r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9683
Expires: Fri, 16 Sep 2022 08:36:34 GMT
Date: Fri, 16 Sep 2022 05:55:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 05:10:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ywAFFnXgt22w_w2WhEUyfoQRxh3kLED0TNTzqzNrRUkva1DlZzYJ9Q==
Age: 2665
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -iLPQlYfXOIlHc0hGwM54kgLT_LUvdsWj_ORgmsLvdih7wX2yB7Csw==
age: 4796
X-Firefox-Spdy: h2
ablehair.com/
154.221.69.218301 Moved Permanently 0 B IP 154.221.69.218:0
ASN #134175 UNIT A17,9F SILVERCORP INTL TOWER 707-713 NATHAN RD
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ablehair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 16 Sep 2022 05:55:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.ablehair.com/index.php
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 05:55:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 16 Sep 2022 05:03:22 GMT
Expires: Fri, 16 Sep 2022 05:09:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cH0-ltXMhF8AREwHOkgTOl11QtK9WUr9g3Tlgm0m8P7SO0RqVtzqrw==
Age: 3109
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3416
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:12 GMT
Last-Modified: Fri, 16 Sep 2022 04:58:16 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
www.ablehair.com/index.php
154.221.69.218200 OK 542 B URL HTTP/1.1 www.ablehair.com/index.php
IP 154.221.69.218:0
ASN #134175 UNIT A17,9F SILVERCORP INTL TOWER 707-713 NATHAN RD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (730), with CRLF line terminators
Hash 80b99a6563c64c7733c5042ed9035bfd
2f4caa0f0759fae953fa89398a19649b405655ee
bd76a59a42ec48385b1d10d86c80c1a00cf984cfd249092421ba814590ca71a3
Analyzer Verdict Alert fortinet Malware
GET /index.php HTTP/1.1
Host: www.ablehair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
54.148.77.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.77.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 44zkptDmKw+I2tKH7G5PnQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gr6dav4FJi3sRv9SI8FIXQwOIiw=
www.ablehair.com/common.js
154.221.69.218200 OK 851 B URL HTTP/1.1 www.ablehair.com/common.js
IP 154.221.69.218:0
ASN #134175 UNIT A17,9F SILVERCORP INTL TOWER 707-713 NATHAN RD
File type HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash 551c740a9dfb5e90fb850c17ceeda5cc
d8a5f29aa72a9f934215567aa863276e7388eb3f
0fe9b69b142d4ea58558f391bd3eb3d160c7082a07e0b5c31f1867d00f2b6f08
Analyzer Verdict Alert fortinet Malware
GET /common.js HTTP/1.1
Host: www.ablehair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ablehair.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:12 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.ablehair.com/tj.js
154.221.69.218200 OK 258 B IP 154.221.69.218:0
ASN #134175 UNIT A17,9F SILVERCORP INTL TOWER 707-713 NATHAN RD
File type ASCII text, with CRLF line terminators
Hash 3f1a28e28cea532c0493ba0ed043c913
e68f90d73206bc0b1e1877c6ea1eef333fb1d46e
b7a0e40b9177334c54395c8719dee10581cd4d75297f83cb7f5a3bf947f4dedb
Analyzer Verdict Alert fortinet Malware
GET /tj.js HTTP/1.1
Host: www.ablehair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ablehair.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:12 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13013
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13013
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13013
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13013
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13013
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1Y5uBMPJvxTDKGnc5Q0lzKZXDv4lwTByGDO8eRIwgauut0yfJz-8Lg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
age: 29078
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RbKcO0CPRsex8VWdIVqctamGyJ7D1PHD04ry2wbrcDPDYL0Yy5vPPQ==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
age: 29078
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 918f9961aa6acc47b01feb731750d208
2029669d941625cb78a23b52cd6511af111c8591
1f8cfc977ecea3b3dba2992fd4e310f8d426be1316c467f516e5ed2332ecaf96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8843
x-amzn-requestid: 055dc4af-96bb-48af-823a-56e606701c01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVAlFseoAMFurw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b9d-67ba7aaf2b588234573e1c9c;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WkdIyxNFlhmlhe5c3iNkCNWQmRrMrfKqD4pYMe5J7iYzUgo0XorwAg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:53:59 GMT
age: 28874
etag: "2029669d941625cb78a23b52cd6511af111c8591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg
34.120.237.76200 OK 2.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a10204c6f1c13d6f6d2a19653e49eac
8193e7ef70c77f11bb698f4973c42444c8362fcc
c230fddf7736fee44f47bf857f67261adfe8099c8d896ef5a21301822bfeaca8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2076
x-amzn-requestid: 4d219353-93bd-4f18-8a8c-64142d7be19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVBdHN-oAMFmgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ba2-70dafa722a10c16e5b21de02;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8-7AUXlRwp2qBjLd-x7QWDKJDEwV_ZLSRxjO5gyVfFXB7obVOH__Sg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:48 GMT
age: 29185
etag: "8193e7ef70c77f11bb698f4973c42444c8362fcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rgjwYJ-ZzVF3bv7pl1l8TN8EAoENIcaSAXJU_YhFOSNRCzrCuPuKbQ==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:44:10 GMT
age: 29463
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e990e4086570a10e2b3ec85aace1b82
742c33d879e3d0a21ff90b090960870a5cd0bb04
dd01ff5d019e5017ad49330f28dc0e09c768c8e66c2cc6b387d553642dc365fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6300
x-amzn-requestid: c7bbe10c-76da-4cb4-a34c-2a0319d3b7a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUkXGpPIAMF1kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae8-51191d655852f60d5cf280fc;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8y9suBepMTTS0MOqnZd7zzSHFLdKVnjIjoeZ2xmkIuMMZ15m5tbwqw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
etag: "742c33d879e3d0a21ff90b090960870a5cd0bb04"
content-type: image/jpeg
age: 29078
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.ablehair.com/favicon.ico
154.221.69.218200 OK 1.2 kB URL HTTP/1.1 www.ablehair.com/favicon.ico
IP 154.221.69.218:0
ASN #134175 UNIT A17,9F SILVERCORP INTL TOWER 707-713 NATHAN RD
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.ablehair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ablehair.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:12 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 21 Sep 2022 05:55:12 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash f4678851b9fdbfdcabdfa34da50e4660
791b07db8506eb799131ddc669f22bb19c9fd981
86de03a150e35b52e65db50aad9243253f538c01006a6d2ec0894bd609cdff34
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 20 Sep 2022 03:47:45 GMT
ETag: "791b07db8506eb799131ddc669f22bb19c9fd981"
Last-Modified: Fri, 16 Sep 2022 03:47:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2280
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a192f0afabc-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash f4678851b9fdbfdcabdfa34da50e4660
791b07db8506eb799131ddc669f22bb19c9fd981
86de03a150e35b52e65db50aad9243253f538c01006a6d2ec0894bd609cdff34
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 20 Sep 2022 03:47:45 GMT
ETag: "791b07db8506eb799131ddc669f22bb19c9fd981"
Last-Modified: Fri, 16 Sep 2022 03:47:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2280
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a192f83b51d-OSL
www.aoattsetp.vip/logotp/sw.gif
172.67.194.142200 OK 156 kB URL HTTP/2 www.aoattsetp.vip/logotp/sw.gif
IP 172.67.194.142:0
File type GIF image data, version 89a, 100 x 100\012- data
Size 156 kB (156311 bytes)
Hash c1cd6fbcc60e4242fb31eb894d7d9450
1b0a2ba85f38fa452a391250067e916ac7b61345
aca31490b0e0478395648fb5f6ce318b56a4a443c7a64e069c71cee6c0f0bb44
GET /logotp/sw.gif HTTP/1.1
Host: www.aoattsetp.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:13 GMT
content-type: image/gif
content-length: 156311
last-modified: Wed, 08 Jun 2022 08:25:23 GMT
etag: "62a05cf3-26297"
expires: Fri, 23 Sep 2022 14:44:53 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1955386
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6Rt8jDnlRma07t7RfwwRvp7ybpsKcC%2BtE9W3Y150BMXp%2Ff6O3ciy0lJNGxs4Xt8nyFC0muS5cU0WKWj67ZSAtHmbH%2FpOypwh3iGWDdXuAmfIcgo3j6d%2BbDgpNE0zgtENvHrpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1988c90b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tadeng.top/
115.126.59.249200 OK 23 kB IP 115.126.59.249:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1244), with CRLF line terminators
Hash ec2fa011b6dbc73d456aaad4d6ec2011
a0fd7a7e7349fbcac103be09df0f33456e3b62c9
9f48cbac1d1b4f9d9489b76af403a42203b87c24b3577e326fb1e91f32ea4553
GET / HTTP/1.1
Host: tadeng.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ablehair.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
tadeng.top/template/m1938pc/css/ate.css
115.126.59.249200 OK 6.0 kB URL HTTP/1.1 tadeng.top/template/m1938pc/css/ate.css
IP 115.126.59.249:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type ASCII text, with CRLF line terminators
Hash 775ec9fd65a59632efdf68fc5af2dfad
a51c8530feab204356baa78c94848b688de1caf5
683dab144184920b21b643c2e6de55202e5528633318697e652fec75a8016d93
GET /template/m1938pc/css/ate.css HTTP/1.1
Host: tadeng.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tadeng.top/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:13 GMT
Content-Type: text/css
Last-Modified: Sat, 22 May 2021 12:07:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60a8f3ee-126e4"
Expires: Fri, 16 Sep 2022 17:55:13 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1bbaf29b09cabb6f3430be3fd572e7b1
1bea30a7c5637b8d55ddf658e31fe25c10a118b1
6af426e6d875c3eaea98f821fb0f625323bd7db458866b3fb510d052563288c9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6AF426E6D875C3EAEA98F821FB0F625323BD7DB458866B3FB510D052563288C9"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17063
Expires: Fri, 16 Sep 2022 10:39:36 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
tupkku.top/logotp/yu22a.gif
104.21.51.97200 OK 73 kB URL HTTP/2 tupkku.top/logotp/yu22a.gif
IP 104.21.51.97:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash a60193fc87ef9e76f55b504b1fbe4951
262b3c0d0a4b453ae75f1c4f648ad862348ab017
83af4402e7893b4d70082d712ba09952e16aea516d2bdab9d234877c099a142d
GET /logotp/yu22a.gif HTTP/1.1
Host: tupkku.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:13 GMT
content-type: image/gif
content-length: 73243
last-modified: Fri, 15 Apr 2022 17:53:28 GMT
etag: "6259b118-11e1b"
expires: Sat, 15 Oct 2022 13:58:29 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 57309
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wzb9wmrKcmlWLN6XAf1phBew1yxAyh03W0Ngqn75sCi5odA10s2HQcH6%2FG0009wls0naBIUVwa6vN9HjOEPyjjmQ37oSY%2BCH%2BkfQZMC3%2BeUJJlpWpw8rvnByXy6h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1bae80b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1bbaf29b09cabb6f3430be3fd572e7b1
1bea30a7c5637b8d55ddf658e31fe25c10a118b1
6af426e6d875c3eaea98f821fb0f625323bd7db458866b3fb510d052563288c9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6AF426E6D875C3EAEA98F821FB0F625323BD7DB458866B3FB510D052563288C9"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17063
Expires: Fri, 16 Sep 2022 10:39:36 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7bee82ee9004ffcebe7033f13779e0d6
29afbdacfbc363b15c453f9a4c8fc2d47c34d317
1a7fc85cd6d346a85d2282842c7ca7d1363c2a40d660e114aec93c717979db38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A7FC85CD6D346A85D2282842C7CA7D1363C2A40D660E114AEC93C717979DB38"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9625
Expires: Fri, 16 Sep 2022 08:35:38 GMT
Date: Fri, 16 Sep 2022 05:55:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5b6269b588f7b172e77b4965552ac6e1
3ffaeabdb0d30c080cf9c57c3468ea3774fede2f
6aa73ec571dd4d3c55b7877d8f868170d7e8e033a7739b6b8f03c7ad595cb627
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA73EC571DD4D3C55B7877D8F868170D7E8E033A7739B6B8F03C7AD595CB627"
Last-Modified: Wed, 14 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14205
Expires: Fri, 16 Sep 2022 09:51:59 GMT
Date: Fri, 16 Sep 2022 05:55:14 GMT
Connection: keep-alive
tadeng.top/template/m1938pc/css/zui.css
115.126.59.249200 OK 19 kB URL HTTP/1.1 tadeng.top/template/m1938pc/css/zui.css
IP 115.126.59.249:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash da9fba91b7a287cf9a61e5c44cbaa94e
bf1c11c6853f04561ac7e871b22c2a8febe15c0a
f8d2c763f24226391d3b7896e9a62a361dce857aa2bd5cd3b4e380fbd7f68aa6
GET /template/m1938pc/css/zui.css HTTP/1.1
Host: tadeng.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tadeng.top/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:13 GMT
Content-Type: text/css
Last-Modified: Sat, 22 May 2021 12:07:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60a8f3ef-14f36"
Expires: Fri, 16 Sep 2022 17:55:13 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c710e205595b6ac93784bdc68fac88d8
07738d8bdf9ca5b1fa4acf7b8ca7d5659a8d1819
e11087a95b40d7ac1369188039d819d2ac6967776c5c33bb34892977d3415de4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E11087A95B40D7AC1369188039D819D2AC6967776C5C33BB34892977D3415DE4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9985
Expires: Fri, 16 Sep 2022 08:41:39 GMT
Date: Fri, 16 Sep 2022 05:55:14 GMT
Connection: keep-alive
aooacctp.vip/lm/ynv100.gif
104.21.82.179200 OK 89 kB URL HTTP/2 aooacctp.vip/lm/ynv100.gif
IP 104.21.82.179:0
File type GIF image data, version 89a, 267 x 160\012- data
Hash 482e725b00bf18359cae59cd413aea13
aaf8f22b9470066e250989a25a09a7486c3aaf28
85b083b68289347328190d67fe187ba65d44e1d0072a254fd9f06d3510133083
GET /lm/ynv100.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 89034
last-modified: Sun, 29 May 2022 06:37:35 GMT
etag: "629314af-15bca"
expires: Wed, 05 Oct 2022 09:07:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 938797
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ym5Ah7oelMvhO%2Bfq4eyk2KkKXPg%2BZE6y3%2F9tB7GtD2QV0WDobHJznUzj6LkeWUA0MHe7ekrSXrcskSNH48E7rkcK3Tw86BFIDI2YbJa8dBKsWqolVJaR4skzNkYdf9o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d9ad00b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aooacctp.vip/logotp/xfb09.gif
104.21.82.179200 OK 444 kB URL HTTP/2 aooacctp.vip/logotp/xfb09.gif
IP 104.21.82.179:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 444 kB (443705 bytes)
Hash 8bc908398e73478d0b28d85191689891
5e9022d7583285c988d0acb55b6db7c920f3c3d0
c01d665a1abb0e10e3ac90119e3674db0363a112da7f8322c12bbafbe0bd88dc
GET /logotp/xfb09.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 443705
last-modified: Fri, 15 Apr 2022 17:52:24 GMT
etag: "6259b0d8-6c539"
expires: Wed, 05 Oct 2022 05:50:09 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 950638
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjl%2BHPeIc%2BcIMOhkRl0hGNT6FUXyLIcdrD8vhqSqfDC894BY%2BTNPJw4Sxds%2F05lVTn6RcNHaF5jH%2F8Juzr%2Fmmie2tbQWaupNxSPDcvr04q3TWQYP8y4iTaRy2fx4dH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d9ad10b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s2.loli.net/2022/05/04/YHV5w1cvajoF4Ss.gif
104.26.0.190200 OK 18 kB URL HTTP/2 s2.loli.net/2022/05/04/YHV5w1cvajoF4Ss.gif
IP 104.26.0.190:0
File type GIF image data, version 89a, 220 x 145\012- data
Hash fca066c77af654625069c3e05fe7cd38
a42c3e6807b7ca3d194f2a911ee95e1b28d880b8
d0475d47ca223bd2fc3b6364926d6b0a193f560d3c2ec381a431277341cde53a
GET /2022/05/04/YHV5w1cvajoF4Ss.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 18378
last-modified: Wed, 04 May 2022 11:32:19 GMT
etag: "62726443-47ca"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRDHntyLGUsaMQyO9nXJZE6OzNJRxIQldgYrirMufJpcFOzK%2BitSbbhX68jjuRHnopYFrZTKewTObyZvmkiNAG6jwQ%2FOkktgfY4xKWX0ro0UtzC4aIqFqjsmnKLj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74b75a198b40b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif
104.21.235.174200 OK 1.3 MB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.3 MB (1341959 bytes)
Hash 4f41ab15aab3afbe490f5f3af29ac94a
bd885189456dc4482f38b1e5bb7d96c13c9405dd
5f3e4c90d209b49696f26896f932d4836d326064d57215a72ec26e8636447de8
GET /upload/art/gif/gfdt/071616_341-4.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 1341959
last-modified: Thu, 21 Nov 2019 09:37:26 GMT
etag: "9b22bd484fa0d51:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2978
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FfNHEuttIlwcy315SQ3JXoNwjrGQEzQdMzLQPrFGJuT4lW7Zc8HKDSnIvYKvhaAmXgosFS2EAlshu1GAktUx7D2A8oBAo8HsBm72wHfh3sciD8bWbNW4b4HrjJ4%2FFJldBCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d789a7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkaa.com/3b519146003914bff4ecede8a7b76f26.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/3b519146003914bff4ecede8a7b76f26.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /3b519146003914bff4ecede8a7b76f26.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/3b519146003914bff4ecede8a7b76f26.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mei.netlbtu.com/upload/art/gif/gfdt/041916-140393650a87adbc919.gif
104.21.235.174200 OK 2.1 MB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/041916-140393650a87adbc919.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 400 x 225\012- data
Size 2.1 MB (2131382 bytes)
Hash 635271a6a302346eb4c13315f4739e17
978bfb640ed7639ef2a980e2c75d96553d38e354
c40a4da169ac6e33b02d3f5b49792f0db51399a3b58f08691452062103d05b4d
GET /upload/art/gif/gfdt/041916-140393650a87adbc919.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 2131382
last-modified: Tue, 19 Nov 2019 00:07:52 GMT
etag: "8d46cf626d9ed51:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 5551
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvNHaTz7Slex%2B4vD%2BOym8lALDRzH9Nkv6Pf6ooGPJXDvJVMVc%2FYsD82G4%2FK4UceGYYlhaxE8ECdtmap%2FHsMC67Sbjx4sRAtfRvtN76BqgV8veNrm1H%2FCm%2Bx%2BOCG5BALiJM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d284d7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkaa.com/c40eb5d2869982a34091b21b14a0c4f8.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/c40eb5d2869982a34091b21b14a0c4f8.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /c40eb5d2869982a34091b21b14a0c4f8.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/c40eb5d2869982a34091b21b14a0c4f8.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif
104.21.235.174200 OK 2.0 MB URL HTTP/2 mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 480 x 270\012- data
Size 2.0 MB (1965083 bytes)
Hash 7eebec0f738b1624557c71b3efd9a6a0
e1d18d1d0cc451572d46e99adfc6382b652f1255
2a36df4e1498683e5e91441688d955b58a0a43fd2e857f853a083d20829e2326
GET /upload/art/gif/20200421/170511-1.mp4_1587324106344.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 1965083
last-modified: Mon, 20 Apr 2020 18:02:51 GMT
etag: "2fd474e83d17d61:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7089
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BCfFs%2FI58yHS5kjdl2RJgbgfyRhIOIkIvKFw%2FsYoUQcTrGRXSmHCMB5M9B%2BLGgb%2FUIKKf2RILJLrAMBNJdJ92At%2B28sJ7Y%2Bmjblsb8ZTqocDxXFaB8VeKYYez%2FBI%2BSSg%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d385b7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tadeng.top/template/m1938pc/images/video-play.png
115.126.59.249200 OK 1.6 kB URL HTTP/1.1 tadeng.top/template/m1938pc/images/video-play.png
IP 115.126.59.249:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: tadeng.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tadeng.top/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:14 GMT
Content-Type: image/png
Content-Length: 1567
Last-Modified: Sat, 22 May 2021 12:07:20 GMT
Connection: keep-alive
ETag: "60a8f3f8-61f"
Expires: Sun, 16 Oct 2022 05:55:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
kvkaa.com/3d4880421423cb46270fedc14e73f807.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/3d4880421423cb46270fedc14e73f807.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /3d4880421423cb46270fedc14e73f807.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/3d4880421423cb46270fedc14e73f807.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif
104.21.235.174200 OK 7.0 MB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 560 x 314\012- data
Size 7.0 MB (6977151 bytes)
Hash b3249ea7501ed6a862fdf53008a77560
5e94076754237a651ce10e857179efdfec781c7f
1c748a7ae300ca829fcf74eb98b48c9f61643efa7b835d13645d0601d52785bf
GET /upload/art/gif/gfdt/746bfd5d31fc37377d.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 6977151
last-modified: Tue, 19 Nov 2019 00:03:45 GMT
etag: "a823a9cf6c9ed51:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7089
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtD0e6DYZchw%2F6Xs%2BOAlERtaL9F2R%2B9JO2MAufcD%2FtxTXt4HU9rqQjTsfrhjjH4ZuSM1AYiFxx442cb8jUrmviO%2B8zG9kSgFqiQUl01867XsrZrxUBMd8r%2BMZzd0%2BtmkD14%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d78977566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkaa.com/3c52792939dec2a456e9f2a839a41642.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/3c52792939dec2a456e9f2a839a41642.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /3c52792939dec2a456e9f2a839a41642.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/3c52792939dec2a456e9f2a839a41642.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?bdca6cd0ce243078a710bd99905a8ea4
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?bdca6cd0ce243078a710bd99905a8ea4
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 6fca3f5f08b408baef5460de233f5b39
1ceed7db033d5d523c69ef1f057f9f23cc34edcb
62ebfea7b402429ade4598e390488959bdf14ec741822b09e95a204c5f6fdcc2
GET /hm.js?bdca6cd0ce243078a710bd99905a8ea4 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:14 GMT
Etag: 9bad82568f1b268c5f18d312904c394e
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=9BDF8A96FF3F9348; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
kvkaa.com/b79da99d2bf9b374adb19e9382c756b6.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/b79da99d2bf9b374adb19e9382c756b6.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /b79da99d2bf9b374adb19e9382c756b6.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/b79da99d2bf9b374adb19e9382c756b6.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 942ec66da6f0db4612ccad87c605cdb2
bee2eececfc36df942ef6c1d76cc54e98ea0f823
4477e95a8de4b462b9078c9323184971ede54527f58c8caf7381f8c86f197866
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4477E95A8DE4B462B9078C9323184971EDE54527F58C8CAF7381F8C86F197866"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21177
Expires: Fri, 16 Sep 2022 11:48:11 GMT
Date: Fri, 16 Sep 2022 05:55:14 GMT
Connection: keep-alive
mei.netlbtu.com/upload/art/gif/gfdt/tumblr_m2cukczTes1rrepamo1_500.gif
104.21.235.174200 OK 460 kB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/tumblr_m2cukczTes1rrepamo1_500.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 495 x 247\012- data
Size 460 kB (459566 bytes)
Hash 8205ef6497350829fdcf4f7e6b4ba946
0e699e80ae634770a040ee022df1c1c1e0158925
7b7b8619db7c40b245194f51f6efb3860427d40753413fd52004f8d6835fdd09
GET /upload/art/gif/gfdt/tumblr_m2cukczTes1rrepamo1_500.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 459566
last-modified: Thu, 21 Nov 2019 09:21:47 GMT
etag: "6b5b1b194da0d51:0"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FtEv%2BimFhR4E9DTO%2ByLvOFiR5FZG%2FGP878RylCfwBn0II2uxMPM0z%2BnoIE6Ef%2BNJReRfcBsZ97h1Pz%2FCDlGIm3SbMIPS5OElbw9C3fAbyPIbBRMCT5JiV1zZ8cmo4MVE9k4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d38587566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?0b3b7135d192f715b24f2d6c523ea8d2
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?0b3b7135d192f715b24f2d6c523ea8d2
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 3e33b5e49e5b6843498ebc9f6fc414fe
cdd37bbbe1e6f76131c34e254f0fe497b7c6f7c4
f04b456f40c90b0239e9bf20d175840ad47fa24fc47d115472cd2f97226f6eff
GET /hm.js?0b3b7135d192f715b24f2d6c523ea8d2 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:14 GMT
Etag: 283de4d6b67803922f07c330971185e2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=E84F8DBE86D501A7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash a55677332d404d54553ebdde7d42c377
6784e1bfde521b7d359ee6e3f1a52d9b764f39b4
761ef173b7fe388ea5fb094a6d47249dce25dc9e219478fcbca7b8e0e08422db
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:14 GMT
Etag: f355ae5b37866c9d91f05ecb2007fe6b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=A8BCBFD8DF8B4946; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b73d703e9e4e789e299bc192bba958d
b7fd1fb8b43ae11b4e67c0a4d11949b01faa7160
592d6bee9d79d395dc985c8479d286f543dceea3e1976896e042217b79a1ad6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "592D6BEE9D79D395DC985C8479D286F543DCEEA3E1976896E042217B79A1AD6F"
Last-Modified: Tue, 13 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Fri, 16 Sep 2022 08:26:11 GMT
Date: Fri, 16 Sep 2022 05:55:14 GMT
Connection: keep-alive
s2.loli.net/2022/05/04/i6DfhLIYjlSB1Q5.gif
104.26.0.190200 OK 48 kB URL HTTP/2 s2.loli.net/2022/05/04/i6DfhLIYjlSB1Q5.gif
IP 104.26.0.190:0
File type GIF image data, version 89a, 960 x 240\012- data
Hash 6bbbfaf051ea53e93172f6f57b2a47b0
75d535d41ce1c36a65334cddcc065d97c6ffc97c
0202443d40dab123ae470ab8e37a7cf347554e642cd60fce022ef0c52867e269
GET /2022/05/04/i6DfhLIYjlSB1Q5.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 48025
last-modified: Wed, 04 May 2022 11:28:39 GMT
etag: "62726367-bb99"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kuIYkeYBWVw5Kz2LuYkiFToEITWL2wtbWEWP5YLeL9r2vStExhOBPqs2H7XZtorbEhfn4dhkFjl2YD7jUFKtN1FnicHNMjmoAZKjK%2BuwCv92GXG9AWZf%2FmK2MgP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74b75a1b5d0fb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvkaa.com/da7e7260dc3844873f049acfe845be55.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvkaa.com/da7e7260dc3844873f049acfe845be55.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /da7e7260dc3844873f049acfe845be55.gif HTTP/1.1
Host: kvkaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: text/html
content-length: 162
location: https://kvtaaa.top/da7e7260dc3844873f049acfe845be55.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?7e3ea20adb15a222f178ecb64c646c30
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?7e3ea20adb15a222f178ecb64c646c30
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 70e29446d5d94eae2aacce4a5793d248
89a4b16ffa09fc185b89d3cf1c167c7cc67dda6b
70f86e6bb99f5e16830f181401dc8fe34e8b3fddf69d2a8031f6a365210b7a55
GET /hm.js?7e3ea20adb15a222f178ecb64c646c30 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11342
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:14 GMT
Etag: db575f3f7f8dff3764fe55bdbebff515
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=92A322538AEB98FA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
mei.netlbtu.com/upload/art/gif/gfdt/29_69365_e990908b617a41e.gif
104.21.235.174200 OK 1.3 MB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/29_69365_e990908b617a41e.gif
IP 104.21.235.174:0
File type GIF image data, version 89a, 400 x 226\012- data
Size 1.3 MB (1318083 bytes)
Hash 68228f0df098c907d28945a071b18c0e
6be14bb172857e85afd7ad8daacab5cd6dd001ae
dcab40e2168b77f19a7db8fea0ac5ad93fb78801c22f0d83be46f8f2aa5f6cf4
GET /upload/art/gif/gfdt/29_69365_e990908b617a41e.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 1318083
last-modified: Fri, 27 Mar 2020 20:11:23 GMT
etag: "da775e3734d61:0"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDHHOv1utw57sEtJwZI%2BDvrKCF3DuyUspxtYvApM39I3ULrPvUKLuSfwvf0RqgsbLV9qRCkTfxwTF0WamdvAmGxAgnPckLsPnz%2FEZKXr6Q9SXfQoKjuxwIU%2F%2BF9Wp3KSOrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a1d28507566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
taiwtp1.com/img/650350.gif
220.128.218.220200 OK 169 kB URL HTTP/2 taiwtp1.com/img/650350.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 650 x 350\012- data
Size 169 kB (169178 bytes)
Hash 20a048c99c1a32ba83c939de0f7d1057
f926bd189cd0f9d98bf07c901d31d17af79cd593
51a74f368b0172eb5183be3586ccf49bd245c2aea83a136145c7c2d4226f27a0
GET /img/650350.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 05:53:34 GMT
content-type: image/gif
content-length: 169178
last-modified: Sun, 06 Mar 2022 11:36:46 GMT
etag: "62249cce-294da"
expires: Sun, 16 Oct 2022 05:53:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4332f35563bfbf9d055aa920cd9d6417
2ef3adb3ce09b613bb1eee8df67ffdc8827f5e17
f99d2f765eb23d19da5185a403ce373492c9c2139765d05a6592a3132784a8a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F99D2F765EB23D19DA5185A403CE373492C9C2139765D05A6592A3132784A8A7"
Last-Modified: Thu, 15 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17792
Expires: Fri, 16 Sep 2022 10:51:47 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4332f35563bfbf9d055aa920cd9d6417
2ef3adb3ce09b613bb1eee8df67ffdc8827f5e17
f99d2f765eb23d19da5185a403ce373492c9c2139765d05a6592a3132784a8a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F99D2F765EB23D19DA5185A403CE373492C9C2139765D05A6592A3132784A8A7"
Last-Modified: Thu, 15 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17895
Expires: Fri, 16 Sep 2022 10:53:30 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
loadimg.cdn-xxx.com/mmav_vip/app_img/37.gif
104.21.233.158200 OK 296 kB URL HTTP/2 loadimg.cdn-xxx.com/mmav_vip/app_img/37.gif
IP 104.21.233.158:0
File type GIF image data, version 89a, 96 x 96\012- data
Size 296 kB (295532 bytes)
Hash c05587ee5afb6796bc57f35a92963f67
5df220bd4a3a394117b0d9c94f5e911b1e2ccaa8
a95aa0d580fdb3b9a2d75a15d3d0d40ba9425ff4247d9a33e3420daba1726b2e
GET /mmav_vip/app_img/37.gif HTTP/1.1
Host: loadimg.cdn-xxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:14 GMT
content-type: image/gif
content-length: 295532
last-modified: Fri, 11 Feb 2022 08:54:24 GMT
etag: "62062440-4826c"
expires: Thu, 01 Sep 2022 15:46:09 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1922094
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hLQDruLouZfl%2FbPwJzYYVbzH4RKCfrBff2cL8nWeI6s5LVPfnY%2FDAF6MjI8mPx%2BA5%2FGeKRaUg0SZlbGLv5ikwXnVLmN4PlZIbb4%2Blr7QddWTTYy0Jty0VzLCKj8FHW1O4bHmRMDB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2288607713-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tupku.top/logotp/fff.gif
172.67.200.40200 OK 109 kB IP 172.67.200.40:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 109 kB (108625 bytes)
Hash 7f746939550d2ae41686ebf019a90ed7
8fccfd19873d3f91ba8b2d36680c42b650c653b2
16b6f5f802abc23c5788ad49bf0d3036db36fac0fd728e19548de61c54316252
GET /logotp/fff.gif HTTP/1.1
Host: tupku.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: image/gif
content-length: 108625
last-modified: Sun, 19 Jun 2022 13:14:28 GMT
etag: "62af2134-1a851"
expires: Fri, 23 Sep 2022 23:35:17 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1923563
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4pNu6qd4VC7lz%2Bw737FZPIRlPiJ%2FzihQwStKCGAPpILVV314Z673hiD6rCP3fw8ShY6Dgw8o7Y7%2BmXtgaN%2Bn%2B3L3RcxjiCHb9WMXo5XB6s62QvpF0ANvOJfbrg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2398e5b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0104u120009gi927q99B5.gif?proc=autoorient
104.110.17.24200 OK 71 kB URL HTTP/2 dimg04.c-ctrip.com/images/0104u120009gi927q99B5.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 540 x 260\012- data
Hash 637cf7ea9e95771cb82e66d08d918c62
1a0991fdcc20f566f936562d8f732e22e5c4493b
57cc01015451ad9ea3a964e6ad26a12e7c498fa529c56c3814d9f7316d111dc8
GET /images/0104u120009gi927q99B5.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 71406
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=4770580
expires: Thu, 10 Nov 2022 11:04:55 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0106g120009wibfqsD9C8.gif?proc=autoorient
104.110.17.24200 OK 188 kB URL HTTP/2 dimg04.c-ctrip.com/images/0106g120009wibfqsD9C8.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 100 x 100\012- data
Size 188 kB (188408 bytes)
Hash a42fcc01969700d8be8305f53934a6e2
71d757bd51db827e7cced9c0073d05718ed9f512
0221e45627a93f1d9bc151090112e438f35e1fff94b7d204e34bdc9904b8647e
GET /images/0106g120009wibfqsD9C8.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 188408
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=14228857
expires: Mon, 27 Feb 2023 22:22:52 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
taiwtp1.com/img/200200.gif
220.128.218.220200 OK 75 kB URL HTTP/2 taiwtp1.com/img/200200.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 200 x 200\012- data
Hash 03c13356e00c2033df2c88cb919251eb
f3a334a0366ddda6a87034f7d6c889c4d159dc8d
0c184e206259e8d0c54d3fc12d3d5332e9f6ff5f0404630fcb2daefe65fe1bfe
GET /img/200200.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 05:53:34 GMT
content-type: image/gif
content-length: 75259
last-modified: Wed, 09 Mar 2022 04:51:10 GMT
etag: "6228323e-125fb"
expires: Sun, 16 Oct 2022 05:53:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0102q120009wibsktEC5D.gif?proc=autoorient
104.110.17.24200 OK 532 kB URL HTTP/2 dimg04.c-ctrip.com/images/0102q120009wibsktEC5D.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 240 x 140\012- data
Size 532 kB (532399 bytes)
Hash 63a3f4743b6b47516b293c1110319d43
a253d2d99c8dc2bd399d7c7f8df918d259b0548a
12d18a7995968ba83d462b20dfe93cb610a697c3da367c4d36cac558cd5a0608
GET /images/0102q120009wibsktEC5D.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 532399
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=14214734
expires: Mon, 27 Feb 2023 18:27:29 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/01062120009juijo220FF.gif?proc=autoorient
104.110.17.24200 OK 459 kB URL HTTP/2 dimg04.c-ctrip.com/images/01062120009juijo220FF.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 240 x 240\012- data
Size 459 kB (459178 bytes)
Hash b94c433c7ff120830548e8235064c166
495aab71076393eb97ab0f4e00f361d2a5dbcef2
260ae0971036dd2ff09076337b2e81ead9ce9c7afd576a12e45676a4b76abea2
GET /images/01062120009juijo220FF.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 459178
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=8368460
expires: Thu, 22 Dec 2022 02:29:35 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
taiwtp1.com/img/960120.gif
220.128.218.220200 OK 121 kB URL HTTP/2 taiwtp1.com/img/960120.gif
IP 220.128.218.220:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 960 x 120\012- data
Size 121 kB (120952 bytes)
Hash 8b1ce22d19b73e71ec05f04491df7cae
101ed504920b13424231d6fb3540fb7dfdba69e3
5a7a72fa04186d44d08de8b590fcf1644ad8370bc65007e51ba9300af2541dce
GET /img/960120.gif HTTP/1.1
Host: taiwtp1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 05:53:34 GMT
content-type: image/gif
content-length: 120952
last-modified: Thu, 10 Mar 2022 10:55:56 GMT
etag: "6229d93c-1d878"
expires: Sun, 16 Oct 2022 05:53:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
kvhnn.com/7bd513049aab526523bbee3bfb3eaf7a.gif
45.150.164.88301 Moved Permanently 162 B URL HTTP/2 kvhnn.com/7bd513049aab526523bbee3bfb3eaf7a.gif
IP 45.150.164.88:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /7bd513049aab526523bbee3bfb3eaf7a.gif HTTP/1.1
Host: kvhnn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: text/html
content-length: 162
location: https://kvtggg.top/7bd513049aab526523bbee3bfb3eaf7a.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0100l120009wibaif2CE1.gif?proc=autoorient
104.110.17.24200 OK 402 kB URL HTTP/2 dimg04.c-ctrip.com/images/0100l120009wibaif2CE1.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 402 kB (402231 bytes)
Hash 6497ef8f223cd0070b904d48ece475e5
7e6dc0a79d9a1feef08b8cfffffb2fef7bf83fc6
cfe5826da227b26ad6a5dc15aea3ca217a3ff9bab854cc7b72b40468fb9a73bc
GET /images/0100l120009wibaif2CE1.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 402231
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=14228800
expires: Mon, 27 Feb 2023 22:21:55 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
kvhnn.com/33a2534502bc9c2579ad15dd25e2aa9b.gif
45.150.164.88301 Moved Permanently 162 B URL HTTP/2 kvhnn.com/33a2534502bc9c2579ad15dd25e2aa9b.gif
IP 45.150.164.88:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /33a2534502bc9c2579ad15dd25e2aa9b.gif HTTP/1.1
Host: kvhnn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: text/html
content-length: 162
location: https://kvtggg.top/33a2534502bc9c2579ad15dd25e2aa9b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
590233ee4fbb3.cdn.sohucs.com/auto/1-autofc46426801e540eb8e3388f2820dc2ad
47.246.44.227200 OK 3.5 MB URL HTTP/2 590233ee4fbb3.cdn.sohucs.com/auto/1-autofc46426801e540eb8e3388f2820dc2ad
IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 352 x 317\012- data
Size 3.5 MB (3537115 bytes)
Hash b48b5de8b8cc68e43138d1c226836eaf
12c78ce7e805ebb8f11a8bc412a5bda09df1539a
31b4ec9cc55657010fe07c4f97964cdc73829716bc904a5d9b574f0b5a0867f5
GET /auto/1-autofc46426801e540eb8e3388f2820dc2ad HTTP/1.1
Host: 590233ee4fbb3.cdn.sohucs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3537115
last-modified: Tue, 7 Jun 2022 03:30:15 GMT
etag: "b48b5de8b8cc68e43138d1c226836eaf"
date: Fri, 12 Aug 2022 13:59:40 GMT
access-control-allow-origin: *
cache-control: max-age=7776000
fss-cache: MISS from 3216672.4527402.4462388, MISS from 4808076.8084886.5680574
fss-proxy: Powered by 2579818.3628404.3452282
ali-swift-global-savetime: 1660312781
via: cache5.l2de2[0,32,200-0,H], cache12.l2de2[35,0], cache12.l2de2[35,0], cache2.se1[0,1,200-0,H], cache4.se1[3,0]
age: 2994934
x-cache: HIT TCP_HIT dirn:3:79967622
x-swift-savetime: Wed, 31 Aug 2022 18:12:02 GMT
x-swift-cachetime: 6119259
timing-allow-origin: *
eagleid: 2ff62c9816633077150922583e
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0101c120009texk0w2379.gif?proc=autoorient
104.110.17.24200 OK 406 kB URL HTTP/2 dimg04.c-ctrip.com/images/0101c120009texk0w2379.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 406 kB (405949 bytes)
Hash 236d9ac1c1f404b46f6c4f59e2f73204
391d66392ee11e4574873f110ff70e2e65033c1c
0b5b5037b59900b8f72c5c1c66e9428db41c9178fd974e41eab0cc70dff1cabc
GET /images/0101c120009texk0w2379.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 405949
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=12539576
expires: Wed, 08 Feb 2023 09:08:11 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
kvhnn.com/d3f69e028d60b13d4c63ad9732199bcb.gif
45.150.164.88301 Moved Permanently 162 B URL HTTP/2 kvhnn.com/d3f69e028d60b13d4c63ad9732199bcb.gif
IP 45.150.164.88:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d3f69e028d60b13d4c63ad9732199bcb.gif HTTP/1.1
Host: kvhnn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: text/html
content-length: 162
location: https://kvtggg.top/d3f69e028d60b13d4c63ad9732199bcb.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 422dd89c0f9c5d5c2a3a2ac9f7cde269
75c8aeb16c2097aadda6b95ddf18141186ebe69c
3bec5192a5dafa9fd67153f24558b1a4de8147f33a5b475029c8aed2d8cb0c50
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BEC5192A5DAFA9FD67153F24558B1A4DE8147F33A5B475029C8AED2D8CB0C50"
Last-Modified: Wed, 14 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Fri, 16 Sep 2022 11:54:39 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
dimg04.c-ctrip.com/images/03958120009rrl5x8B1D9.gif
104.110.17.24200 OK 341 kB URL HTTP/2 dimg04.c-ctrip.com/images/03958120009rrl5x8B1D9.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 341 kB (341373 bytes)
Hash 31cfc227b5dc64e4de1b83d1bbf58246
fa726ea535a7163ed7e2530d5c3e46eb4e73c9db
50e1eb0c48a62bff94a460c9b526c3b696a3a03d05e57946afcb1de2f0bc6164
GET /images/03958120009rrl5x8B1D9.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 341373
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=12127824
expires: Fri, 03 Feb 2023 14:45:39 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/03964120009rs6jjg70FF.gif
104.110.17.24200 OK 1.6 MB URL HTTP/2 dimg04.c-ctrip.com/images/03964120009rs6jjg70FF.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.6 MB (1556166 bytes)
Hash 0b17d03531a48d4000db14ced55e5dfd
bdeb80e6d917f836fb4886758896cac9bc78047e
4b74bdadc9f2a4d4cce7d241395dcdd266bcbf5e16d344a7b3cf763ae46fc30b
GET /images/03964120009rs6jjg70FF.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 1556166
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
x-edgeconnect-midmile-rtt: 6
x-edgeconnect-origin-mex-latency: 265
cache-control: max-age=13258249
expires: Thu, 16 Feb 2023 16:46:04 GMT
date: Fri, 16 Sep 2022 05:55:15 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash e045e1f3e627376c223381dcd59c7d63
8476c8a1188ec2c50f729dd39d0285fb276d4854
5f585d17fc9d03d86438ef666a63cb9c301f7cbd6c2d5e27d34db29283b35229
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 20 Sep 2022 02:31:22 GMT
ETag: "8476c8a1188ec2c50f729dd39d0285fb276d4854"
Last-Modified: Fri, 16 Sep 2022 02:31:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2489
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a258cd7fabc-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eb0a02a6869b885fe67ed27b5ae2d042
cf6e3b3dee641b0667a2477bdbbf14b384e8bc3e
f4a3b0eda799dc96348c14e7dc62465757fd27017f5b05fdda22ac63c4ab1f05
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4A3B0EDA799DC96348C14E7DC62465757FD27017F5B05FDDA22AC63C4AB1F05"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7135
Expires: Fri, 16 Sep 2022 07:54:10 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
ocsp.dcocsp.cn/
47.246.44.228200 OK 471 B IP 47.246.44.228:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 84e6f63a7878cd98aaf59672b85cec0f
e187c818d8b2df0ee4168af11d05f8692e25c3e1
b3cce8b4c6b955aed7206f8a1870eea477d2cdaab3d415016fade9be1ec960d8
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 16 Sep 2022 05:08:57 GMT
Ali-Swift-Global-Savetime: 1663304937
Via: cache21.l2de2[0,0,200-0,H], cache21.l2de2[0,0], cache2.se1[0,0,200-0,H], cache2.se1[1,0]
Age: 2778
X-Cache: HIT TCP_MEM_HIT dirn:3:108957709
X-Swift-SaveTime: Fri, 16 Sep 2022 05:46:12 GMT
X-Swift-CacheTime: 1365
Timing-Allow-Origin: *
EagleId: 2ff62c9616633077155417739e
kvhdd.com/f4cb54149631e5618019c8146bf7dedd.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kvhdd.com/f4cb54149631e5618019c8146bf7dedd.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /f4cb54149631e5618019c8146bf7dedd.gif HTTP/1.1
Host: kvhdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: text/html
content-length: 162
location: https://kvtlll.top/f4cb54149631e5618019c8146bf7dedd.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c710e205595b6ac93784bdc68fac88d8
07738d8bdf9ca5b1fa4acf7b8ca7d5659a8d1819
e11087a95b40d7ac1369188039d819d2ac6967776c5c33bb34892977d3415de4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E11087A95B40D7AC1369188039D819D2AC6967776C5C33BB34892977D3415DE4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9984
Expires: Fri, 16 Sep 2022 08:41:39 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash d743379340c4cd22455be26b605051b4
3ff10cbb3c6f563b0ae94dcb4b227dd91306ae43
7bfea2bdec43cea7c576c67bad9a69eafa8a9f154e6cef22a37db5ca256ac38a
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: f355ae5b37866c9d91f05ecb2007fe6b
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:15 GMT
Etag: e8bd9e5da01708e44668826b1b53008f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=673B1ABB96C5CD77; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash e045e1f3e627376c223381dcd59c7d63
8476c8a1188ec2c50f729dd39d0285fb276d4854
5f585d17fc9d03d86438ef666a63cb9c301f7cbd6c2d5e27d34db29283b35229
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 20 Sep 2022 02:31:22 GMT
ETag: "8476c8a1188ec2c50f729dd39d0285fb276d4854"
Last-Modified: Fri, 16 Sep 2022 02:31:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2489
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a27ef47b51d-OSL
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e25daa01cbe791e989404d32e75df163
54cedafd1b785e446ee76991beea642c7e2c1512
7df863ea52a4d8ec55658e57747a3a0ed35dc9d2814f3c52ab75fbae82bc68f2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7DF863EA52A4D8EC55658E57747A3A0ED35DC9D2814F3C52AB75FBAE82BC68F2"
Last-Modified: Fri, 16 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Fri, 16 Sep 2022 11:54:41 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
pic6.58cdn.com.cn/nowater/webim/big/n_v2173d0259cccc4c2a8f89829150644354.gif
101.33.29.234403 Forbidden 0 B URL HTTP/2 pic6.58cdn.com.cn/nowater/webim/big/n_v2173d0259cccc4c2a8f89829150644354.gif
IP 101.33.29.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nowater/webim/big/n_v2173d0259cccc4c2a8f89829150644354.gif HTTP/1.1
Host: pic6.58cdn.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
content-length: 0
x-nws-log-uuid: 9864273142428945125
server: Lego Server
date: Fri, 16 Sep 2022 05:55:15 GMT
x-cache-lookup: Return Directly
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 942ec66da6f0db4612ccad87c605cdb2
bee2eececfc36df942ef6c1d76cc54e98ea0f823
4477e95a8de4b462b9078c9323184971ede54527f58c8caf7381f8c86f197866
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4477E95A8DE4B462B9078C9323184971EDE54527F58C8CAF7381F8C86F197866"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21176
Expires: Fri, 16 Sep 2022 11:48:11 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa551153052c1a1429ca1f4ce54575ac
b3fcc2271007f0b3ee3286b3e25e23e622cd002a
2a9ef5e2174f8f65e7f42d653942678cc9d2f37edd3c7e40942160df3274fb37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A9EF5E2174F8F65E7F42D653942678CC9D2F37EDD3C7E40942160DF3274FB37"
Last-Modified: Wed, 14 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16681
Expires: Fri, 16 Sep 2022 10:33:16 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash bc29c24cd45e566187fc0a63f27fded7
dd325fa7dfd7f0c62e73e2390bc72989cd7a6d91
f3a09ff41a3f9bcd2dbad42c4ee4a134a3ca2e997fead9b7208dba4059332cb3
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 05:55:15 GMT
Ali-Swift-Global-Savetime: 1663307715
Via: cache11.l2de2[5,5,200-0,M], cache11.l2de2[7,0], cache2.se1[27,27,200-0,M], cache2.se1[28,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 16 Sep 2022 05:55:15 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616633077158817982e
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 238308ccbdac76796862b9b5c40ba5cf
b9ac2d8af92a56c98eceed94202979af88613d5b
23084dff0b45b2678bb00cfb08470b253660e91f3f6a3cba89f3439901337444
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "23084DFF0B45B2678BB00CFB08470B253660E91F3F6A3CBA89F3439901337444"
Last-Modified: Wed, 14 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14088
Expires: Fri, 16 Sep 2022 09:50:03 GMT
Date: Fri, 16 Sep 2022 05:55:15 GMT
Connection: keep-alive
tk.learning8808.com/images/xt3.gif
172.67.182.207200 OK 193 kB URL HTTP/2 tk.learning8808.com/images/xt3.gif
IP 172.67.182.207:0
File type GIF image data, version 89a, 326 x 217\012- data
Size 193 kB (193237 bytes)
Hash a15551773d50ba1bc1c91f1ac0e7a45f
603c163ea29d202ec5019fecaf202962892d6500
dac04d049696b8e58a9d9ccc2c2e90f480ad925f796df8ddb5a87f10250bc39e
GET /images/xt3.gif HTTP/1.1
Host: tk.learning8808.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: image/gif
content-length: 193237
last-modified: Wed, 27 Apr 2022 12:03:11 GMT
etag: "626930ff-2f2d5"
expires: Thu, 29 Sep 2022 01:38:42 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1484193
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H2NcDvCnEW0LupA4phacmuGZ5CymiCSSVDIzHacESBrJDaJ7c5qaFxuBZ9qVeac86nnS30l8Kve8sM9qbkgscfa8CIyuoelgHOk6fYpj0s4DXDUTw4fAxNk6%2BeMcy%2FaCpr0jFhpp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a28bdc7b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 96b48e81582b1c1d09074ccb8dc136c9
8370d040e5736ba92c7cdab1e4d897199c93938a
9ef0278fd7d7c7c5126a218007abd2063918a9d9e27ed31928298a1d5befaeb6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2148
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:15 GMT
Etag: "6321f684-2d7"
Last-Modified: Fri, 16 Sep 2022 05:19:28 GMT
Server: ECS (amb/6BBE)
X-Cache: HIT
Content-Length: 727
imagedelivery.net/A9OuLaxm6__qJKw8tAadDA/0be352ec-e374-48c2-b676-5add510ea300/public
104.18.3.36200 OK 357 kB URL HTTP/2 imagedelivery.net/A9OuLaxm6__qJKw8tAadDA/0be352ec-e374-48c2-b676-5add510ea300/public
IP 104.18.3.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 357 kB (357206 bytes)
Hash d3e5a7dbf3d52f7c6282a913ff6bdf8b
63570708e4dbd964798129722adf4f230fea765c
6f95345878e4c3c66ea48d19656b8f05971e2cc35854d9e885d72d41476fcb92
GET /A9OuLaxm6__qJKw8tAadDA/0be352ec-e374-48c2-b676-5add510ea300/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:15 GMT
content-type: image/webp
content-length: 357206
cf-ray: 74b75a28de1eb52d-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=14400
etag: "cfd0TdHURPuIzWu_6EReyF5A"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-images: internal=ok/- q=0 n=15 c=274 v=2022.8.4 l=357206
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 6d2f80a6d237a410be43b2f30e6ba846
5a396658c536923b338bac23746c0a472c9ac8b6
761f88d6387f67152bc8e7f11b338f2fdc94891b73826cef52f5c9028d980629
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1342
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:15 GMT
Last-Modified: Fri, 16 Sep 2022 05:32:53 GMT
Server: ECS (amb/6B8E)
X-Cache: HIT
Content-Length: 727
statuse.digitalcertvalidation.com/
93.184.220.29200 OK 471 B URL HTTP/1.1 statuse.digitalcertvalidation.com/
IP 93.184.220.29:0
Hash 8bb95f5cce15723f9ff0653688abe336
9c668fc4b701a655d71327c789a233faf1f91120
3d04fc5af69cee6827d27aab181db5200582105bd253c3d86506c40b7ce1bd00
POST / HTTP/1.1
Host: statuse.digitalcertvalidation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3144
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:16 GMT
Last-Modified: Fri, 16 Sep 2022 05:02:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bf2fcb30ca4da3a1d708451628370651
15700ef1e635bdbc1ce44f4a3cdd060f3821ffa0
fd24d8809aaf03646cc0c6ab2b039ed7a11b39b9dd300896ec75d385468aa361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD24D8809AAF03646CC0C6AB2B039ED7A11B39B9DD300896EC75D385468AA361"
Last-Modified: Tue, 13 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9651
Expires: Fri, 16 Sep 2022 08:36:07 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
p3.toutiaoimg.com/origin/pgc-image/290299ed48d84c7b99d8fbd8a96a254c
47.246.44.224200 OK 186 kB URL HTTP/2 p3.toutiaoimg.com/origin/pgc-image/290299ed48d84c7b99d8fbd8a96a254c
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 186 kB (186342 bytes)
Hash c4aec2fc715ed9100d40a15aa4b82c28
c147669e2e7bffdbff992edf4b8ab2b146040dce
b349c187657aac001daafe636bf8c97f2c81c13f526886cb3fc9bafc0b8cb6df
GET /origin/pgc-image/290299ed48d84c7b99d8fbd8a96a254c HTTP/1.1
Host: p3.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 186342
date: Thu, 21 Oct 2021 09:10:26 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 21 Oct 2021 08:58:12 GMT
nw-session-id: 202110211658120101940982172800847Cbdq9f03tt
nw-session-trace: 2021-10-21T16:58:12.867555838+08:00 17
x-bdcdn-cache-status: TCP_HIT
x-length: 186342
x-powered-by: ImageX
x-response-date: Thu, 21 Oct 2021 16:58:12 GMT
x-tt-logid: 202110211658120101940982172800847C
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 0143b8a90c198582ebf8e563deef242304680424e5642ffc7881171a50a18fd2eb2f21300ad601a15bb90c1a7cee1ba4f113033a32a386ecf59b0f74b51e5fd388123a85ac9ac2b3f84332ed9b1ee6617260903a166126129d753691b8fa90a4e9
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-lb: image
ali-swift-global-savetime: 1634807426
via: cache6.l2de2[0,0,200-0,H], cache11.l2de2[2,0], cache11.l2de2[2,0], cache5.se1[0,0,200-0,H], cache2.se1[2,0]
age: 28500290
x-cache: HIT TCP_MEM_HIT dirn:6:813558088
x-swift-savetime: Wed, 31 Aug 2022 14:18:34 GMT
x-swift-cachetime: 4387912
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9616633077160198088e
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3e1627ff35c10661f4b1cae20ba4d784
f391a798bcb3af30a132c1bb1a92e5d145d0614b
f991d031e50fa7d58c05372c99aa4158444feebb57234efd252f6d6d7964bd7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F991D031E50FA7D58C05372C99AA4158444FEEBB57234EFD252F6D6D7964BD7F"
Last-Modified: Tue, 13 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11182
Expires: Fri, 16 Sep 2022 09:01:38 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
kvemm.com/ca302b14c051bf41d75347daaf6e7ab3.gif
45.154.214.219301 Moved Permanently 162 B URL HTTP/2 kvemm.com/ca302b14c051bf41d75347daaf6e7ab3.gif
IP 45.154.214.219:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ca302b14c051bf41d75347daaf6e7ab3.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: text/html
content-length: 162
location: https://kvhjjj.top/ca302b14c051bf41d75347daaf6e7ab3.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvtaaa.top/3b519146003914bff4ecede8a7b76f26.gif
172.67.173.230200 OK 45 kB URL HTTP/2 kvtaaa.top/3b519146003914bff4ecede8a7b76f26.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 27a2817f52fee59d33a011663237afdc
e7d0b357438c2865cebc6c484e5d59bc1f048593
646c480e9b32d6623a25cb02951e9e2be603ff3926511754c6994f29857626fd
GET /3b519146003914bff4ecede8a7b76f26.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 44685
last-modified: Wed, 29 Jun 2022 14:36:22 GMT
etag: "62bc6366-ae8d"
expires: Tue, 04 Oct 2022 17:32:03 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 994993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNX%2BGRE49dFxJ44CbsHv7iI52AQ9Q4FBY5WugwXEzXmmKqlqlgZiU5w5TR5T5deRUNJnGQEQiWgmIsDB%2B4rVqw58TrmII9aNoI8ARMYWlhMARInZsm4bGdMWedgW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a29acf10b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtaaa.top/3d4880421423cb46270fedc14e73f807.gif
172.67.173.230200 OK 89 kB URL HTTP/2 kvtaaa.top/3d4880421423cb46270fedc14e73f807.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 960 x 120\012- data
Hash 84b294fbbafc47dd77fca5a388711635
38ade9b187ccc57b801f9c5258f2b1e596475b00
f44bb8d8ece53e80485b814e46cc6c436f3e35b778544b85f25e96dbc17fe734
GET /3d4880421423cb46270fedc14e73f807.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 89421
last-modified: Mon, 13 Jun 2022 10:13:33 GMT
etag: "62a70dcd-15d4d"
expires: Tue, 04 Oct 2022 12:09:51 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1014325
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOfV2O%2FnJB6t%2Fl3CGO1cHqHNgmgFTMQ8OoUcI5D2q3e5ZxoZOvpm7AwLimhNB4Wu26oQud7r%2BeVyzBZRoMHu1cw36pd5rv0Wh9zEVO9IlgOJfxFky7%2Bfyo2AdvqT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a29ccff0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=367322237&si=e60c1c9f58846acc98f6a3c66dd81576&su=http%3A%2F%2Fwww.ablehair.com%2F&v=1.2.97&lv=1&sn=29400&r=0&ww=1268&ct=!!&u=http%3A%2F%2Ftadeng.top%2F&tt=%E6%B3%A1%E6%B3%A1%E5%BD%B1%E8%A7%86%3APaoPaoYingShi.xyz
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=367322237&si=e60c1c9f58846acc98f6a3c66dd81576&su=http%3A%2F%2Fwww.ablehair.com%2F&v=1.2.97&lv=1&sn=29400&r=0&ww=1268&ct=!!&u=http%3A%2F%2Ftadeng.top%2F&tt=%E6%B3%A1%E6%B3%A1%E5%BD%B1%E8%A7%86%3APaoPaoYingShi.xyz
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=367322237&si=e60c1c9f58846acc98f6a3c66dd81576&su=http%3A%2F%2Fwww.ablehair.com%2F&v=1.2.97&lv=1&sn=29400&r=0&ww=1268&ct=!!&u=http%3A%2F%2Ftadeng.top%2F&tt=%E6%B3%A1%E6%B3%A1%E5%BD%B1%E8%A7%86%3APaoPaoYingShi.xyz HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 16 Sep 2022 05:55:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A08AC613D5C1FD91; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 96b48e81582b1c1d09074ccb8dc136c9
8370d040e5736ba92c7cdab1e4d897199c93938a
9ef0278fd7d7c7c5126a218007abd2063918a9d9e27ed31928298a1d5befaeb6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:16 GMT
Server: ECS (amb/6B74)
Content-Length: 727
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dbd8c02ee0ed91b2897a70ef0cd0de76
71371545c55e4ed0c1c78ca14086b7cda96702ef
4176ab43c0672f82c4d79db447a3c7f27ec607ee90d066a2ded3287aaf0df70e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4176AB43C0672F82C4D79DB447A3C7F27EC607EE90D066A2DED3287AAF0DF70E"
Last-Modified: Fri, 16 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13720
Expires: Fri, 16 Sep 2022 09:43:56 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
kvtaaa.top/3c52792939dec2a456e9f2a839a41642.gif
172.67.173.230200 OK 196 kB URL HTTP/2 kvtaaa.top/3c52792939dec2a456e9f2a839a41642.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 196 kB (196497 bytes)
Hash d00955c977d5037971037e8636e6e3fc
543dd6c4ba60647bdd10cdaa77487a688f3a13e5
ec4311d990968747d453095fe6ae0bbc000e16e25d288b96170c7a5a56a5ca24
GET /3c52792939dec2a456e9f2a839a41642.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 196497
last-modified: Mon, 01 Aug 2022 10:55:20 GMT
etag: "62e7b118-2ff91"
expires: Fri, 30 Sep 2022 14:11:07 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1352649
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfpn5cNvMbYYMNjssaX7TmqwTN0xTlqYhqPGY8lmqwP0%2FMif5GQSokzTeIZ82SSeOm%2Fr0ys6Xah6Eqmp%2BIzfdfuN1XGC4to9v7hz1o0%2BcmgnUKK766GtyDDe33C3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a29fd160b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tvax1.sinaimg.cn/large/008tT9E7gy1h4bnwuii8ig305k05k7hg.gif
23.36.77.33301 Moved Permanently 169 B URL HTTP/2 tvax1.sinaimg.cn/large/008tT9E7gy1h4bnwuii8ig305k05k7hg.gif
IP 23.36.77.33:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8c2170ef3ddebf996718575917956e9c
618ab5fab7445b7797272607a22c0d307465857f
31976ec4fe4abdf91d242f8bacfc9f6cf16acc46d13d0de6e32a2da88076cc55
GET /large/008tT9E7gy1h4bnwuii8ig305k05k7hg.gif HTTP/1.1
Host: tvax1.sinaimg.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
content-type: text/html
content-length: 169
x-ban: MISS,17579
pragma: public
x-request-id: g181.139-1663307649.126000-3660742460
location: //tvax1.sinaimg.cn/images/default_d_s_large.gif#101
edge-copy-time: 1663307649121
x-via-cdn: f=Akamai,s=23.36.77.29,c=91.90.42.154;f=edge,s=ctc.guangzhou.union.51.nb.sinaedge.com,c=23.45.50.68;f=Edge,s=cmcc.guangzhou.union.94,c=10.31.54.51
x-via-edge: 166330770216344322d1733361f0a10b480a4
access-control-allow-credentials: true
cache-control: max-age=36
date: Fri, 16 Sep 2022 05:55:16 GMT
x-cache: TCP_MISS from a23-36-77-29.deploy.akamaitechnologies.com (AkamaiGHost/10.9.4-44125806) (-)
x-cache-remote: TCP_REFRESH_MISS from a23-36-76-213.deploy.akamaitechnologies.com (AkamaiGHost/10.9.4-44125806) (S)
network_info: NO_OSLO_50304, NO_OSLO_50304
served-from: ?:92.122.101.58:e:23.36.76.213
X-Firefox-Spdy: h2
kvtaaa.top/c40eb5d2869982a34091b21b14a0c4f8.gif
172.67.173.230200 OK 126 kB URL HTTP/2 kvtaaa.top/c40eb5d2869982a34091b21b14a0c4f8.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 320 x 240\012- data
Size 126 kB (126524 bytes)
Hash 66238d3b088915d1eafa003a649d60b7
d1c522159276ffdedff05780e9e5c8a43e4758be
47828389262c7cd40716bd7e002fdf8aa7374e0c1589ed25405d026c7b4d6c02
GET /c40eb5d2869982a34091b21b14a0c4f8.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 126524
last-modified: Thu, 19 May 2022 10:09:41 GMT
etag: "62861765-1ee3c"
expires: Sun, 16 Oct 2022 05:55:16 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7knVDNwhexKZpPTMQyH%2Blxv3P%2Fu9LZEbSaTBzpV78bHgVjXpKWQPVMq2tXeBO7vGFbj3%2F2mJQzToNvjwMUasGPcIOMAXAmmkTYUJI3B3L4H7DDOBzUe5Tjs3JtPT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a29bcf60b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtggg.top/d3f69e028d60b13d4c63ad9732199bcb.gif
104.21.11.149200 OK 430 kB URL HTTP/2 kvtggg.top/d3f69e028d60b13d4c63ad9732199bcb.gif
IP 104.21.11.149:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 430 kB (429783 bytes)
Hash 7fdd303a348637ea3ac5af8617b4dc1a
3d72473e1edfb3b7c8a2c97503ae20e5a3be2aaa
3f23ef84540fac3252bd757b9cd6be4503ab17da668d7526a38b0a73992131b3
GET /d3f69e028d60b13d4c63ad9732199bcb.gif HTTP/1.1
Host: kvtggg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 429783
last-modified: Tue, 23 Aug 2022 09:47:29 GMT
etag: "6304a231-68ed7"
cache-control: max-age=5356800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykiDlCmSw1lQ3UYtQVLXgtuBm8D3sBMTygqr0jjL52rolWxHeHOIGyDPE1R4Q7FLPas8Q3HhcMfo5kPSHQRWPX1xaBx8G9KhvvdU19txAVKMrqB7fkQgTf%2FHRBEJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a28998f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtaaa.top/b79da99d2bf9b374adb19e9382c756b6.gif
172.67.173.230200 OK 69 kB URL HTTP/2 kvtaaa.top/b79da99d2bf9b374adb19e9382c756b6.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 501a7839a0ccd48d152e3441a6c1d297
dcc20dbe989beb1b1e5c82bc27f39615d0ad7a2d
db63ec8423aa0cc664270b6a331754691eff75ce4497b1456b8eb6d702dce696
GET /b79da99d2bf9b374adb19e9382c756b6.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 68973
last-modified: Sun, 03 Jul 2022 12:57:33 GMT
etag: "62c1923d-10d6d"
expires: Tue, 11 Oct 2022 00:07:42 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 452854
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3EkqKPhpHEUBOq3uTKqvtX8lmK890MV%2B3C0rPW1WwvvGm%2FE7k%2FG42RM501puVSwoRKGWAKB%2F8zqXFZbewSRIEhkCjl3rAefCHdruueKxKzCif9Fs%2BJpmavfFNdWq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2c6ead0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtggg.top/7bd513049aab526523bbee3bfb3eaf7a.gif
104.21.11.149200 OK 132 kB URL HTTP/2 kvtggg.top/7bd513049aab526523bbee3bfb3eaf7a.gif
IP 104.21.11.149:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 132 kB (132369 bytes)
Hash d25943b4cc9cb91c4db8964cfc917535
da7d8c2187416e84899e1e3634e8fc2b029b8d87
b8d4dcbea367275716fb0c6a33ec0268356556b41a6ab8ba04175647f6fb0242
GET /7bd513049aab526523bbee3bfb3eaf7a.gif HTTP/1.1
Host: kvtggg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 132369
last-modified: Tue, 23 Aug 2022 07:51:31 GMT
etag: "63048703-20511"
cache-control: max-age=5356800
cf-cache-status: HIT
age: 648223
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMn3COe%2BRf1QKntfp94I39twcHz1NHkVJKLK3Hxs8HcnVNTd7JMrklYZeNzjsZ9wXJPN6DIdYCaG2xAvpOyK6ZjFiIv6pyRamJO%2BuMdLM6lN9ves5%2BILL1MJvugU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2c8c760afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=235822843&si=0b3b7135d192f715b24f2d6c523ea8d2&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=235822843&si=0b3b7135d192f715b24f2d6c523ea8d2&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=235822843&si=0b3b7135d192f715b24f2d6c523ea8d2&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 16 Sep 2022 05:55:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=00DFDC0C0BBB849E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1128669617&si=bdca6cd0ce243078a710bd99905a8ea4&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1128669617&si=bdca6cd0ce243078a710bd99905a8ea4&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1128669617&si=bdca6cd0ce243078a710bd99905a8ea4&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 16 Sep 2022 05:55:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8EC700FA8A2F6840; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 65e7ef223bbed0d407f4c8ca782e5ef4
31e0f6b435de9f77614474e0003ebfb8bf2e4e0a
e7c4e03f0f74591b0e6b94d9e849faaed6f3aef2dcc37e8ea97bb8fe5c7b68aa
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: e8bd9e5da01708e44668826b1b53008f
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:15 GMT
Etag: b94b6c2c7d7a72e3e222f58e16eb1d8a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=44C2310FBBDD8AAE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1243562686&si=e60c1c9f58846acc98f6a3c66dd81576&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1243562686&si=e60c1c9f58846acc98f6a3c66dd81576&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1243562686&si=e60c1c9f58846acc98f6a3c66dd81576&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 16 Sep 2022 05:55:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A0DE0CE62D6B0EF5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=863321298&si=7e3ea20adb15a222f178ecb64c646c30&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=863321298&si=7e3ea20adb15a222f178ecb64c646c30&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=863321298&si=7e3ea20adb15a222f178ecb64c646c30&v=1.2.97&lv=1&sn=29399&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.ablehair.com%2Findex.php&tt=%E6%B7%84%E5%8D%9A%E7%AA%81%E8%82%BF%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ablehair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 16 Sep 2022 05:55:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=ADEF72FC20B90CB5; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
998k.at/650x350.gif
104.233.158.19200 OK 845 kB IP 104.233.158.19:0
File type GIF image data, version 89a, 650 x 350\012- data
Size 845 kB (845371 bytes)
Hash 46be6d9b16aa6f4fc26bcfd4f6ca469c
9566411fb76837f315c853671126713b19fba825
38645ca5f943cc63f2d396871474f805e0febb1871447a0a4a9db62322d85060
GET /650x350.gif HTTP/1.1
Host: 998k.at
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:15 GMT
Content-Type: image/gif
Content-Length: 845371
Connection: keep-alive
Last-Modified: Mon, 20 Jun 2022 13:32:08 GMT
ETag: "62b076d8-ce63b"
Expires: Sun, 18 Sep 2022 15:24:49 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
tvax1.sinaimg.cn/images/default_d_s_large.gif
23.36.77.33200 OK 7.1 kB URL HTTP/2 tvax1.sinaimg.cn/images/default_d_s_large.gif
IP 23.36.77.33:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 360 x 360\012- data
Hash 41e5d4e3002de5cea3c8feae189f0736
4146f3b42f71ab9571a2cf2586cb5fa13bfdcef5
e6e333264f197a7e6bda94c1b4fc00529af89f07af0dbd1e57e7805927910860
GET /images/default_d_s_large.gif HTTP/1.1
Host: tvax1.sinaimg.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/gif
content-length: 7125
x-ban: MISS,10534
last-modified: Tue, 17 May 2022 07:49:53 GMT
etag: "628353a1-1bd5"
accept-ranges: bytes
edge-copy-time: 1653211584961
x-via-cdn: f=Akamai,s=23.36.77.29,c=91.90.42.154;f=edge,s=ctc.guangzhou.union.52.nb.sinaedge.com,c=23.32.248.84;f=Edge,s=cmcc.guangzhou.union.106,c=10.31.54.52
x-via-edge: 165324123573354f8201734361f0a047f2bfe
access-control-allow-credentials: true
network_info: DE_FRANKFURT_24940, DK_NAKSKOV_15516, NO_OSLO_50304, NO_OSLO_50304
cache-control: max-age=6188679
expires: Sat, 26 Nov 2022 20:59:55 GMT
date: Fri, 16 Sep 2022 05:55:16 GMT
x-cache: TCP_HIT from a23-36-77-29.deploy.akamaitechnologies.com (AkamaiGHost/10.9.4-44125806) (-)
served-from: e:23.36.77.29
X-Firefox-Spdy: h2
pic.rmb.bdstatic.com/bjh/17244f3a8b60a0f7b291f5621c873713.gif
185.10.104.115200 OK 1.6 MB URL HTTP/2 pic.rmb.bdstatic.com/bjh/17244f3a8b60a0f7b291f5621c873713.gif
IP 185.10.104.115:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /bjh/17244f3a8b60a0f7b291f5621c873713.gif HTTP/1.1
Host: pic.rmb.bdstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 1626999
expires: Tue, 06 Sep 2022 02:14:33 GMT
last-modified: Fri, 05 Aug 2022 12:05:01 GMT
etag: "17244f3a8b60a0f7b291f5621c873713"
age: 1014422
accept-ranges: bytes
content-md5: FyRPOotgoPeykfViHIc3Ew==
x-bce-content-crc32: 2236402188
x-bce-debug-id: To5Ii6e5ruq3XhnFvxFfNKk+aTuEv1Rs9BFz/CFUbJxN1IWDo5QCbV+8zPWS73WsgW1/9vgMJSUBunO3575huA==
x-bce-request-id: 8b1d7270-ba6a-4bb6-adc0-e264be29d524
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
timing-allow-origin: *
ohc-cache-hit: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache107 [2], czix231 [1]
ohc-file-size: 1626999
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1699c5abfd9272a44db61cc69303baab
70641957ca61680c80968ce1db5dfc262db2b3cb
fbacd64a07e14df62db8c8ada921acdae02e43aee72b8816a59df8a94cd2c361
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 02:27:02 GMT
Expires: Thu, 22 Sep 2022 02:27:01 GMT
Etag: "70641957ca61680c80968ce1db5dfc262db2b3cb"
Cache-Control: max-age=505304,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a29ef17b4e8-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1699c5abfd9272a44db61cc69303baab
70641957ca61680c80968ce1db5dfc262db2b3cb
fbacd64a07e14df62db8c8ada921acdae02e43aee72b8816a59df8a94cd2c361
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 02:27:02 GMT
Expires: Thu, 22 Sep 2022 02:27:01 GMT
Etag: "70641957ca61680c80968ce1db5dfc262db2b3cb"
Cache-Control: max-age=505304,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a29e8840af6-OSL
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6ce9d30013a442688a18ba31f9086049
e146f05c12bf09da3b38c99a5e353c3f82eb42e2
ff72e2632263ddaf0edc7866565207f2480b3560e58aecad6174eb3500664854
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FF72E2632263DDAF0EDC7866565207F2480B3560E58AECAD6174EB3500664854"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17659
Expires: Fri, 16 Sep 2022 10:49:35 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
kvtggg.top/33a2534502bc9c2579ad15dd25e2aa9b.gif
104.21.11.149200 OK 131 kB URL HTTP/2 kvtggg.top/33a2534502bc9c2579ad15dd25e2aa9b.gif
IP 104.21.11.149:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 131 kB (130646 bytes)
Hash b06df0296c314214f66b7394b816e857
42b3b58a9ce76640ed1d1818d86eacdf8f198ea6
cd5ec9e81351ee13d4dcdaaf10aa9153ee8b76d1ad0cbb4b8b77f825dc84b39b
GET /33a2534502bc9c2579ad15dd25e2aa9b.gif HTTP/1.1
Host: kvtggg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 130646
last-modified: Tue, 23 Aug 2022 07:51:10 GMT
etag: "630486ee-1fe56"
cache-control: max-age=5356800
cf-cache-status: HIT
age: 432239
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxpz43wOZLmlXKOva6EUDKxe0r2xqyvsSK69Cu3V%2FVKv1JNeeufLCUnPIVAr0BnptbYhG%2BjsB4nGj6hwThsp9SLlURhXI8IfoEb47MiwKUoczwLzuerkDGDYL6Ke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2cecaf0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvtaaa.top/da7e7260dc3844873f049acfe845be55.gif
172.67.173.230200 OK 51 kB URL HTTP/2 kvtaaa.top/da7e7260dc3844873f049acfe845be55.gif
IP 172.67.173.230:0
File type GIF image data, version 89a, 320 x 240\012- data
Hash 7a02a69b00eebfc2977f6d8417cf8141
2203e026eacda489b6e3aa673d5c14bb1526a6dd
e994a6c450acbc20fdca555a5a30d15af3af102f608bbd8a6a5bd295a1ee41ac
GET /da7e7260dc3844873f049acfe845be55.gif HTTP/1.1
Host: kvtaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 50826
last-modified: Thu, 19 May 2022 10:18:43 GMT
etag: "62861983-c68a"
expires: Sun, 16 Oct 2022 00:29:44 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 19532
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dxteYiuVxDknd2gMJBPnryj8EjZCfZqnZFQj4Wep0GY1GpSD3%2BZQ1PHCMKW9gubcmLf90WLFUzhrXXx7LkBZ3hFAcK7smIcO4pg335G%2FnzXhAQ%2FJ%2FdlgfPZQ2nR5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2d1f490b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
si1.go2yd.com/get-image/0yFXD8CGZ3X
58.254.180.65200 OK 136 kB URL HTTP/2 si1.go2yd.com/get-image/0yFXD8CGZ3X
IP 58.254.180.65:0
ASN #136958 China Unicom Guangdong IP network
File type GIF image data, version 89a, 715 x 285\012- data
Size 136 kB (136094 bytes)
Hash 4018d4de9ab786c9bac6f8e91d3a2a3d
de3d0928440398cd866c0a2b05dcb90dadc0dabd
d2ac74446e73066aa92b09b7f11e527bf2fe4762f0ee54f5ca8c7bbb3f41c772
GET /get-image/0yFXD8CGZ3X HTTP/1.1
Host: si1.go2yd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 136094
last-modified: Mon, 28 Feb 2022 08:11:46 GMT
etag: "4018d4de9ab786c9bac6f8e91d3a2a3d"
age: 1283802
accept-ranges: bytes
x-application-context: application
x-kss-request-id: fr0mst80h8oobs7449ib5nn0lloikvqe
content-md5: QBjU3pq3hsm6xvjpHToqPQ==
timing-allow-origin: *
ohc-cache-hit: gz3un56 [2], cangzuncache56 [4], qdix141 [2]
ohc-file-size: 136094
x-cache-status: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 238308ccbdac76796862b9b5c40ba5cf
b9ac2d8af92a56c98eceed94202979af88613d5b
23084dff0b45b2678bb00cfb08470b253660e91f3f6a3cba89f3439901337444
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "23084DFF0B45B2678BB00CFB08470B253660E91F3F6A3CBA89F3439901337444"
Last-Modified: Wed, 14 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14087
Expires: Fri, 16 Sep 2022 09:50:03 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 8ffcd953767bfc6fd30e5bd20c694db5
1843f9fa07a0b27763b1fb3cceb9eef9a45b5f42
825d9662d4aa6c6c04932b9c775fb555245d8b8f4031648720a551ac30617746
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 20 Sep 2022 04:17:57 GMT
ETag: "1843f9fa07a0b27763b1fb3cceb9eef9a45b5f42"
Last-Modified: Fri, 16 Sep 2022 04:17:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1780
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a2d8902b517-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1caae3d9e6efa91599ff2489d0ef4a91
3c93906e21e90fc48a40e0fc09826e97f73e840d
b627513c58b4fe4d6e36051c7778bed9915777c77a6555d43a8b4da24c6e7101
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:29:06 GMT
Expires: Thu, 22 Sep 2022 13:29:05 GMT
Etag: "3c93906e21e90fc48a40e0fc09826e97f73e840d"
Cache-Control: max-age=545028,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2d49b0b4e8-OSL
zuoai99hair.com/5PjuIvfVCWGRFo2.gif
23.225.156.173200 OK 329 kB URL HTTP/2 zuoai99hair.com/5PjuIvfVCWGRFo2.gif
IP 23.225.156.173:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 329 kB (329267 bytes)
Hash 49ebf3bc82347666356efeb3bc6a7483
784014e839be21ee824de540d9c7a15fc4c6711b
ec372c6fc71d06f5e34de830f7be053815e541c26e1d7e58d7b6330bd154bd5f
GET /5PjuIvfVCWGRFo2.gif HTTP/1.1
Host: zuoai99hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 21:48:57 GMT
content-type: image/gif
content-length: 329267
last-modified: Mon, 11 Jul 2022 20:32:43 GMT
etag: "62cc88eb-50633"
expires: Sat, 15 Oct 2022 21:48:57 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
kvtlll.top/f4cb54149631e5618019c8146bf7dedd.gif
172.67.185.29200 OK 176 kB URL HTTP/2 kvtlll.top/f4cb54149631e5618019c8146bf7dedd.gif
IP 172.67.185.29:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 176 kB (175575 bytes)
Hash b7b04b26678572261bb8321245139810
96a2cf7f889f7aae8e43dd85147aabce9526c3fb
b02c63bc3a9886a1bdaced151f89c18b80962b3a7799e22801f2b7150d5616c3
GET /f4cb54149631e5618019c8146bf7dedd.gif HTTP/1.1
Host: kvtlll.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 175575
last-modified: Sun, 21 Aug 2022 08:08:59 GMT
etag: "6301e81b-2add7"
expires: Wed, 12 Oct 2022 20:11:26 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 294230
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8oXchvVndn0KvS6e8HZh2mAMdByNvj8dlvs0RHMXudnVSKrrFLer%2Fr7rWC6RVJp877iDrgv3b3s1qUVYa7M2VBBomeZ8USgodSBiTgInOdSZBsVmypQFpz%2BREt68"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2d8edcb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8419826fdf5b6ccbeee8e8682359789a
fbdc72545e02705e5cb540b867523b454e2e78a7
2ad9c7f070d2c7dfba3f6ec2128550100959f45e047013c785595ffbcc9cb7a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AD9C7F070D2C7DFBA3F6EC2128550100959F45E047013C785595FFBCC9CB7A9"
Last-Modified: Wed, 14 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17062
Expires: Fri, 16 Sep 2022 10:39:38 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1caae3d9e6efa91599ff2489d0ef4a91
3c93906e21e90fc48a40e0fc09826e97f73e840d
b627513c58b4fe4d6e36051c7778bed9915777c77a6555d43a8b4da24c6e7101
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:29:06 GMT
Expires: Thu, 22 Sep 2022 13:29:05 GMT
Etag: "3c93906e21e90fc48a40e0fc09826e97f73e840d"
Cache-Control: max-age=545028,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2d880e0b51-OSL
p6.toutiaoimg.com/origin/pgc-image/9e94df98d1a94370bea235c60005efd4
58.218.65.115200 OK 126 kB URL HTTP/2 p6.toutiaoimg.com/origin/pgc-image/9e94df98d1a94370bea235c60005efd4
IP 58.218.65.115:0
File type GIF image data, version 89a, 500 x 280\012- data
Size 126 kB (125579 bytes)
Hash d16b3fb0b87bbc7f721edc7ac21d7779
dafa8cc779c04d1ededaec7798b2ea45031491bb
24e704ad1baa400d9b1d98285bcfd280d4f0617adf67de7e168155107266213a
GET /origin/pgc-image/9e94df98d1a94370bea235c60005efd4 HTTP/1.1
Host: p6.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 125579
server: nginx
date: Sat, 03 Sep 2022 13:08:06 GMT
last-modified: Sat, 03 Sep 2022 13:08:06 GMT
expires: Sun, 03 Sep 2023 13:08:06 GMT
age: 1097229
cache-control: max-age=31536000
accept-ranges: bytes
imagex-fmt: gif2gif
nw-session-id: 2022090321080601015816314649803A0Dhnzp802tt
nw-session-trace: 2022-09-03T21:08:06.647421102+08:00 36
x-bdcdn-cache-status: TCP_MISS
x-length: 125579
x-powered-by: ImageX
x-response-date: Sat, 03 Sep 2022 21:08:06 GMT
x-tt-logid: 2022090321080601015816314649803A0D
via: n150-056-012
x-request-ip: fdbd:dc02:22:591::146
x-tt-trace-tag: id=06;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: inner; dur=49
x-tt-trace-host: 016e0802e56ea5195f8702338099efd7df956cdf7f39e58b3d653c60c8e191c81197301784de99f59002262ba69d9954cecba618ac8e121bc95d606ddcfdd288514db10e2253d58e3d9f48a9032aa78442dd810b7287305714114c4dc5d2da6558a79362a9d2077150eb214f0d52f0b5b6
x-response-lb: image
x-link-via: xzct11:443;qzmp11:443;
x-cache-status: HIT from KS-CLOUD-QZ-MP-11-06, HIT from KS-CLOUD-XZ-CT-11-11
timing-allow-origin: *
access-control-allow-origin: *
x-cdn-request-id: e43885d180831ddcdfc4af56402a254c
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 3b95292903716263e33fd31c3aabb037
62eb193b11c53109d97fa1ed8faede0a91e34b46
b65a0499df5ec689cd5114335290256e5952a91f047f0c197ca6a96fc198740a
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 20 Sep 2022 03:57:43 GMT
ETag: "62eb193b11c53109d97fa1ed8faede0a91e34b46"
Last-Modified: Fri, 16 Sep 2022 03:57:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 714
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b75a2df996b517-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f69fc417fb9782253b64a34bf07f9e28
6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d
299ffebf8687930b0b6ee951fa2e543ca92cbf07f9848376cc626c276cde1034
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 20:44:27 GMT
Expires: Tue, 20 Sep 2022 20:44:26 GMT
Etag: "6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d"
Cache-Control: max-age=398349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2df86e0b51-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f69fc417fb9782253b64a34bf07f9e28
6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d
299ffebf8687930b0b6ee951fa2e543ca92cbf07f9848376cc626c276cde1034
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 20:44:27 GMT
Expires: Tue, 20 Sep 2022 20:44:26 GMT
Etag: "6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d"
Cache-Control: max-age=398349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2e0d8f0b4d-OSL
image.qkf7jq3b.space/xqspkbF1.gif
104.21.8.148200 OK 87 kB URL HTTP/2 image.qkf7jq3b.space/xqspkbF1.gif
IP 104.21.8.148:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash eea9c07d3e1805cd7511d627503e3fe9
9846985abc8349180a91d9c55e766af9290f5a31
ce9e39994e5a86a7d908208e6dddb31a8ea84caba70926d183ecda5816981ce8
GET /xqspkbF1.gif HTTP/1.1
Host: image.qkf7jq3b.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 86810
last-modified: Mon, 14 Feb 2022 14:17:38 GMT
etag: "620a6482-1531a"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,DELETE
access-control-allow-header: Content-Type,*
cache-control: max-age=432000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lRrHc8CmNvCthzln1w4MzZCGa0xSHFEug8fQaEbkN3urgJzXHMzvfWNJBBZUclDWc8aL8suvwlZQLT5FeCca2N%2FsohuT9rIJ3UD3mf86CxkjgtSCqlihuuxWKbWWs8w7Q3OgDOHdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a278b61b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash bacdd46b5d3c90e0b728c1a8c14687c4
000bbb80c2d44d6e604214cd5a5869a604eb961c
cd67d5ea59fb4b4cd9d9d830f25751b0a5a69861c959279ce0f15e2baa097963
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1999
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:16 GMT
Last-Modified: Fri, 16 Sep 2022 05:21:57 GMT
Server: ECS (amb/6B8E)
X-Cache: HIT
Content-Length: 727
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6ce9d30013a442688a18ba31f9086049
e146f05c12bf09da3b38c99a5e353c3f82eb42e2
ff72e2632263ddaf0edc7866565207f2480b3560e58aecad6174eb3500664854
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FF72E2632263DDAF0EDC7866565207F2480B3560E58AECAD6174EB3500664854"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17659
Expires: Fri, 16 Sep 2022 10:49:35 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e25daa01cbe791e989404d32e75df163
54cedafd1b785e446ee76991beea642c7e2c1512
7df863ea52a4d8ec55658e57747a3a0ed35dc9d2814f3c52ab75fbae82bc68f2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7DF863EA52A4D8EC55658E57747A3A0ED35DC9D2814F3C52AB75FBAE82BC68F2"
Last-Modified: Fri, 16 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Fri, 16 Sep 2022 11:54:41 GMT
Date: Fri, 16 Sep 2022 05:55:16 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f69fc417fb9782253b64a34bf07f9e28
6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d
299ffebf8687930b0b6ee951fa2e543ca92cbf07f9848376cc626c276cde1034
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 20:44:27 GMT
Expires: Tue, 20 Sep 2022 20:44:26 GMT
Etag: "6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d"
Cache-Control: max-age=398349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2d8b030af6-OSL
kvhjjj.top/ca302b14c051bf41d75347daaf6e7ab3.gif
104.21.234.217200 OK 199 kB URL HTTP/2 kvhjjj.top/ca302b14c051bf41d75347daaf6e7ab3.gif
IP 104.21.234.217:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 199 kB (198998 bytes)
Hash 9055b16bfddceb4d71a64601d99cc1fe
08f43efa14ead275ed58613dfe4715982679fe30
9f39213220495f96b8fbef7974ce8cef0eeaffeb6416328de8f7469254aab886
GET /ca302b14c051bf41d75347daaf6e7ab3.gif HTTP/1.1
Host: kvhjjj.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tadeng.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 198998
last-modified: Sat, 16 Apr 2022 08:19:50 GMT
etag: "625a7c26-30956"
expires: Thu, 13 Oct 2022 01:14:00 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 276076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wFm%2FFmcJflLValp%2BUDkwz9FcUAAW8s36VvS%2Fpu5ZFu41diA33MJnjwp1x0jl8b9%2FKZtcsNMomV4I3Me8msecXruTz032LBbRa2n7boWxplOR4oQvBRurbk2LX9h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b75a2e89118892-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f69fc417fb9782253b64a34bf07f9e28
6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d
299ffebf8687930b0b6ee951fa2e543ca92cbf07f9848376cc626c276cde1034
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 20:44:27 GMT
Expires: Tue, 20 Sep 2022 20:44:26 GMT
Etag: "6fd8d971b6565e2f6fd93f0cd79cd718fcb8ff6d"
Cache-Control: max-age=398349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a2dca0fb4e8-OSL
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash bacdd46b5d3c90e0b728c1a8c14687c4
000bbb80c2d44d6e604214cd5a5869a604eb961c
cd67d5ea59fb4b4cd9d9d830f25751b0a5a69861c959279ce0f15e2baa097963
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 05:55:16 GMT
Server: ECS (amb/6B8F)
Content-Length: 727
p6.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/5803a528874d4077a6eda7e3e10328cf~noop.image
58.218.65.115200 OK 139 kB URL HTTP/2 p6.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/5803a528874d4077a6eda7e3e10328cf~noop.image
IP 58.218.65.115:0
File type GIF image data, version 89a, 640 x 200\012- data
Size 139 kB (138656 bytes)
Hash e071094c2c2de9c1e4eb241e2bd8620e
dfac1de5f2acb3d1eae2dbbd1680f9bb16d8bc15
4f584a4cded239033b43e3507dd70505857d31b894fa38b5e6b58a7dc47d0807
GET /img/tos-cn-i-siecs4i2o7/5803a528874d4077a6eda7e3e10328cf~noop.image HTTP/1.1
Host: p6.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 138656
server: nginx
date: Thu, 01 Sep 2022 15:30:05 GMT
last-modified: Thu, 01 Sep 2022 15:30:05 GMT
expires: Fri, 01 Sep 2023 15:30:05 GMT
age: 1261511
cache-control: max-age=31536000
accept-ranges: bytes
imagex-fmt: gif2gif
nw-session-id: 202209012330050101381722022AAFD12342qx601tt
nw-session-trace: 2022-09-01T23:30:05.541791069+08:00 48
x-bdcdn-cache-status: TCP_HIT
x-length: 138656
x-powered-by: ImageX
x-response-date: Thu, 01 Sep 2022 23:30:05 GMT
x-tt-logid: 202209012330050101381722022AAFD123
via: n150-051-207
x-request-ip: fdbd:dc02:22:591::146
x-tt-trace-tag: id=06;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: inner; dur=5
x-tt-trace-host: 01130dacbecdc0c9fe64d34d8a09be8aa164b2a8881abf160ffeb94655d19c1822b93b672b2db62649680c5c77f029b90836075626ddad9595b36b1e8557ede333283d062a9f80b7d5acb3510c16945f4193a9d01ae48955cc1903bc30a893a748ccdc6402d8ebfaa8907cad61da6f44c1
x-response-lb: image
x-link-via: xzct11:443;zaozmp22:443;
x-cache-status: HIT from KS-CLOUD-ZAOZ-MP-22-10, HIT from KS-CLOUD-XZ-CT-11-04
timing-allow-origin: *
access-control-allow-origin: *
x-cdn-request-id: 4c7f5c4300752dd1549539b335ff7555
X-Firefox-Spdy: h2
gbt.bieqpf.cn/j/154626
203.107.60.95200 OK 6.1 kB IP 203.107.60.95:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (1107)
Hash 146c72a7fdf191dd93ec94d66153c4a3
602e023d6b6b9e7986bbcab59374be182579f548
4575246f2ac4540594cf990c923a537f8558a504a2f7a4e5572b63ba2c28475b
GET /j/154626 HTTP/1.1
Host: gbt.bieqpf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: aliyungf_tc=469cad2154d5738191821b51643118d5c69f87d1319d43777b019e325c52a84e; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
Vary: Accept-Encoding
p6.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/87523f5198b643cfbe132470a2b721c7~noop.image
58.218.65.115200 OK 30 kB URL HTTP/2 p6.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/87523f5198b643cfbe132470a2b721c7~noop.image
IP 58.218.65.115:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash e478d4eee8d5ba8d9fe17767aaa980ce
3efb4d1eb669f7c98ce5ea16716065e239a9c8be
e14b1ba21dfcf537e2de423cd0400133c681f2ad8302486f259b5c5f31cb451c
GET /img/tos-cn-i-siecs4i2o7/87523f5198b643cfbe132470a2b721c7~noop.image HTTP/1.1
Host: p6.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 30429
server: nginx
date: Sat, 15 Jan 2022 08:07:40 GMT
last-modified: Sat, 15 Jan 2022 08:07:39 GMT
expires: Sun, 15 Jan 2023 08:07:40 GMT
age: 21073655
cache-control: max-age=31536000
accept-ranges: bytes
imagex-fmt: gif2gif
nw-session-id: 2022011516073901013516016738CFA9D3fkwrv01tt
nw-session-trace: 2022-01-15T16:07:39.826080534+08:00 90
x-bdcdn-cache-status: TCP_HIT
x-length: 30429
x-powered-by: ImageX
x-response-date: Sat, 15 Jan 2022 16:07:39 GMT
x-tt-logid: 2022011516073901013516016738CFA9D3
server-timing: inner; dur=3
x-tt-trace-host: 01c7646ee998c215a2bc26d0dfbfb08f0609a1a11713baa1cd886ef5026150feb218e3a2bc65ad66bdc3e20a0ef81c74977afa028edb28823d12de624dcc9d92f9fefd47a4127c6e94edc07e23b6909519b5e58f71d5603dc1091425fb92259ab031da6736ed3a1c6674f0b3948e9e09f9
x-tt-trace-tag: id=06;cdn-cache=hit;type=static
x-response-lb: image
x-response-cache: edge_hit
x-link-via: xzct11:443;yancmp01:443;
x-cache-status: HIT from KS-CLOUD-YANC-MP-01-18, HIT from KS-CLOUD-XZ-CT-11-17
timing-allow-origin: *
access-control-allow-origin: *
x-response-cinfo: 91.90.42.154
x-cdn-request-id: 17dac7eb0260a62bfe2df3a99b155d6c
X-Firefox-Spdy: h2
gbt.bieqpf.cn/j/154627
203.107.60.95200 OK 6.0 kB IP 203.107.60.95:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (1107)
Hash 7ccdb78798aaa8decc59a2c9d9d22b2e
3d2a718068250db0dbf896f7d0ccc62b44c533a7
435aa63c91fd041cbb69ccb1e3fadbefafab28fdb42ee2ed1256d274e03fbee9
GET /j/154627 HTTP/1.1
Host: gbt.bieqpf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: aliyungf_tc=39a2b867cab68634806c1a2da8bf6df5f80daba2d78206524a87671e99df9069; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
Vary: Accept-Encoding
i.6v6.work/v/?uid=387913
23.225.199.165200 OK 23 B IP 23.225.199.165:0
File type Unicode text, UTF-8 text, with no line terminators
Hash 7ef3933d0347a8eb9b3dbf6f4b035b78
772121927ca42ae6345bcfc9eea8a0a3dcefc369
1645ef4e05613302e213e91b4ef584695a22391778e12d0dff49b0fdbd0208da
GET /v/?uid=387913 HTTP/1.1
Host: i.6v6.work
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tadeng.top/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 05:55:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash ba48eb112568a5551e4b45fb0baa17bd
78ca4406d2baf4c5529c00e7cbe4b6545df9d10f
865e7d091eb77c77f5bb5c9223b456a88b8a23a131e6d999f02dc167d1816904
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: b94b6c2c7d7a72e3e222f58e16eb1d8a
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:16 GMT
Etag: 1d06d774df968da480029922e5d8c70a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=52E219CB772ADF2A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
dl66d.com/960x240.gif
104.233.158.19200 OK 1.0 MB IP 104.233.158.19:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 1.0 MB (1006638 bytes)
Hash 596de8a014be675387da11ffa70b9a16
64062cb848260d8ab39caa39fb2e85a589bd55e0
bc402bdad0ec3f8b141ab68fc274e9af649183d400855b91942c6666b5a32ea2
GET /960x240.gif HTTP/1.1
Host: dl66d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: image/gif
Content-Length: 1006638
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 08:05:18 GMT
ETag: "6319a23e-f5c2e"
Expires: Sat, 08 Oct 2022 08:56:35 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
img.shifangshike.com/gif01.gif
154.84.8.42200 OK 78 kB URL HTTP/1.1 img.shifangshike.com/gif01.gif
IP 154.84.8.42:0
File type GIF image data, version 89a, 120 x 120\012- data
Hash 7c25e496c11f12a49f7a5d373264575a
6117db0da31d8fd961f07d3598dde38cb9d2c783
1d79dd53c781705c7f3022f6fcb1405c4aa8c7fb15b40dcdfad1bb4a3cb91cd0
GET /gif01.gif HTTP/1.1
Host: img.shifangshike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: image/gif
Content-Length: 78256
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 14:18:54 GMT
ETag: "630784ce-131b0"
Expires: Wed, 28 Sep 2022 02:59:46 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
fsadcx1.com/tututu/yue.gif
23.225.3.254200 OK 4.0 MB URL HTTP/2 fsadcx1.com/tututu/yue.gif
IP 23.225.3.254:0
File type GIF image data, version 89a, 540 x 260\012- data
Size 4.0 MB (3960978 bytes)
Hash d8cb43dc553102ce0f6f051f33c1e801
2129e8cc2a17aed95bf77d70074cd779125f88ae
21e3ff28623e466cb2d36e805b1f47a83292022a9e98266a05960b62e95b67e0
GET /tututu/yue.gif HTTP/1.1
Host: fsadcx1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 3960978
last-modified: Thu, 29 Jul 2021 12:00:20 GMT
etag: "61029854-3c7092"
expires: Sun, 16 Oct 2022 05:55:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
89958716765.com/431be6a9bcba4016a2cad3e45223a257.gif
45.61.212.128200 OK 738 kB URL HTTP/1.1 89958716765.com/431be6a9bcba4016a2cad3e45223a257.gif
IP 45.61.212.128:0
File type GIF image data, version 89a, 960 x 70\012- data
Size 738 kB (738093 bytes)
Hash 815aa9168c0fd6457bb1e9ad28facade
49d4732b828ede8a6b9cd54fbe68d8e93c32978d
f60cde1fae6462e33e470d8e7f56cac5e0840a1968915414c5a3cd384e3fa087
GET /431be6a9bcba4016a2cad3e45223a257.gif HTTP/1.1
Host: 89958716765.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63186a49-b432d"
Date: Thu, 08 Sep 2022 04:48:42 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 07 Sep 2022 09:54:17 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us2-cdnb-28
Content-Length: 738093
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e195391f2c2884b47a2c8395806df7f4
2eb15088d98c717fdf2dfb341b5b5ff722937cca
2db84d55a98cf4e44a5aaa1cc0167ae696cbc5a50a51da68d4ab2513c0710dba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 14:19:12 GMT
Expires: Wed, 21 Sep 2022 14:19:11 GMT
Etag: "2eb15088d98c717fdf2dfb341b5b5ff722937cca"
Cache-Control: max-age=461633,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a343d810b51-OSL
u0081.com/d342bd54a81541769301ba6c8b5112ad.gif
20.205.44.42200 OK 453 kB URL HTTP/1.1 u0081.com/d342bd54a81541769301ba6c8b5112ad.gif
IP 20.205.44.42:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 980 x 100\012- data
Size 453 kB (452872 bytes)
Hash 5ee8533bfa5310b195d92f0f6909a4da
77f0e26ae5e9cb65e2a8fdd28fa8da94e145609c
474574fdc742b1b43684103e941713f2990821d3e10318dc8357332be37f9fbc
GET /d342bd54a81541769301ba6c8b5112ad.gif HTTP/1.1
Host: u0081.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 06 Sep 2022 09:11:20 GMT
ETag: W/"63170eb8-97874"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 2b0eade0610acea3cd4a7f0ca5f1467b
219130ee0ae759c1a7f6bc0e45c188e4fe786d2d
68655f25f341d67bcf9f53e1dcdd558d64f2e727b999b7111b17d233cee5580a
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 1d06d774df968da480029922e5d8c70a
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:17 GMT
Etag: 84f4935ad6d06e0db35444cc377be967
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4E2059053B1C8CCE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
120.52.95.235200 OK 678 kB URL HTTP/2 p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
IP 120.52.95.235:0
ASN #133119 China Unicom IP network
File type GIF image data, version 89a, 270 x 160\012- data
Size 678 kB (677521 bytes)
Hash 94051cb1d1b77200b4462281a864b96e
e5b468a1b2f4bbdda1b6a3a0df2dcce6b3de7e06
d44d0d2dd188024b60ec38cb3f3ea10c080690175e923f90c9c2a2e862670c84
GET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 05:55:17 GMT
content-type: image/gif
content-length: 677521
server: openresty
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
server-timing: cdn-cache;desc=HIT, edge;dur=4
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
via: CHN-HElangfang-AREACUCC1-CACHE57[4],CHN-HElangfang-AREACUCC1-CACHE35[0,TCP_HIT,3],CHN-TJ-GLOBAL1-CACHE60[39],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,36]
x-hcs-proxy-type: 1
x-ccdn-cachettl: 31536000
nginx-hit: 1
cache-control: max-age=31536000
age: 7179372
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 85798ffec5045e2e2b3d0bb3a242e856
1c3fb043b39e4bcacc109616d5bbf15b66d4e3e6
bffe8cd7942326e91fe0ef097248075026561b0fc2291bf3e344c3250f981d4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 21:34:28 GMT
Expires: Thu, 22 Sep 2022 21:34:27 GMT
Etag: "1c3fb043b39e4bcacc109616d5bbf15b66d4e3e6"
Cache-Control: max-age=574148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a37683d0b51-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7893809af73b936e8046fe29b5fd2a12
0d65e6dcae1c58c401bbc25cd240116f7529ee80
e6fabd5893aeb9fa0f36302ce1f0001278765bf10056ce0487aae35eae91b2c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6FABD5893AEB9FA0F36302CE1F0001278765BF10056CE0487AAE35EAE91B2C2"
Last-Modified: Fri, 16 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 16 Sep 2022 11:55:18 GMT
Date: Fri, 16 Sep 2022 05:55:18 GMT
Connection: keep-alive
aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif
47.75.19.167200 OK 463 kB URL HTTP/1.1 aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com/7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif
IP 47.75.19.167:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 304 x 304\012- data
Size 463 kB (463098 bytes)
Hash 7daa17e173a4c65df1ec1b23879a2d31
57565f705f9bd44e3cdb9d34c521afa795c54bfa
0a97201d67942d5d2c0fb696207560e3e04597593c2ca9e9ccc655aeabf69083
GET /7d/aa17e173a4c65df1ec1b23879a2d31.gif?attname=571.gif HTTP/1.1
Host: aliyun-static-bucket.oss-cn-hongkong.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 16 Sep 2022 05:55:16 GMT
Content-Type: image/gif
Content-Length: 463098
Connection: keep-alive
x-oss-request-id: 63240FC4DD75B7333115848F
Accept-Ranges: bytes
ETag: "7DAA17E173A4C65DF1EC1B23879A2D31"
Last-Modified: Fri, 13 May 2022 15:18:43 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 235009922681292474
x-oss-storage-class: Standard
Content-Disposition: inline;filename=571.gif
Content-MD5: faoX4XOkxl3x7Bsjh5otMQ==
x-oss-server-time: 2
kmr.mjnbrt.xyz/mnrt/kmrr.png
23.224.92.245200 OK 85 kB URL HTTP/1.1 kmr.mjnbrt.xyz/mnrt/kmrr.png
IP 23.224.92.245:0
File type PNG image data, 2084 x 2084, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c80359bedd35432aea1539a1edcd122
62b0eb9a7eef9b048ab55e3e8d8486a43d5ef8db
74df8ccb6d42d5ee40aaffccd0246978eca881c260c8505afb9f71f85fe17ee2
GET /mnrt/kmrr.png HTTP/1.1
Host: kmr.mjnbrt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: image/png
Content-Length: 84560
Last-Modified: Wed, 14 Sep 2022 16:54:01 GMT
Connection: keep-alive
ETag: "63220729-14a50"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a3c8e4f9c20a9a6d49baf55001cebadb
4ff31c8a7a696def16fd342306354bb8e6a60eb6
f17efaabb03671cdfebfbb5a068104e53c4b889f13670c47f317808588dfc7a3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 05:17:03 GMT
Expires: Wed, 21 Sep 2022 05:17:02 GMT
Etag: "4ff31c8a7a696def16fd342306354bb8e6a60eb6"
Cache-Control: max-age=429103,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a375b4bb4e8-OSL
kmr.mjnbrt.xyz/kmnbhevhfjrtetd/d.gif
23.224.92.245200 OK 91 kB URL HTTP/1.1 kmr.mjnbrt.xyz/kmnbhevhfjrtetd/d.gif
IP 23.224.92.245:0
File type GIF image data, version 89a, 600 x 200\012- data
Hash f32acea08cf381eb422e9fd2437bb611
57f4855043f3cb3a1e3fb80a7644ff460aac09da
6c4ff7aff5ad6cd0e5acdf8d65fcf77205e15f3fd539d5887b2164356e4a6d45
GET /kmnbhevhfjrtetd/d.gif HTTP/1.1
Host: kmr.mjnbrt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: image/gif
Content-Length: 90993
Last-Modified: Tue, 13 Sep 2022 02:11:34 GMT
Connection: keep-alive
ETag: "631fe6d6-16371"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
kmr.mjnbrt.xyz/hyjoilbsegcv/i.gif
23.224.92.245200 OK 120 kB URL HTTP/1.1 kmr.mjnbrt.xyz/hyjoilbsegcv/i.gif
IP 23.224.92.245:0
File type GIF image data, version 89a, 600 x 200\012- data
Size 120 kB (120212 bytes)
Hash cfcb93f9b3de9649f059fb52d2af126b
7ef9810a2044434a3fd2beec5d46ccfbf130d861
aecca070d9dbc76498c2cf867f53ff7f03894b6726b7fa048ba48285bcf6e57a
GET /hyjoilbsegcv/i.gif HTTP/1.1
Host: kmr.mjnbrt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: image/gif
Content-Length: 120212
Last-Modified: Tue, 13 Sep 2022 02:11:45 GMT
Connection: keep-alive
ETag: "631fe6e1-1d594"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a3c8e4f9c20a9a6d49baf55001cebadb
4ff31c8a7a696def16fd342306354bb8e6a60eb6
f17efaabb03671cdfebfbb5a068104e53c4b889f13670c47f317808588dfc7a3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 05:17:03 GMT
Expires: Wed, 21 Sep 2022 05:17:02 GMT
Etag: "4ff31c8a7a696def16fd342306354bb8e6a60eb6"
Cache-Control: max-age=429103,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b75a389af70af6-OSL
erg.ihclam.cn/effect.php?type=ecv&planid=29933&adsid=5961151&zoneid=154626&uid=11111&adtplid=1001&plantype=cpv
203.107.60.95200 OK 20 B URL HTTP/1.1 erg.ihclam.cn/effect.php?type=ecv&planid=29933&adsid=5961151&zoneid=154626&uid=11111&adtplid=1001&plantype=cpv
IP 203.107.60.95:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /effect.php?type=ecv&planid=29933&adsid=5961151&zoneid=154626&uid=11111&adtplid=1001&plantype=cpv HTTP/1.1
Host: erg.ihclam.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
hnl.ijgocb.cn/c.php?s=JnpvbmVpZD0xNTQ2MjYmc2l0ZWlkPSZ1aWQ9MTExMTEmYWRzaWQ9NTk2MTE1MSZwbGFuaWQ9Mjk5MzMmcGxhbnR5cGU9Y3B2JnVybD1odHRwcyUzQSUyRiUyRmF0LmVvbGFlbC5jb20lM0ZjaGFubmVsJTNEUkVEUUQwMSZ2dGltZT0yMDIyLTA5LTE2IDEzOjU1OjE3JmlwPTkxLjkwLjQyLjE1NA==;d468d94c5f6cf7a7751b109a7ffacc67;&srccpv=yes&jm=1&b=0;0&g=0;0&p=cj1odHRwJTNBJTJGJTJGd3d3LmFibGVoYWlyLmNvbSUyRiZ4PTE7OzUwNDUyNjE0OTtMaW51eCB4ODZfNjQ7OzsxNjsyNCZrPSZzZT0yJmY9MCZ1PWh0dHAlM0ElMkYlMkZ0YWRlbmcudG9wJTJGJmo9MCZwPTAmbT0wJnJlcz0xMjgweDEwMjQmdD0lRTYlQjMlQTElRTYlQjMlQTElRTUlQkQlQjElRTglQTclODYlM0FQYW9QYW9ZaW5nU2hpLnh5eiZsPWVuLVVTJmM9MCZoPTkyNw==
203.107.60.95200 OK 20 B URL HTTP/1.1 hnl.ijgocb.cn/c.php?s=JnpvbmVpZD0xNTQ2MjYmc2l0ZWlkPSZ1aWQ9MTExMTEmYWRzaWQ9NTk2MTE1MSZwbGFuaWQ9Mjk5MzMmcGxhbnR5cGU9Y3B2JnVybD1odHRwcyUzQSUyRiUyRmF0LmVvbGFlbC5jb20lM0ZjaGFubmVsJTNEUkVEUUQwMSZ2dGltZT0yMDIyLTA5LTE2IDEzOjU1OjE3JmlwPTkxLjkwLjQyLjE1NA==;d468d94c5f6cf7a7751b109a7ffacc67;&srccpv=yes&jm=1&b=0;0&g=0;0&p=cj1odHRwJTNBJTJGJTJGd3d3LmFibGVoYWlyLmNvbSUyRiZ4PTE7OzUwNDUyNjE0OTtMaW51eCB4ODZfNjQ7OzsxNjsyNCZrPSZzZT0yJmY9MCZ1PWh0dHAlM0ElMkYlMkZ0YWRlbmcudG9wJTJGJmo9MCZwPTAmbT0wJnJlcz0xMjgweDEwMjQmdD0lRTYlQjMlQTElRTYlQjMlQTElRTUlQkQlQjElRTglQTclODYlM0FQYW9QYW9ZaW5nU2hpLnh5eiZsPWVuLVVTJmM9MCZoPTkyNw==
IP 203.107.60.95:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /c.php?s=JnpvbmVpZD0xNTQ2MjYmc2l0ZWlkPSZ1aWQ9MTExMTEmYWRzaWQ9NTk2MTE1MSZwbGFuaWQ9Mjk5MzMmcGxhbnR5cGU9Y3B2JnVybD1odHRwcyUzQSUyRiUyRmF0LmVvbGFlbC5jb20lM0ZjaGFubmVsJTNEUkVEUUQwMSZ2dGltZT0yMDIyLTA5LTE2IDEzOjU1OjE3JmlwPTkxLjkwLjQyLjE1NA==;d468d94c5f6cf7a7751b109a7ffacc67;&srccpv=yes&jm=1&b=0;0&g=0;0&p=cj1odHRwJTNBJTJGJTJGd3d3LmFibGVoYWlyLmNvbSUyRiZ4PTE7OzUwNDUyNjE0OTtMaW51eCB4ODZfNjQ7OzsxNjsyNCZrPSZzZT0yJmY9MCZ1PWh0dHAlM0ElMkYlMkZ0YWRlbmcudG9wJTJGJmo9MCZwPTAmbT0wJnJlcz0xMjgweDEwMjQmdD0lRTYlQjMlQTElRTYlQjMlQTElRTUlQkQlQjElRTglQTclODYlM0FQYW9QYW9ZaW5nU2hpLnh5eiZsPWVuLVVTJmM9MCZoPTkyNw== HTTP/1.1
Host: hnl.ijgocb.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 05:55:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,GET,OPTIONS
Set-Cookie: aliyungf_tc=60582e06bacfb0e730437e6d4475356b4d77603c0b774397350967411a9365aa; Path=/; HttpOnly
region=%E6%8C%AA%E5%A8%81%2F%2F%E5%85%B6%E5%AE%83; expires=Wed, 15-Mar-2023 05:55:18 GMT; Max-Age=15552000; path=/
visitnum=1; expires=Fri, 23-Sep-2022 05:55:18 GMT; Max-Age=604800; path=/
11111_29933=re; expires=Fri, 16-Sep-2022 10:55:18 GMT; Max-Age=18000; path=/
do2click_29933=5961151%7C29933%7C11111%7C154626%7C; expires=Fri, 16-Sep-2022 08:55:18 GMT; Max-Age=10800; path=/
doEffect_29933=5961151%7C29933%7C11111%7C154626%7C; expires=Fri, 23-Sep-2022 05:55:18 GMT; Max-Age=604800; path=/
P3P: CP="Powered by Www.Zyiis.Com 2005-2016"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e60c1c9f58846acc98f6a3c66dd81576
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 5e92f890bd4a98b7e4f092ca07d8aba9
d805882aa764a9446185dc393b4278da01c4a137
4fc8a994fb0d1d9bab5e35dd54812c2f789c73e4a0ccb0b593f978acd5ef11f1
GET /hm.js?e60c1c9f58846acc98f6a3c66dd81576 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 84f4935ad6d06e0db35444cc377be967
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 16 Sep 2022 05:55:18 GMT
Etag: 3a6ef78e1b850e8b0bf54ad8cb46d51c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=46DB7A1FA62C989F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
43.154.254.32200 OK 1.4 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.4 MB (1362871 bytes)
Hash b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tadeng.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 16 Sep 2022 05:55:16 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 653 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: 4333ffe8-6e4b-4659-8582-d08697000f43
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: 2beedee9-cf7e-47d6-ac4d-3ca9251aa565
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfSWEFAZoAMFd6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322ca8d-37688e4a23c3234a25becf57;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 06:47:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: H2ySDtSQZtsrCA99y1a2_fLQcRI8hvN_nvA9U_V_iCm6c3cq3DigXQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:11:59 GMT
age: 27800
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2