216.83.52.98200 OK 254 B URL HTTP/1.1 www.rj58.cc/template/m1938pc/ads/img/1.gif
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/ads/img/1.gif HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "ca1ad9e4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 254
hm.baidu.com/hm.js?675e2d63db7bfa79b1e530352f68a041
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?675e2d63db7bfa79b1e530352f68a041
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 295df05da4be2cf1f42b2423ff57fb23
eabfb87d55192f40a80cefb1d149059729a0d6dd
48d16e6b25a8ff4c2588638821f70dcd03678b5a7b6bfc3853d70183ac5fc1de
GET /hm.js?675e2d63db7bfa79b1e530352f68a041 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: 5633796751bd5fc47f598a95c78f1798
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5272A8041BAC7D50; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1293555470&si=845a64ef313c15732a9952d3e7bc9879&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1293555470&si=845a64ef313c15732a9952d3e7bc9879&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1293555470&si=845a64ef313c15732a9952d3e7bc9879&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:14 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=74EFD04E2A0B4CCF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.rj58.cc/template/m1938pc/images/video-play.png
216.83.52.98200 OK 1.6 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/images/video-play.png
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "ea90eee4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 1567
cardwellcremation.com/favicon.ico
118.107.17.253200 OK 3.5 kB URL HTTP/1.1 cardwellcremation.com/favicon.ico
IP 118.107.17.253:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 58 x 59\012- data
Hash 235b30ea8f27c21312e8e826b2d368f8
d66cac18eedec9618e604f1c78f073d80f8f48f0
ccd394f25b31b91b69b9238778dbed5bf932d669c475c0f74d57af37f85c6f61
GET /favicon.ico HTTP/1.1
Host: cardwellcremation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cardwellcremation.com/books/20230102_50922.html
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 14:42:14 GMT
Content-Type: image/x-icon
Content-Length: 3545
Last-Modified: Tue, 05 Jul 2022 22:24:25 GMT
Connection: keep-alive
ETag: "62c4ba19-dd9"
Accept-Ranges: bytes
u22033.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
13.227.254.66200 OK 393 kB URL HTTP/2 u22033.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
IP 13.227.254.66:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 393 kB (393378 bytes)
Hash a930de5ec6e818c397927d0c8e288eb4
5740c07c68ec2828cf3544a76afa1755077a6f57
e5a218bd1dc9bc6410f36069969a1c36a3f34f0d42079c4bd02ec8c19421bee0
GET /65e7e65f41ad1c2cb20bb39e08e6b041.gif HTTP/1.1
Host: u22033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 393378
last-modified: Tue, 03 Jan 2023 03:28:21 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 28 Jan 2023 23:58:16 GMT
etag: "a930de5ec6e818c397927d0c8e288eb4"
x-cache: Hit from cloudfront
via: 1.1 49b0629f9da8a770925ad02807586202.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: PoHRlh-THwbYiPoPoQAAcyXBou_zu0NbRUwTkZVmymNhakmvu7lYzw==
age: 53038
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?675e2d63db7bfa79b1e530352f68a041
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?675e2d63db7bfa79b1e530352f68a041
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash e485fbcb0f50318cd36a95b20a2db086
28b468aa85c122656f368f8e95261c5ec81d750e
5495bdbe8d5da8b82264c4ca8aa4e1775eecfe6dc37ac6d8052abb222bc66d64
GET /hm.js?675e2d63db7bfa79b1e530352f68a041 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 5633796751bd5fc47f598a95c78f1798
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: 39e56c8c222a0a19114c2298d3b1026f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5E3E7E03ACAC99E8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.rj58.cc/template/m1938pc/fonts/e61a601604fe408d85f635b56e71b3a1.woff
216.83.52.98404 Not Found 1.2 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/fonts/e61a601604fe408d85f635b56e71b3a1.woff
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 8363acaeab9cbb099b59b78a44127ca6
aef448ce5500e3734059ec285cf6ec0b547075f2
9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
GET /template/m1938pc/fonts/e61a601604fe408d85f635b56e71b3a1.woff HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.rj58.cc/template/m1938pc/css/zui.css
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 1163
www.rj58.cc/template/m1938pc/ads/zb.gif
216.83.52.98200 OK 87 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/ads/zb.gif
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 960 x 120\012- data
Hash c93b3ed293066d747d880ea368f305c3
7847cf128db1b0cc6f25cbfb54125348bf6dda97
79a2ddaa98a1421d78798163acdce3928ac97d2f63e5a7a64ff011180661a2b3
GET /template/m1938pc/ads/zb.gif HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "ca1ad9e4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 86697
hm.baidu.com/hm.js?d832178dc2293a8aafacef89cf6cf2c0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?d832178dc2293a8aafacef89cf6cf2c0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash e0fdf1f97994673771a6fcce61a77e66
e3e358f7d2ac99861104fde7eb8f670d05681816
8ed6de7c38e139ca7336ca42f7a4b6ae4c19e3fe0dde7d2ab3c6ac30684f07f8
GET /hm.js?d832178dc2293a8aafacef89cf6cf2c0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 5dfcab4e2e6a918a9e868180b77756c6
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: db9b5b32dc87bd46b880ce198627b0d0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=80B3D04C3972E985; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?5182212a5be0c41dc5f6009156268935
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?5182212a5be0c41dc5f6009156268935
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash dec0e4e3ac95aa4669fb31e3111cc312
7fb7b463ea626d67b4a1a22fb2614c9c0d6526dc
6abf1d928894da7f334a77cad9be37f488dd09d30ef2f705d42c82a7ea9ff0b2
GET /hm.js?5182212a5be0c41dc5f6009156268935 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 5e17d71d888c41581e2f4d0ef6df9502
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: 9e109f8b1bf8d102d6caa21dbb39c434
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=40002EB82075F901; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?07b4ab2e5098299deeb932f98dc93395
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?07b4ab2e5098299deeb932f98dc93395
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash ee419a5866926e4e311c8428b6da8075
b1644262974293c2e22e0dd7ceb009ae985fc4cd
148580641bf1eff5902d57132f956e829f08b86f75a86ae1d7d921460a10d777
GET /hm.js?07b4ab2e5098299deeb932f98dc93395 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 8860753eb5da25426fd302468840789d
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: b31f78881dcf914b1cc6c5c8c909e158
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=E810ABC597ABDC3E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 92835c99062dd7c2497f5ee0f9d053b1
87490fe7aad865349e35cfa665f549506d27807d
b965553f1534c06058fcd8bd5247f1c10276241b26f75cb38a1360d25cc67ff8
GET /hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: c2bee8a41b5529dcda6ea065560b0803
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5875AC9BAD38596C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?258a2e13a5ac06641ab1a740990c965e
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?258a2e13a5ac06641ab1a740990c965e
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 576648274f216b48566e0520976d4cf5
56e5f6d517f83914e59941ef3ee8323d18ee9aee
c70fe0f9723caa88313bca07720932e5780e072c8334826f2dcbf31532ea9d45
GET /hm.js?258a2e13a5ac06641ab1a740990c965e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: e3c57d575481b7b73ddc75e246424feb
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:14 GMT
Etag: fd434184cd29ae08961f7dad7e979108
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=496C7F57BD42157C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?2b3db8253435b071db99935eb54e99bb
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?2b3db8253435b071db99935eb54e99bb
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash e29f70340a764be89a3e3625eda8d0ad
084902fd4344f95eb20b2eef66b1b1961159de13
2d764527195f9ae1e23f77b3e7f9b46f706def4a6362952c1f87e05366efeb4c
GET /hm.js?2b3db8253435b071db99935eb54e99bb HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: 708d538e068fda4949c45a921766ba9f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=121C520724ABBC66; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1623406506&si=675e2d63db7bfa79b1e530352f68a041&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1623406506&si=675e2d63db7bfa79b1e530352f68a041&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1623406506&si=675e2d63db7bfa79b1e530352f68a041&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=379447CCFF81A9B9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.rj58.cc/template/m1938pc/fonts/iconfont.woff
216.83.52.98200 OK 525 B URL HTTP/1.1 www.rj58.cc/template/m1938pc/fonts/iconfont.woff
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash f66ed8f90ffb0fc831098b7701d3ba8a
1bc63ccb714f1272c80b224aa8fd9da94914825d
6ccac1f3560824c5e11e27d1798e447cfc5a930e5824009d6b1cf8eb98e248de
GET /template/m1938pc/fonts/iconfont.woff HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.rj58.cc/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Content-Type: font/x-woff
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "85dfdde4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 525
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=713564245&si=5182212a5be0c41dc5f6009156268935&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=713564245&si=5182212a5be0c41dc5f6009156268935&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=713564245&si=5182212a5be0c41dc5f6009156268935&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7F7BC0EA987E5217; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1070267740&si=d832178dc2293a8aafacef89cf6cf2c0&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1070267740&si=d832178dc2293a8aafacef89cf6cf2c0&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1070267740&si=d832178dc2293a8aafacef89cf6cf2c0&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=667AD90CB77590D8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1301859126&si=07b4ab2e5098299deeb932f98dc93395&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1301859126&si=07b4ab2e5098299deeb932f98dc93395&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1301859126&si=07b4ab2e5098299deeb932f98dc93395&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C26A7138EB898413; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=155262473&si=258a2e13a5ac06641ab1a740990c965e&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=155262473&si=258a2e13a5ac06641ab1a740990c965e&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=155262473&si=258a2e13a5ac06641ab1a740990c965e&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F01BE9DDA7C316B7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=944563142&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=944563142&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=944563142&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7D3A6146980AD6CF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.rj58.cc/template/m1938pc/fonts/iconfont.ttf
216.83.52.98200 OK 257 B URL HTTP/1.1 www.rj58.cc/template/m1938pc/fonts/iconfont.ttf
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b6bf2659c287c7e192ff7c20853205e4
91087c59b4f1a108c0515d4daeb8d4cc49b62da5
a3cc4d1f67765644ce73654ad2d0a1e9f2b85553268d2f3e4d438da3bda75bb4
NIDS Severity Alert suricata medium ETPRO HUNTING HTTP 200 Stat Code with 404 in Body
GET /template/m1938pc/fonts/iconfont.ttf HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "85dfdde4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:57 GMT
Content-Length: 257
hm.baidu.com/hm.js?2b3db8253435b071db99935eb54e99bb
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?2b3db8253435b071db99935eb54e99bb
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 9983ad231836ca448384c701dc4000e2
b251a7430c4a820e61d1aa3dbcd64c40d19e18e3
2128ea5e43a21fdcae9f52f9825e64c1b57f8bada1f614f01519740b2906fd62
GET /hm.js?2b3db8253435b071db99935eb54e99bb HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 708d538e068fda4949c45a921766ba9f
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: d2664e052ceba3c4a1ab416963e65561
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0CABAEFC30A65CB0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1883221551&si=2b3db8253435b071db99935eb54e99bb&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1883221551&si=2b3db8253435b071db99935eb54e99bb&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1883221551&si=2b3db8253435b071db99935eb54e99bb&v=1.3.0&lv=1&sn=59813&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4A23A7593337E763; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 888e45978cad218f756c81b7a3404850
09662a6e337eb9a7dca8c4c25aaedf7840803b39
d53ab11cd386c3d967d8df78596aacfbeb456c2bdb6a15863a7166a9a231b3e6
GET /hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: 104eb3fc7f61eff6601ba63918ca6fdb
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4B085C33163CFDA7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9452
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 14:42:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9452
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 14:42:15 GMT
Connection: keep-alive
dimg04.c-ctrip.com/images/0100f12000ae3ck8y7042.gif?proc=autoorient
104.110.17.24200 OK 175 kB URL HTTP/2 dimg04.c-ctrip.com/images/0100f12000ae3ck8y7042.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 175 kB (175192 bytes)
Hash 84da714bad49f50cfb13f96109ca82d3
34cf50dff8785d62c65286cf8316747f1c4ca613
076ac3243481224e8f70c52317c5fae1de18dd28117c5a80e1b7b37898341d8c
GET /images/0100f12000ae3ck8y7042.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 175192
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=5777013
expires: Thu, 06 Apr 2023 11:25:48 GMT
date: Sun, 29 Jan 2023 14:42:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:57:16 GMT
age: 85499
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 55851
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 33486
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97118e74a8f60620950e42a11c11d71b
d144bbb82392a6103810ac9baa5346ddbefb5c16
2ce0c9696cf9842243186e86bae28c22896a9f51837f4961b6c7e3cfdfb24bd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3774
x-amzn-requestid: deae2f1e-baec-408c-92a7-4859d4afed47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EgFAgoAMFXRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b6-32a2ff1a369e7b5f41ecbabd;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VA7MkuSOzdsSIBVjT8kx3Azf1hvLzVrLOoxXrknN-J5p1BUqVvVz0w==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 22:05:07 GMT
age: 59828
etag: "d144bbb82392a6103810ac9baa5346ddbefb5c16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 75979
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 55787
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash e8eccc805ada332d273e97c07554c2f5
e8880f57e66a6cc8a232ad37be5687e25a2b4a88
299a5ba180a3843f7d1865541dbc52724bcae15370b321f4a6540bd2f4a12779
GET /hm.js?8b0295edbcfa9cd8148a5e6bf52a2a2f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: c2bee8a41b5529dcda6ea065560b0803
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: bb5bf21622ca8c632c62b97ec9db3959
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0C6E8D1E0FDCB236; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 28806742fdb9a238ddefb87f6f0a9009
65869554e2e7f96f579920bdc5d3db6c5bba4330
d66b5e8923c6a8d8d58e7eb1ce97f25b5e325d890ea362f0f47c7ba4532e7711
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 14:42:15 GMT
Last-Modified: Sun, 29 Jan 2023 13:27:04 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U2EqGVgo7sU8d_mQ07tVbd-otrRcrfXfqMURGQPAfmMbW7i1zXix_w==
Age: 4511
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f68caf1c9f22533137c17477ddac0962
dbc737fe5ad6f0e035c3c19779744eded378d6ed
d08a870fe9237c6e31a8e6d7ce08b3d9b9dcce3f623156203bbc78f5b965483a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 15:08:26 GMT
Expires: Fri, 03 Feb 2023 15:08:25 GMT
Etag: "dbc737fe5ad6f0e035c3c19779744eded378d6ed"
Cache-Control: max-age=432969,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbbfe8a6b524-OSL
sj86.cc/template/m1938pc/ads/32.gif
216.83.52.115200 OK 76 kB URL HTTP/1.1 sj86.cc/template/m1938pc/ads/32.gif
IP 216.83.52.115:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 500 x 200\012- data
Hash 701881ea0f42d0d801c9f15b202582bc
9f8d2aa07cd258e92517af88fc40aa9db2a2181f
e7bf2394d7369507dbf85967be80a1676a6d4aa1666822e384f3d9e7db16761e
GET /template/m1938pc/ads/32.gif HTTP/1.1
Host: sj86.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Nov 2022 05:57:53 GMT
Accept-Ranges: bytes
ETag: "922c8849fad81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 76153
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1127ceac79ce490d1a9b44828081a54d
6be7fa3c76c78d0152511fa08aaf461e7c619506
f01f3892ebf92bdeb8ae3fba811cbabf900ca669f43c1c963ece144325e8a766
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 18:50:25 GMT
Expires: Sat, 04 Feb 2023 18:50:24 GMT
Etag: "6be7fa3c76c78d0152511fa08aaf461e7c619506"
Cache-Control: max-age=532688,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbbfe8a5b524-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4a3e20a627bf2010e7190db632a5373f
3cc6ad9fe892d022b623ad2882c666843e263969
ae88148a3382c08ddcabdfde3b986d679ad77f04ca765b367bd0894667e945d2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 23:53:11 GMT
Expires: Sat, 04 Feb 2023 23:53:10 GMT
Etag: "3cc6ad9fe892d022b623ad2882c666843e263969"
Cache-Control: max-age=550854,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbbfee7fb51d-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 30b9e0d34dd9208ffb2a55084b6d282a
aa128bf6aeab9a289689fdff8da16b987229b953
a2575b816e39f210528f920a1b32bf389aa2263e29309359eac8bdda4fe593fa
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 03:24:53 GMT
Expires: Sat, 04 Feb 2023 03:24:52 GMT
Etag: "aa128bf6aeab9a289689fdff8da16b987229b953"
Cache-Control: max-age=477156,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbbfefa1fabc-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e93f278794d1d2eb0ca7cee811c569e6
79c43802087b87da650a2cadee1fc4cd8c051ba9
8550a2992e022fec538b3a6dec951c7c88c2dd7ceefd9e58ea65dee59031cb20
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 15:36:43 GMT
Expires: Sat, 04 Feb 2023 15:36:42 GMT
Etag: "79c43802087b87da650a2cadee1fc4cd8c051ba9"
Cache-Control: max-age=521066,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbbfeee60b41-OSL
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2004715567&si=d832178dc2293a8aafacef89cf6cf2c0&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2004715567&si=d832178dc2293a8aafacef89cf6cf2c0&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2004715567&si=d832178dc2293a8aafacef89cf6cf2c0&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=EA7D1CC5594B5157; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 6706b6a4fb236cb9943e0923f18b1d28
142b615c653701701219853e8b9ae44ba73eec56
1a10888785ba347fb37f8348f5308e1874ce39d46815ec4092b0b6dce9a95124
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:21:36 GMT
Expires: Thu, 02 Feb 2023 03:21:35 GMT
Etag: "142b615c653701701219853e8b9ae44ba73eec56"
Cache-Control: max-age=549135,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7912bbbffcd2b4f7-OSL
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1370292476&si=2b3db8253435b071db99935eb54e99bb&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1370292476&si=2b3db8253435b071db99935eb54e99bb&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1370292476&si=2b3db8253435b071db99935eb54e99bb&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8F33D58384F809CC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=818338432&si=5182212a5be0c41dc5f6009156268935&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=818338432&si=5182212a5be0c41dc5f6009156268935&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=818338432&si=5182212a5be0c41dc5f6009156268935&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=CE3911BAB6C727B7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
link.imgapp.top/images/63ba73afa92cd2097e833f91.gif
3.36.126.81302 Found 43 B URL HTTP/2 link.imgapp.top/images/63ba73afa92cd2097e833f91.gif
IP 3.36.126.81:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /images/63ba73afa92cd2097e833f91.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/96116c5b187b452d8a7ceae72d087e8f
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?debe76ff0e8bf8a9bce3535f8890ee6c
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?debe76ff0e8bf8a9bce3535f8890ee6c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 51bc1d9964558a0d156cbadd7f1c19bf
ed5d38cb690d2f9749f8737da94fe5cba527add0
a9aeaf38d1adb4f6068d7ad27746a1308bbc73d79d574718c26861342037fbc1
GET /hm.js?debe76ff0e8bf8a9bce3535f8890ee6c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: 7a74cd63a549e877b226f5aaaa355c12
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=599BF58B99FEBCF5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2006227757&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2006227757&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=2006227757&si=8b0295edbcfa9cd8148a5e6bf52a2a2f&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59813&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4CEED18B2023D168; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?34d80a7dc169cac3dfc63d36a888e85d
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?34d80a7dc169cac3dfc63d36a888e85d
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 1f34b86bcb8be7f0c08dc98bd090b163
1482a0b803a1a7d084164dd1d978db4114ae88b7
fb7d455f52d1aca9202f171a5ae7a71d57f1b7a00121fd5295f9794356951afd
GET /hm.js?34d80a7dc169cac3dfc63d36a888e85d HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: ded10fc54e3d3e08fa790b99fea93373
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8EE8287BEE226157; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
sj86.cc/template/m1938pc/ads/33.gif
216.83.52.115200 OK 141 kB URL HTTP/1.1 sj86.cc/template/m1938pc/ads/33.gif
IP 216.83.52.115:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 500 x 200\012- data
Size 141 kB (141377 bytes)
Hash e6f6abe8f4376f887afbf1176b4eef5f
053024001885155c854fe7c2a6e9debfc8a3839d
ead0ec2e39f8d2391b330cedf92eb85c55b61444c62cafd7e6c7a37dfcc4a907
GET /template/m1938pc/ads/33.gif HTTP/1.1
Host: sj86.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Nov 2022 05:57:53 GMT
Accept-Ranges: bytes
ETag: "922c8849fad81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 141377
sj86.cc/template/m1938pc/ads/31.gif
216.83.52.115200 OK 111 kB URL HTTP/1.1 sj86.cc/template/m1938pc/ads/31.gif
IP 216.83.52.115:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 500 x 200\012- data
Size 111 kB (110778 bytes)
Hash aa21f22d01ef2cd02b1a0efd4b29c86a
f2e17a29aefe4c94976a971479f5ad526e923751
3cbb82a743d3209db517dad385712e5981706cf55e3c4d2dc231a6a684ec0ffd
GET /template/m1938pc/ads/31.gif HTTP/1.1
Host: sj86.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Nov 2022 05:57:53 GMT
Accept-Ranges: bytes
ETag: "922c8849fad81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 110778
hm.baidu.com/hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 226fd3caed797be0de9b69bb5a3e198c
05dd28349089a9b2cb195fa51981b6898dcf5c01
36da36a9cabcbcc232f0a40c735b45268b654a14ba05c2742462a9dbe92610e8
GET /hm.js?48b4dd21f87e9ab3442fdd3d9eff1b40 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 104eb3fc7f61eff6601ba63918ca6fdb
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:15 GMT
Etag: 95e91d45b7d396210ff4d41c7569af7b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=65527CE665DAFF47; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
u1033.com/18592659a97141ffadcccdb393ecd2ac.png
45.61.212.144200 OK 36 kB URL HTTP/2 u1033.com/18592659a97141ffadcccdb393ecd2ac.png
IP 45.61.212.144:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 69c35b13d1e97f07c8510ae62a7f3a6e
023490e93c436064914350db9fddfbac4ccb46b6
ad5aad51e185c2885399699839b9c5a8aa4750643318451b6df10262131208b6
GET /18592659a97141ffadcccdb393ecd2ac.png HTTP/1.1
Host: u1033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "63bae099-8c8c"
server: nginx
date: Thu, 26 Jan 2023 20:02:23 GMT
content-type: image/png
last-modified: Sun, 08 Jan 2023 15:26:17 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us4-cdnb-14
content-length: 35980
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 576967317a73096b9fc9c911816a0715
a62047f811ff0e926854b2b84be58d2623b3a379
f96035b9e54ee0e8ccae7a02083d788ff5162cf703016c0d7a5bf9c8e757ce1b
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:16 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 07:03:58 GMT
Expires: Sat, 04 Feb 2023 07:03:57 GMT
Etag: "a62047f811ff0e926854b2b84be58d2623b3a379"
Cache-Control: max-age=490300,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbc36990b50b-OSL
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1052243412&si=4776855d950d64543e4f03a8c31ece9b&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1052243412&si=4776855d950d64543e4f03a8c31ece9b&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1052243412&si=4776855d950d64543e4f03a8c31ece9b&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=705B828B170EA7DC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=569639117&si=07b4ab2e5098299deeb932f98dc93395&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=569639117&si=07b4ab2e5098299deeb932f98dc93395&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=569639117&si=07b4ab2e5098299deeb932f98dc93395&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DF7300766C9B0C2A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
n0622.com/fb58456792f44f99874072912809e21f.png
18.139.108.125200 OK 33 kB URL HTTP/2 n0622.com/fb58456792f44f99874072912809e21f.png
IP 18.139.108.125:0
Hash 091d2141d9d725b750e297335341fba9
5a9c789b2c9bb4f1a79c23883b0a5eaa38bfa610
13b04e76dcfb06caeae61d1d916e71d1ebb5d80d748c48fd3f5168ca949783da
GET /fb58456792f44f99874072912809e21f.png HTTP/1.1
Host: n0622.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Wed, 04 Jan 2023 10:31:25 GMT
etag: W/"63b5557d-7e69"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
c995tp1.com/960-100.gif
162.250.140.222200 OK 379 kB IP 162.250.140.222:0
File type GIF image data, version 89a, 960 x 100\012- data
Size 379 kB (379403 bytes)
Hash d4c5e28b998a0f06843ce154b2eba246
ad5fa8f21600f517deff62d06fca563e426c1584
bc9fe7277d54d00ebe4c5cf810970f5028dc48dc0387c990bd62f039281f3258
GET /960-100.gif HTTP/1.1
Host: c995tp1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 29 Jan 2023 14:42:15 GMT
Content-Type: image/gif
Content-Length: 379403
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 01:43:13 GMT
ETag: "637ecc31-5ca0b"
Expires: Sat, 24 Dec 2022 02:37:25 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Via: 162.250.140.218
CDN-Cache: HIT
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=361169016&si=258a2e13a5ac06641ab1a740990c965e&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=361169016&si=258a2e13a5ac06641ab1a740990c965e&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=361169016&si=258a2e13a5ac06641ab1a740990c965e&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7759CC8D8B8F56B8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 524699cb164d16a5a254ceed5ee57c66
3fd0b7edaebe52f4ef83c83a4d4c2c49ea9cc547
9854f03daa84de506b1420f5a32ffae85c05c14f8110f33bf3a4403a5eaab29e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:16 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 12:10:08 GMT
Expires: Thu, 02 Feb 2023 12:10:07 GMT
Etag: "3fd0b7edaebe52f4ef83c83a4d4c2c49ea9cc547"
Cache-Control: max-age=335870,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbc44c82b515-OSL
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1054224986&si=debe76ff0e8bf8a9bce3535f8890ee6c&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1054224986&si=debe76ff0e8bf8a9bce3535f8890ee6c&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1054224986&si=debe76ff0e8bf8a9bce3535f8890ee6c&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7E23D818BC5D98D2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=297525009&si=34d80a7dc169cac3dfc63d36a888e85d&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=297525009&si=34d80a7dc169cac3dfc63d36a888e85d&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=297525009&si=34d80a7dc169cac3dfc63d36a888e85d&v=1.3.0&lv=1&sn=59814&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4EC4080E24BBC132; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 57ae726f4c8faf373fabcaca21265c76
502aef59d774cf042dc98fa84862074a23b8e967
58db2e122ca090e6763b6d9fbd7d08b89c2f2ab0d2f37fe836107c3bc4abfd8d
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:16 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 22:55:58 GMT
Expires: Sat, 04 Feb 2023 22:55:57 GMT
Etag: "502aef59d774cf042dc98fa84862074a23b8e967"
Cache-Control: max-age=547420,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbc36ba41c16-OSL
img.1158555.com/images/63ca2972dc028820bbd7b082.gif
3.36.126.81302 Found 727 B URL HTTP/2 img.1158555.com/images/63ca2972dc028820bbd7b082.gif
IP 3.36.126.81:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
GET /images/63ca2972dc028820bbd7b082.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2054
Cache-Control: max-age=114430
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 14:42:16 GMT
Etag: "63d599c0-2d7"
Expires: Mon, 30 Jan 2023 22:29:26 GMT
Last-Modified: Sat, 28 Jan 2023 21:55:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 727
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash e0b129531c5d0c9ebab28d14eb44ccaa
df1a8eb39b2dd1da5992b5a559f5f715252b1e4a
9555ad8bf81bd62c2ae4868ba22b50997b29f1f42e5fc5337c957f337810826a
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:16 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 11:20:27 GMT
Expires: Sun, 05 Feb 2023 11:20:26 GMT
Etag: "df1a8eb39b2dd1da5992b5a559f5f715252b1e4a"
Cache-Control: max-age=592089,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7912bbc4290a0b49-OSL
p3.douyinpic.com/obj/tos-cn-i-dy/96116c5b187b452d8a7ceae72d087e8f
47.246.44.224200 OK 13 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/96116c5b187b452d8a7ceae72d087e8f
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Hash c629670fb1e01dae101f66326c61b652
a4603c10f9ae33d366c8369ea13caf38300b40c9
158b54c1a79760e1caa291e68756b80660641906191eb20eaec77c2bedc782af
GET /obj/tos-cn-i-dy/96116c5b187b452d8a7ceae72d087e8f HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 13094
date: Sun, 08 Jan 2023 07:53:20 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 08 Jan 2023 07:41:40 GMT
nw-session-id: 2023010815414062DEDDEAE313FB566CB5zbj9202dy
nw-session-trace: 2023-01-08T15:41:40.673360136+08:00 54
x-bdcdn-cache-status: TCP_HIT
x-length: 13094
x-powered-by: ImageX
x-response-date: Sun, 08 Jan 2023 15:41:40 GMT
x-tt-logid: 2023010815414062DEDDEAE313FB566CB5
via: n132-082-085, cache26.l2de2[0,0,206-0,H], cache15.l2de2[1,0], cache15.l2de2[2,0], cache7.se1[0,0,200-0,H], cache1.se1[1,0]
x-request-ip: fdbd:dc03:4:481::29
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01c8cd9920d5b2dee88135f0fcfdadd3ecbb030b476f019112723fbb9acb51cd65297b982bba9f697c5b5e0b5be2cd3eec512c58eae7215282e60a18a7d3ac3459ef785f38b352a1694f67aa552c9e4bfb8af269d38555268ad206b011f8134795
x-response-lb: image
ali-swift-global-savetime: 1673164401
age: 1838935
x-cache: HIT TCP_MEM_HIT dirn:5:378932610
x-swift-savetime: Sun, 08 Jan 2023 08:18:03 GMT
x-swift-cachetime: 31534518
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033365161219e
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5909
Cache-Control: max-age=118285
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 14:42:16 GMT
Etag: "63d599c0-2d7"
Expires: Mon, 30 Jan 2023 23:33:41 GMT
Last-Modified: Sat, 28 Jan 2023 21:55:12 GMT
Server: ECS (amb/6B97)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0326c2222071855b03d8ac4b3028451e
0e84c8351a52ff461ac1e04ee0fcd6b616afdbbd
b3fc06bed02ccfeb8488c7fe0e447b01ccdbf74d9cdad16d4911650ce9e47635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4958
Cache-Control: max-age=117334
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 14:42:16 GMT
Etag: "63d599c0-2d7"
Expires: Mon, 30 Jan 2023 23:17:50 GMT
Last-Modified: Sat, 28 Jan 2023 21:55:12 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 727
link.imgapp.top/images/63ba73afa92cd2097e833f90.gif
3.36.126.81302 Found 489 kB URL HTTP/2 link.imgapp.top/images/63ba73afa92cd2097e833f90.gif
IP 3.36.126.81:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 489 kB (488987 bytes)
Hash 6a7d54ecdc2d1cce357d304db217ccec
03a803d54b6a1dd16cba5d73bf4e732d8b7be263
7cd4479b97a015f11a04b2d7d94fbe78030a7e0e3de457bf72abdbf53235c7d8
GET /images/63ba73afa92cd2097e833f90.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/c3314f366e5e434b85a930b7f4c77368
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=584359761&si=48b4dd21f87e9ab3442fdd3d9eff1b40&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=584359761&si=48b4dd21f87e9ab3442fdd3d9eff1b40&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=584359761&si=48b4dd21f87e9ab3442fdd3d9eff1b40&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C0F34A9A10CA198C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
47.246.44.224200 OK 517 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 517 kB (517096 bytes)
Hash b015f844cdbda5be42c43fe5bb5b993f
10587b61d92be7f0a4aa6653a9f6c164a9f3b69c
4e5d7e2968aaca9342c547ba9e97f05ff806b25b6f855f1f2793bcb2475e0205
GET /obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 517096
date: Sat, 17 Dec 2022 11:18:34 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 17 Dec 2022 11:00:48 GMT
nw-session-id: 2022121719004801013516002323962051twstf03dy
nw-session-trace: 2022-12-17T19:00:48.951640063+08:00 34
x-bdcdn-cache-status: TCP_HIT
x-length: 517096
x-powered-by: ImageX
x-response-date: Sat, 17 Dec 2022 19:00:48 GMT
x-tt-logid: 2022121719004801013516002323962051
via: n204-098-051, cache21.l2de2[0,0,206-0,H], cache16.l2de2[2,0], cache16.l2de2[2,0], cache3.se1[0,0,200-0,H], cache1.se1[1,0]
x-request-ip: fdbd:dc01:26:287::163
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01c70dd2b30bede540a99194c063ce108101d034b2bc06742999480189a70338073531a21048b7226c8d9db6b57c602b7a643b25caab025ee62988ef41f310316a2088155c6bd9b79fb7ee97192a19f9ebe92eeb40309de15bbb62b014771711ec
x-response-lb: image
ali-swift-global-savetime: 1671275914
age: 3727422
x-cache: HIT TCP_MEM_HIT dirn:2:442541432
x-swift-savetime: Sat, 17 Dec 2022 12:39:27 GMT
x-swift-cachetime: 31531147
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033365221226e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/c3314f366e5e434b85a930b7f4c77368
47.246.44.224200 OK 175 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/c3314f366e5e434b85a930b7f4c77368
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 175 kB (175192 bytes)
Hash 84da714bad49f50cfb13f96109ca82d3
34cf50dff8785d62c65286cf8316747f1c4ca613
076ac3243481224e8f70c52317c5fae1de18dd28117c5a80e1b7b37898341d8c
GET /obj/tos-cn-i-dy/c3314f366e5e434b85a930b7f4c77368 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 175192
date: Sun, 08 Jan 2023 07:53:20 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 08 Jan 2023 07:52:08 GMT
nw-session-id: 2023010815520896A0C3471D1E3952EC75xgdvr03dy
nw-session-trace: 2023-01-08T15:52:08.061468969+08:00 24
x-bdcdn-cache-status: TCP_HIT
x-length: 175192
x-powered-by: ImageX
x-response-date: Sun, 08 Jan 2023 15:52:08 GMT
x-tt-logid: 2023010815520896A0C3471D1E3952EC75
via: n132-090-149, cache14.l2de2[0,0,206-0,H], cache1.l2de2[0,0], cache1.l2de2[1,0], cache5.se1[0,0,200-0,H], cache1.se1[1,0]
x-request-ip: fdbd:dc03:8:577::23
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01c8cd9920d5b2dee88135f0fcfdadd3ec2c4803388b6872f6b8dbc526f7ab730ab534ddf734f31239dc117f5090033dfea83f66049a5ce9bd0030117da2f8d29516013c8f7a20aa282acd3c597eafd4faef7c094b46c58faf915bf7a71e27f116
x-response-lb: image
ali-swift-global-savetime: 1673164401
age: 1838935
x-cache: HIT TCP_MEM_HIT dirn:11:189731098
x-swift-savetime: Sun, 08 Jan 2023 08:18:03 GMT
x-swift-cachetime: 31534518
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033365441251e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/c7d5c035a89c4fc7b4a8b0f7a49b03bf
47.246.44.224200 OK 180 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/c7d5c035a89c4fc7b4a8b0f7a49b03bf
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 180 kB (180329 bytes)
Hash 52d2ab7fccf3c98d8e933e091c1961ea
ceee44d6d4fb43baa4a499e67051c7a30f4f49ac
ea6b63cdb3fa6f25d653829d48980f2106cec695d21723ba927d7b555bfb25e4
GET /obj/tos-cn-i-dy/c7d5c035a89c4fc7b4a8b0f7a49b03bf HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 180329
date: Mon, 05 Dec 2022 12:47:14 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 12:06:03 GMT
nw-session-id: 2022120520060301021018604508C904938ptc703dy
nw-session-trace: 2022-12-05T20:06:03.83963871+08:00 19
x-bdcdn-cache-status: TCP_HIT
x-length: 180329
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 20:06:03 GMT
x-tt-logid: 2022120520060301021018604508C90493
via: n131-120-203, cache4.l2de2[0,10,206-0,H], cache5.l2de2[11,0], cache5.l2de2[13,0], cache7.se1[0,0,200-0,H], cache1.se1[19,0]
x-request-ip: fdbd:dc03:14:130::18
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=19
x-tt-trace-host: 01cc74e78733f8c0b7d47bbd2bd8e6e790e78a8f54d3426915c809bd28cd1aca2f1146d6bb25ec53947b39a99bfdf2ca0a4d3c4a6405b203e3160876239e28cf415eaf5e587a7cd4096a48cdd13f046b175a95c61d4fd9e3eaa8eff2132e3e8641
x-response-lb: image
ali-swift-global-savetime: 1670244434
age: 4758902
x-cache: HIT TCP_MEM_HIT dirn:5:153821765
x-swift-savetime: Mon, 05 Dec 2022 13:01:19 GMT
x-swift-cachetime: 31535155
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033365241227e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/0c3d2cdaed96469f9d5774583186184e
47.246.44.224200 OK 320 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/0c3d2cdaed96469f9d5774583186184e
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 200 x 200\012- data
Size 320 kB (320396 bytes)
Hash f1bd2e508413c6089ec9fcf6954b2196
b60c7b6b05a282a58ecde182ce2ac5a5a2ac087a
16df1f845970a1b49b6309d0af3dfabe40e54bb3a9bac381a2dac8ff1f9a6ff3
GET /obj/tos-cn-i-dy/0c3d2cdaed96469f9d5774583186184e HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 320396
date: Mon, 09 Jan 2023 10:08:43 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 09 Jan 2023 07:08:17 GMT
nw-session-id: 202301091508176FA8411628FCE4CBEC53hfr7h02dy
nw-session-trace: 2023-01-09T15:08:17.16834519+08:00 59
x-bdcdn-cache-status: TCP_HIT
x-length: 320396
x-powered-by: ImageX
x-response-date: Mon, 09 Jan 2023 15:08:17 GMT
x-tt-logid: 202301091508176FA8411628FCE4CBEC53
via: n131-120-212, cache15.l2de2[193,193,206-0,M], cache3.l2de2[194,0], cache3.l2de2[194,0], cache1.se1[0,0,200-0,H], cache1.se1[2,0]
x-request-ip: fdbd:dc03:8:577::15
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 010310055a616c7640b1adfd1df01d700f9720441faf0ff71ca062e2d09456afec5834e5463ff7a0a99756c58a3f3eed9fc19cb228d6532aa762056b2747f1565aa9785904b425a64e8d02e83e350f10f28a557088a272ebca70317e4d3821a3e6
x-response-lb: image
ali-swift-global-savetime: 1673258924
age: 1744412
x-cache: HIT TCP_HIT dirn:4:255717592
x-swift-savetime: Mon, 09 Jan 2023 10:08:44 GMT
x-swift-cachetime: 31536000
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033365461253e
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?debe76ff0e8bf8a9bce3535f8890ee6c
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?debe76ff0e8bf8a9bce3535f8890ee6c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 8d74575ff4029b3bac7e49187efaa268
b16cf06cb0968709f871ab5faa61d166f00283f3
89a07c03da1e38d3fc6a0f9e8501432607fa0b8e314613c881ffc6ee6a3e4fbb
GET /hm.js?debe76ff0e8bf8a9bce3535f8890ee6c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 7a74cd63a549e877b226f5aaaa355c12
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:16 GMT
Etag: 5001cbd6c0d0d6ec524ee43d2df40586
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=571C7D64FC832D30; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?34d80a7dc169cac3dfc63d36a888e85d
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?34d80a7dc169cac3dfc63d36a888e85d
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 5f99e293e53879f10a56392ca99f02d2
34c0154757316e62053eafd95463660481fb69f1
19940f8cbbb88f8b8bdb303baefb196fedb1c33f3fe9e5a743e51f3823182ba4
GET /hm.js?34d80a7dc169cac3dfc63d36a888e85d HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: ded10fc54e3d3e08fa790b99fea93373
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 14:42:16 GMT
Etag: 2e8fb4b9792e121829c95e1a3b101043
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0BFF032F58028BA1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
7331989ccc.com/e45a3e27ff274627af607caf2290723b.gif
45.61.212.124200 OK 941 kB URL HTTP/1.1 7331989ccc.com/e45a3e27ff274627af607caf2290723b.gif
IP 45.61.212.124:0
File type GIF image data, version 89a, 600 x 110\012- data
Size 941 kB (941398 bytes)
Hash 0bb59855af22550e569601fb25c6e84a
4dfec2998d1689990fd84b349efd9db496559aa2
9fff3dee99bbad919a75d524176c2e8dae3874cc5e188ca0cdfeb7df51371968
GET /e45a3e27ff274627af607caf2290723b.gif HTTP/1.1
Host: 7331989ccc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63d5022f-e5d56"
Date: Sat, 28 Jan 2023 11:43:44 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Sat, 28 Jan 2023 11:08:31 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us2-cdnb-24
Content-Length: 941398
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=533956629&si=675e2d63db7bfa79b1e530352f68a041&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=533956629&si=675e2d63db7bfa79b1e530352f68a041&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8!
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=533956629&si=675e2d63db7bfa79b1e530352f68a041&v=1.3.0&lv=1&sn=59812&r=0&ww=1280&u=http%3A%2F%2Fcardwellcremation.com%2Fbooks%2F20230102_50922.html&tt=%E9%9B%84%E6%B3%B0%E6%AC%A2%E8%BF%8E%E6%82%A8! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cardwellcremation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=00D56F10BCD646B5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p3.douyinpic.com/obj/tos-cn-i-dy/3dd8a7b8d89e466a851fb031f92e2ea4
47.246.44.224200 OK 344 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/3dd8a7b8d89e466a851fb031f92e2ea4
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 344 kB (343668 bytes)
Hash 15b2959f92019a6a7c5a6f0a198a6d1c
347b08ea886812d3e1647041519e33b39dac68ee
523a30f079901635b467b2b6ce94ffc9c0eb30d6991247e5035a1e51a5fcc3bc
GET /obj/tos-cn-i-dy/3dd8a7b8d89e466a851fb031f92e2ea4 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 343668
date: Tue, 06 Dec 2022 15:44:35 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Tue, 06 Dec 2022 15:09:19 GMT
nw-session-id: 202212062309190101501381450556500Bprtsq01dy
nw-session-trace: 2022-12-06T23:09:19.680728096+08:00 21
x-bdcdn-cache-status: TCP_HIT
x-length: 343668
x-powered-by: ImageX
x-response-date: Tue, 06 Dec 2022 23:09:19 GMT
x-tt-logid: 202212062309190101501381450556500B
via: n150-057-105, cache19.l2de2[267,266,206-0,M], cache4.l2de2[267,0], cache4.l2de2[268,0], cache3.se1[0,0,200-0,H], cache1.se1[1,0]
x-request-ip: fdbd:dc02:19:491::165
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 015753073c6eb795804c878ce4635158b04b44aefe71cfff406be3e3cf381035487c602337137428448fc6a3819f33ff1107444a4cc6665a1c90dd13db8aaea01174dc2c2ba292974d54905729c27824769ac9f1666a77d1e2eb8e5163f249530b
x-response-lb: image
ali-swift-global-savetime: 1670341476
age: 4661860
x-cache: HIT TCP_MEM_HIT dirn:2:359409418
x-swift-savetime: Tue, 06 Dec 2022 15:44:36 GMT
x-swift-cachetime: 31536000
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033367151398e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/e5dbef597e2d40d2af0213327e0d8373
47.246.44.224200 OK 34 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/e5dbef597e2d40d2af0213327e0d8373
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 200 x 200\012- data
Hash 48a3321ea1ba31ad4d6068a0d167193c
8ea61d4af31763ba9b4e8ec5926f458b303cacd3
785895c68684b42414e6b3df3cd9ce3db6688eedd5f1e4da916786fd3fc5dd25
GET /obj/tos-cn-i-dy/e5dbef597e2d40d2af0213327e0d8373 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 34487
date: Fri, 20 Jan 2023 06:21:53 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 20 Jan 2023 05:55:23 GMT
nw-session-id: 2023012013552336C226E6C45C101024BEpf9rh01dy
nw-session-trace: 2023-01-20T13:55:23.80956858+08:00 38
x-bdcdn-cache-status: TCP_HIT
x-length: 34487
x-powered-by: ImageX
x-response-date: Fri, 20 Jan 2023 13:55:23 GMT
x-tt-logid: 2023012013552336C226E6C45C101024BE
via: n150-062-144, cache4.l2de2[0,0,206-0,H], cache6.l2de2[0,0], cache6.l2de2[1,0], cache1.se1[0,0,200-0,H], cache1.se1[2,0]
x-request-ip: fdbd:dc02:19:493::46
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01706068465afdf0f0b1eb45c1a39b7c5cfc565f5b3822e2964067da85ef1ddec2ae3f0cb28e65949daaf216d9f943621d8b53a725f2f9eb2bc37712a49a5142ccd2de1e6ee579bd3a72b24bbed15952bc816e1eef4c963ee0b37f7e73554f60d2
x-response-lb: image
ali-swift-global-savetime: 1674195713
age: 807623
x-cache: HIT TCP_HIT dirn:4:165759027
x-swift-savetime: Fri, 20 Jan 2023 06:27:28 GMT
x-swift-cachetime: 31535665
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033368301476e
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=412977131&si=debe76ff0e8bf8a9bce3535f8890ee6c&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=412977131&si=debe76ff0e8bf8a9bce3535f8890ee6c&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=412977131&si=debe76ff0e8bf8a9bce3535f8890ee6c&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=103F448B519986AC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=555099258&si=34d80a7dc169cac3dfc63d36a888e85d&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=555099258&si=34d80a7dc169cac3dfc63d36a888e85d&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=555099258&si=34d80a7dc169cac3dfc63d36a888e85d&su=http%3A%2F%2Fcardwellcremation.com%2F&v=1.3.0&lv=1&sn=59814&r=0&ww=1268&u=http%3A%2F%2Fwww.rj58.cc%2F&tt=%E7%86%8A%E7%8C%AB%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 29 Jan 2023 14:42:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=3A9E369F1D966065; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p3.douyinpic.com/obj/tos-cn-i-dy/9463094549ee42d5a3dce0401f6205cf
47.246.44.224200 OK 321 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/9463094549ee42d5a3dce0401f6205cf
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 750 x 160\012- data
Size 321 kB (320940 bytes)
Hash 232900fd13c8fd003f5d52b961ce95f5
0b7645c1aee36f4dbbb7a3dde5f0b8e233bcade3
ab9e555f1366a169a68133f6c53badabd3a77a666b505a290a356f95a452b375
GET /obj/tos-cn-i-dy/9463094549ee42d5a3dce0401f6205cf HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 320940
date: Sat, 28 Jan 2023 08:11:42 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 28 Jan 2023 07:43:34 GMT
nw-session-id: 20230128154334FD5C18F3E3111802B08Bdzhmt01dy
nw-session-trace: 2023-01-28T15:43:34.895611305+08:00 45
x-bdcdn-cache-status: TCP_HIT
x-length: 320940
x-powered-by: ImageX
x-response-date: Sat, 28 Jan 2023 15:43:34 GMT
x-tt-logid: 20230128154334FD5C18F3E3111802B08B
via: n132-067-168, cache8.l2de2[0,0,206-0,H], cache1.l2de2[1,0], cache1.l2de2[1,0], cache5.se1[0,0,200-0,H], cache1.se1[2,0]
x-request-ip: fdbd:dc03:14:106::139
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01a1aa124ac18dc29ebeb30806acf69f5a58d8dfbbe79df09a2089e9192d35d4b8476a19d168124021b5db5939b1e55dc88f8f0ab479537beeb6bd9a4de826eaf14802dd66c123006fcabff80960bef5efa6918256c7feb4fff79c8421fe66c40a
x-response-lb: image
ali-swift-global-savetime: 1674893502
age: 109835
x-cache: HIT TCP_MEM_HIT dirn:11:208517309
x-swift-savetime: Sat, 28 Jan 2023 08:18:43 GMT
x-swift-cachetime: 31535579
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9516750033371231692e
X-Firefox-Spdy: h2
8499132.com/8499/150x150.gif
172.247.50.228200 OK 185 kB URL HTTP/2 8499132.com/8499/150x150.gif
IP 172.247.50.228:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 185 kB (185171 bytes)
Hash 09b278a0ce767cdcdc3b9be868a94320
b69d4a2345f4d5ae6cc772a70456ea7aea74ce95
321cb2617b9399c60d8f5fe163363faab0f872f5c88646ce900d17604817a1a0
GET /8499/150x150.gif HTTP/1.1
Host: 8499132.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/gif
content-length: 185171
last-modified: Wed, 28 Dec 2022 09:29:16 GMT
etag: "2d353-5f0e00094173c"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
8499163.com/8499/zzxx/960x240.gif
172.247.50.228200 OK 98 kB URL HTTP/2 8499163.com/8499/zzxx/960x240.gif
IP 172.247.50.228:0
File type GIF image data, version 89a, 960 x 240\012- data
Hash dec1af78a06a93780bf5b18c6448b63a
77013cea2b277cdce8c91e1781a57c16ae9cbf53
8ab51ff6c6fbc1efc3d7d78d71f06d2fbfb5a1ad426f9fe92e35bbfb2b3fe7f4
GET /8499/zzxx/960x240.gif HTTP/1.1
Host: 8499163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/gif
content-length: 97487
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "17ccf-5f092cf09746f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 022140f10fa2821df9b9170f263f0434
55b96cb76a28f3cbcb7c0822ccfa6e48b08c20c7
d6b27174bedfa2e8710acfa57958f776c9b6f6714c8d070488303303e81c718b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6B27174BEDFA2E8710ACFA57958F776C9B6F6714C8D070488303303E81C718B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11286
Expires: Sun, 29 Jan 2023 17:50:23 GMT
Date: Sun, 29 Jan 2023 14:42:17 GMT
Connection: keep-alive
8499159.com/8499/zzxx/960x60.gif
172.247.50.228200 OK 291 kB URL HTTP/2 8499159.com/8499/zzxx/960x60.gif
IP 172.247.50.228:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 291 kB (290572 bytes)
Hash 57aeaeed8e55b2a1e23b348d9d73f9d5
381bc182c18210ba33ebe13cbf8f20f297d33c16
e10903ca99193ba8ffd6c5f74753461cf070e75026e73fda3c040496f8dcfdb6
GET /8499/zzxx/960x60.gif HTTP/1.1
Host: 8499159.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/gif
content-length: 290572
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "46f0c-5f092cf097c3f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
8499136.com/8499/yb150X150.gif
23.225.237.34200 OK 180 kB URL HTTP/2 8499136.com/8499/yb150X150.gif
IP 23.225.237.34:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 180 kB (180094 bytes)
Hash 91f59b72b5dd1524bf3356a94c727ca5
4f47fdeaaaecca3e526e0b6e461b48b047ac29d5
5cbfb636a77f8f4ccbc0cb7bbf70735c5baa39529f226fe7af77d26c8f5159a1
GET /8499/yb150X150.gif HTTP/1.1
Host: 8499136.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/gif
content-length: 180094
last-modified: Sun, 08 Jan 2023 05:09:54 GMT
etag: "2bf7e-5f1b9a949edff"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
8499136.com/8499/224x149.gif
23.225.237.34200 OK 279 kB URL HTTP/2 8499136.com/8499/224x149.gif
IP 23.225.237.34:0
File type GIF image data, version 89a, 224 x 149\012- data
Size 279 kB (279147 bytes)
Hash 1d03173a924ad6553b852ebdfbb14978
ea1bd6de5eb8a8546ff9969d2d10813232f97071
591c8e3869932bb09ca8939402df283830d45fcf2d7ee2c6b4c0f55fa4d0c2a8
GET /8499/224x149.gif HTTP/1.1
Host: 8499136.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:16 GMT
content-type: image/gif
content-length: 279147
last-modified: Sun, 18 Dec 2022 06:27:12 GMT
etag: "4426b-5f0144b102850"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
img.shifangshike.com/gif20.gif
192.151.223.250200 OK 75 kB URL HTTP/1.1 img.shifangshike.com/gif20.gif
IP 192.151.223.250:0
File type GIF image data, version 89a, 120 x 120\012- data
Hash 918b63e22c9044ce7eb782ead6d86b9e
1d962f109eedb9fbb06a34e84fbe0e454e12685f
d53b6735fcd744484dccbb98259db31ffbffc7cb1929d077443f1172dda57a21
GET /gif20.gif HTTP/1.1
Host: img.shifangshike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:17 GMT
Content-Type: image/gif
Content-Length: 74836
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 14:19:09 GMT
ETag: "630784dd-12454"
Expires: Mon, 27 Feb 2023 18:49:22 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
img.shifangshike.com/gif16.gif
192.151.223.250200 OK 118 kB URL HTTP/1.1 img.shifangshike.com/gif16.gif
IP 192.151.223.250:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 118 kB (117510 bytes)
Hash a8669ebfbd1fcd4de2b60e00c57c2a77
ee59c61ef9f70a933cd5f8b030d34f87b2c116c4
486338bb49d5493c564ae75cb3884299304e0c90491d63cd8ae14df2e8b666ee
GET /gif16.gif HTTP/1.1
Host: img.shifangshike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 14:42:17 GMT
Content-Type: image/gif
Content-Length: 117510
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 14:19:04 GMT
ETag: "630784d8-1cb06"
Expires: Mon, 27 Feb 2023 18:49:35 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
www.rj58.cc/template/m1938pc/ads/0.gif
216.83.52.98200 OK 162 kB URL HTTP/1.1 www.rj58.cc/template/m1938pc/ads/0.gif
IP 216.83.52.98:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 960 x 60\012- data
Size 162 kB (162131 bytes)
Hash 9f9e168a23ce5a4fd7954a2f58d42061
7569472cfb5557df037bfe6fac430f7b996f76f3
0ef791f1b817168b7b3624743ec3f259541f5ce8588e3a0f049e6a98ae9d1f95
GET /template/m1938pc/ads/0.gif HTTP/1.1
Host: www.rj58.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rj58.cc/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 16 Nov 2022 13:04:00 GMT
Accept-Ranges: bytes
ETag: "de2fcde4bbf9d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 29 Jan 2023 14:40:56 GMT
Content-Length: 162131
n0600.com/a40b3ffdc2c54ace954ca27e1415dd2f.gif
18.139.108.125200 OK 0 B URL HTTP/2 n0600.com/a40b3ffdc2c54ace954ca27e1415dd2f.gif
IP 18.139.108.125:0
GET /a40b3ffdc2c54ace954ca27e1415dd2f.gif HTTP/1.1
Host: n0600.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:15 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Wed, 04 Jan 2023 10:27:27 GMT
etag: W/"63b5548f-80f08"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
img.1163555.com/images/63ca2a55dc028820bbd7b084.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1163555.com/images/63ca2a55dc028820bbd7b084.gif
IP 3.36.126.81:0
GET /images/63ca2a55dc028820bbd7b084.gif HTTP/1.1
Host: img.1163555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/c7d5c035a89c4fc7b4a8b0f7a49b03bf
X-Firefox-Spdy: h2
n0611.com/8ea1658a35214f88bcad0c826d2d9a9d.gif
18.139.108.125200 OK 0 B URL HTTP/2 n0611.com/8ea1658a35214f88bcad0c826d2d9a9d.gif
IP 18.139.108.125:0
GET /8ea1658a35214f88bcad0c826d2d9a9d.gif HTTP/1.1
Host: n0611.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 14:42:15 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Sun, 08 Jan 2023 15:26:00 GMT
etag: W/"63bae088-68594"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
link.imgapp.top/images/63ba73b0a92cd2097e833f93.gif
3.36.126.81302 Found 0 B URL HTTP/2 link.imgapp.top/images/63ba73b0a92cd2097e833f93.gif
IP 3.36.126.81:0
GET /images/63ba73b0a92cd2097e833f93.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/0c3d2cdaed96469f9d5774583186184e
X-Firefox-Spdy: h2
img.3227a.com/images/63d526fc1eff8f93601b043e.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.3227a.com/images/63d526fc1eff8f93601b043e.gif
IP 3.36.126.81:0
GET /images/63d526fc1eff8f93601b043e.gif HTTP/1.1
Host: img.3227a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/9463094549ee42d5a3dce0401f6205cf
X-Firefox-Spdy: h2
img.1153555.com/images/63ca2adadc028820bbd7b085.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1153555.com/images/63ca2adadc028820bbd7b085.gif
IP 3.36.126.81:0
GET /images/63ca2adadc028820bbd7b085.gif HTTP/1.1
Host: img.1153555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/e5dbef597e2d40d2af0213327e0d8373
X-Firefox-Spdy: h2
img.8192a.com/images/63b3e3cd0614e7d4a472b2ad.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.8192a.com/images/63b3e3cd0614e7d4a472b2ad.gif
IP 3.36.126.81:0
GET /images/63b3e3cd0614e7d4a472b2ad.gif HTTP/1.1
Host: img.8192a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/3dd8a7b8d89e466a851fb031f92e2ea4
X-Firefox-Spdy: h2
link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
3.36.126.81302 Found 0 B URL HTTP/2 link.imgapp.top/images/63ba73b1a92cd2097e833f9d.gif
IP 3.36.126.81:0
GET /images/63ba73b1a92cd2097e833f9d.gif HTTP/1.1
Host: link.imgapp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rj58.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/9758275ccbb9404887d9537125b38ea9
X-Firefox-Spdy: h2