r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18525
Expires: Wed, 08 Feb 2023 10:51:31 GMT
Date: Wed, 08 Feb 2023 05:42:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7558
Expires: Wed, 08 Feb 2023 07:48:44 GMT
Date: Wed, 08 Feb 2023 05:42:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 05:36:36 GMT
content-type: application/json
age: 370
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15250
Expires: Wed, 08 Feb 2023 09:56:56 GMT
Date: Wed, 08 Feb 2023 05:42:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ouIDvYOg21vI21G99jVIQl006S/5UJIQQo7h+nsnjvVjWjI0gxpQc4tUw6BAXilLm0XxcRIeiyE=
x-amz-request-id: FEJ4126R4T7G4KJF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 05:35:49 GMT
age: 417
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
156.238.68.165301 Moved Permanently 0 B URL HTTP/1.1 zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
IP 156.238.68.165:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /555d6702c950ecb729a966504af0a635/signin.php HTTP/1.1
Host: zq-wd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 Feb 2023 05:42:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 05:42:46 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 04:51:20 GMT
age: 3087
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2522
Expires: Wed, 08 Feb 2023 06:24:49 GMT
Date: Wed, 08 Feb 2023 05:42:47 GMT
Connection: keep-alive
www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
156.238.68.165200 OK 560 B URL HTTP/1.1 www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
IP 156.238.68.165:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (619), with CRLF line terminators
Hash 17f62b5d326f600337fd338d4ecd5b5d
30b91520d41a806825ec1fe3493c63a0149dee2f
bdd9c55293200c3d12663bcd74085a795cc91c413ce7ce8325180788858af3f9
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /555d6702c950ecb729a966504af0a635/signin.php HTTP/1.1
Host: www.zq-wd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6YECxRg59qcKbPobk+7//g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P1o9SBZ4A01ZOuqnhg3BDMH8WSY=
www.zq-wd.com/common.js
156.238.68.165200 OK 635 B IP 156.238.68.165:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, ASCII text, with very long lines (1224), with no line terminators
Hash 7737b5c7d6c47b6b5f235c6a64c5c2da
ebbd3c2fe9326f70c72a4c36740ec4bc495fad8f
8890cc42fd4825ff6d84a06395fc8cda2e2849851addc8ad663df5cf4d28c1fa
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /common.js HTTP/1.1
Host: www.zq-wd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:47 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.zq-wd.com/tj.js
156.238.68.165200 OK 258 B IP 156.238.68.165:0
ASN #134548 DXTL Tseung Kwan O Service
File type ASCII text, with CRLF line terminators
Hash 0b01414627e5a670e29050307b0a847e
c4f096ab1c89fb2d66b0a78dc73d777f46b429a3
3ebbe6fcb74b73eee5550e1fe116cd5b6fbb0d6962eee1f7c5db5795bca574e2
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /tj.js HTTP/1.1
Host: www.zq-wd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:47 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.zq-wd.com/favicon.ico
156.238.68.165200 OK 1.2 kB URL HTTP/1.1 www.zq-wd.com/favicon.ico
IP 156.238.68.165:0
ASN #134548 DXTL Tseung Kwan O Service
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.zq-wd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.zq-wd.com/555d6702c950ecb729a966504af0a635/signin.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:48 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Mon, 13 Feb 2023 05:42:48 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14282
Expires: Wed, 08 Feb 2023 09:40:50 GMT
Date: Wed, 08 Feb 2023 05:42:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14282
Expires: Wed, 08 Feb 2023 09:40:50 GMT
Date: Wed, 08 Feb 2023 05:42:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14282
Expires: Wed, 08 Feb 2023 09:40:50 GMT
Date: Wed, 08 Feb 2023 05:42:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14282
Expires: Wed, 08 Feb 2023 09:40:50 GMT
Date: Wed, 08 Feb 2023 05:42:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mgfr5wO7Bj5BVjKYY7O0c4ogLognfq09QrA9khZROr2CVyOWgKTz1g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:53:56 GMT
age: 28132
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q5tAmSUsPHlKjkJSksZpvVrOAsduYKg0uuTlc03yvuhtO1BUKlHyuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 08:21:04 GMT
age: 76904
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xU_uVO78ZQRKon3Cz-fVcHJuPEMMgzDsVuY8BXoKL6ntJwkl-SLeQA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 28845
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d2eccb9280b851aa1725df5681f6bbd
b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5
c64ece16f4c550feb05db1bccbf74b49d839e77fea31893d48a3f0c267939c92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10328
x-amzn-requestid: 0b0b3fcd-416c-47ac-afa0-51be0ab85665
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPlGGqoAMFxYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c596-219ee5023d71e4ce17d49233;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1uPNh-FvA8oI5ZuruNle0ATMPSsyl-_ZjLrUnPQJrogPVREc8wrHMQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:12:09 GMT
etag: "b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5"
content-type: image/jpeg
age: 27039
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be9f475292d4b5b0502d4381ccdf455b
ecb943b48c822b086ea699d802f8f1bb5ee26651
ed22a5102709dc7a067107a6c0cde26931f7781065de9cee49e22de6b9086e31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8703
x-amzn-requestid: 6456aa7d-11f7-4066-a833-9ac5312c0c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7JGLTIAMFqdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c513-0679a75676cdc19251c81bdd;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DLVp9hiUjE2w5BiukFfUMALWxvcobbJcJRO-7CdXj3cy6rAdFhPRFQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:44:01 GMT
age: 28727
etag: "ecb943b48c822b086ea699d802f8f1bb5ee26651"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xc32O6lBfn7jYg9I3VlZ5FnR9YpJtU3DbYD_ozsf_-R_Ih1-2e1-CQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:10 GMT
age: 28838
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
jjna.top/
122.10.10.164200 OK 8.9 kB IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1244), with CRLF, LF line terminators
Hash a54781eff27c4df64c79dc25936a157b
de1d25d62cfacb0872aa05809b1c53952bbba007
8b9b4aa491442bec864bae0e0dcb4ae1a7ee4bc9ff1cc8b5b86e4b0f76bdb3f5
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.zq-wd.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash eafc0448d34ae50b6be5d2e532c864ed
eeca60a766fdf65395a2ac9a743d5b0c3089ede5
9a52191a7b22229ae26f331a61b6f6a5b7bfdae72c6db191a5b5c4e991648998
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 12 Feb 2023 03:29:42 GMT
ETag: "eeca60a766fdf65395a2ac9a743d5b0c3089ede5"
Last-Modified: Wed, 08 Feb 2023 03:29:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 143
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79620b4d0dfbb4ff-OSL
jjna.top/template/m1938pc/css/ate.css
122.10.10.164200 OK 6.0 kB URL HTTP/1.1 jjna.top/template/m1938pc/css/ate.css
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type ASCII text, with CRLF line terminators
Hash 775ec9fd65a59632efdf68fc5af2dfad
a51c8530feab204356baa78c94848b688de1caf5
683dab144184920b21b643c2e6de55202e5528633318697e652fec75a8016d93
GET /template/m1938pc/css/ate.css HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: text/css
Last-Modified: Thu, 21 Apr 2022 12:25:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62614d4c-126e4"
Expires: Wed, 08 Feb 2023 17:42:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
jjna.top/template/m1938pc/ads/sz_zyxf.js
122.10.10.164200 OK 1.7 kB URL HTTP/1.1 jjna.top/template/m1938pc/ads/sz_zyxf.js
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, Unicode text, UTF-8 text
Hash ae393f42663d1f13fa4aa6586f9bdddb
c3929a17dafb8600d36a5a539c3e82f4bc9a79ea
b5b56d95762df66d0389ff498dcf504f5606885fb75f02a67281b968bebd5a3e
GET /template/m1938pc/ads/sz_zyxf.js HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: application/javascript
Last-Modified: Thu, 02 Feb 2023 10:41:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63db9366-21ba"
Expires: Wed, 08 Feb 2023 17:42:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
jjna.top/template/m1938pc/css/zui.css
122.10.10.164200 OK 22 kB URL HTTP/1.1 jjna.top/template/m1938pc/css/zui.css
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type assembler source, Unicode text, UTF-8 (with BOM) text
Hash 4378f1663173a87a5961c3c044053b10
b5006f73439368d03d54f95e688555d86251a5f0
a0d6837a9a00938d49402078d087769fc750acdb2f93f9d5d9ac6a6d8cdda0d2
GET /template/m1938pc/css/zui.css HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: text/css
Last-Modified: Sun, 24 Apr 2022 03:44:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6264c780-1806e"
Expires: Wed, 08 Feb 2023 17:42:49 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
jjna.top/template/m1938pc/ads/img/1.gif
122.10.10.164200 OK 254 B URL HTTP/1.1 jjna.top/template/m1938pc/ads/img/1.gif
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/ads/img/1.gif HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/gif
Content-Length: 254
Last-Modified: Thu, 21 Apr 2022 12:25:50 GMT
Connection: keep-alive
ETag: "62614d4e-fe"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 5e1c320cb49bc502364cc611c2a57f8c
35172f1e7a6d2d35b972022d814cefcad35dfe13
bf25f15a7566a1ee918588060a1a45d8f2b8e655ea4fa1547cfeefddff3aa4b1
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 12 Feb 2023 02:31:24 GMT
ETag: "35172f1e7a6d2d35b972022d814cefcad35dfe13"
Last-Modified: Wed, 08 Feb 2023 02:31:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2049
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79620b523eacb4f9-OSL
ocsp.buypass.com/
23.36.76.147200 OK 1.7 kB IP 23.36.76.147:0
ASN #20940 Akamai International B.V.
Hash 76d5dbdec2a408a15c02c3fd9dec6997
ac3be2e3531b76b27ae864a4ffce1fd33471ec4b
e41b66ef4df9b82789f3c2494ded25fd9ea2eb2fa9f7af25946ad37c53c896ad
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 998c4797-55ab-451f-b062-c2bf7aa3ee89
Content-Length: 1701
Date: Wed, 08 Feb 2023 05:42:50 GMT
Connection: keep-alive
jjna.top/template/m1938pc/images/video-play.png
122.10.10.164200 OK 1.6 kB URL HTTP/1.1 jjna.top/template/m1938pc/images/video-play.png
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/png
Content-Length: 1567
Last-Modified: Thu, 21 Apr 2022 12:26:08 GMT
Connection: keep-alive
ETag: "62614d60-61f"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
jjna.top/template/m1938pc/ads/250.jpg
122.10.10.164200 OK 49 kB URL HTTP/1.1 jjna.top/template/m1938pc/ads/250.jpg
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x853, components 3\012- data
Hash 98a4aa2e4fe727bed1dc7c1bbbd9a7ab
940e48d705212722a9231f60e8c7996dd7b334aa
6b0d412ab6b3c76049b9d3e5127a0b43440606ddf568965923fcb04bfe4f5687
GET /template/m1938pc/ads/250.jpg HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/jpeg
Content-Length: 48575
Last-Modified: Mon, 26 Dec 2022 13:09:15 GMT
Connection: keep-alive
ETag: "63a99cfb-bdbf"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
jjna.top/template/m1938pc/ads/huangguan.gif
122.10.10.164200 OK 214 kB URL HTTP/1.1 jjna.top/template/m1938pc/ads/huangguan.gif
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type GIF image data, version 89a, 960 x 60\012- data
Size 214 kB (213805 bytes)
Hash f410f5836079ff0b5cd79587a13c8dfa
f0962f95bcb436be5121eb66b143c04daeaf74db
38563dbaaf4cb7aa5ff89f1fb50ab63a477cf7772b4065c407bf5d246fa8dcb3
GET /template/m1938pc/ads/huangguan.gif HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/gif
Content-Length: 213805
Last-Modified: Thu, 02 Feb 2023 10:14:06 GMT
Connection: keep-alive
ETag: "63db8cee-3432d"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
pic.picnewsss.com/tu-2022290039/se-1.jpg
23.225.139.251200 OK 27 kB URL HTTP/2 pic.picnewsss.com/tu-2022290039/se-1.jpg
IP 23.225.139.251:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.98.100", baseline, precision 8, 638x378, components 3\012- data
Hash d7603dc1b229c08999abed67adb502ac
54c441cd973289db604c2ee8a9b7121616c1a871
b284bcf5f87ce6f498d8e3bc39b3fbd1300597553be3a0bd0414c78a6e2d835e
GET /tu-2022290039/se-1.jpg HTTP/1.1
Host: pic.picnewsss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=2592000
content-type: image/jpeg
date: Tue, 07 Feb 2023 23:01:06 GMT
etag: "1675831734"
expires: Thu, 09 Mar 2023 23:01:06 GMT
last-modified: Wed, 08 Feb 2023 04:48:54 GMT
server: nginx
x-cache: HIT, policy, memory
content-length: 26754
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?34af60b7a11a9cb51812e2be84a892b9
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?34af60b7a11a9cb51812e2be84a892b9
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (626)
Hash c53adf31bfa8df37fa67ea43a4991ddf
d9fc6078e9905d7f57f68c14c9a7eb303f11654c
6dfce2518d98b2d74e52028577f6f970d1af134afda938d9d0563a23420947c7
GET /hm.js?34af60b7a11a9cb51812e2be84a892b9 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.zq-wd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11264
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 05:42:49 GMT
Etag: fb7a7aec8fe9fcd11e1dd22cf797090e
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F2D13C5D3F742C44; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?b90722b5d2498b7f299d13d5ab36a800
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?b90722b5d2498b7f299d13d5ab36a800
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (625)
Hash 916019aa9f5b2c9e40e503824b3ca875
4826820ebda149eeff3bb8411faf6207c301b781
6a1f544cc9e1b78b65c1589b804b0384d7fff60e1ecadb0e90f3366d77feab79
GET /hm.js?b90722b5d2498b7f299d13d5ab36a800 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11263
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 05:42:49 GMT
Etag: e119d0599b1da247f567de174c48632d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=E13DEED13964A796; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
dvcasha2.ocsp-certum.com/
23.36.79.17200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash f830a9463c54b662b83a8f4a19a083aa
ca137bf74d7bd8f16e21f680b9053fa6686a532b
3a68bfc1370c4c217e61829e5ff6ff0f90e130cb1398d594a92a5ad03dbd2e4c
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=486
Date: Wed, 08 Feb 2023 05:42:50 GMT
Connection: keep-alive
X-N: S
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 17706694b71b4c834aa31650e184eda8
c755ca1a0dab45f28af033864fc8b58ded5a073a
c6746039ee58110676fda9817531a2a61aaf53bcbad9c2a9bae88dfcfa0d7210
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 05:42:50 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 10:45:43 GMT
Expires: Tue, 14 Feb 2023 10:45:42 GMT
Etag: "c755ca1a0dab45f28af033864fc8b58ded5a073a"
Cache-Control: max-age=535971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79620b540e64b4eb-OSL
jjna.top/template/m1938pc/ads/kongjiang.gif
122.10.10.164200 OK 73 kB URL HTTP/1.1 jjna.top/template/m1938pc/ads/kongjiang.gif
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type GIF image data, version 89a, 960 x 80\012- data
Hash 3786e56d6d1ab748179b5cdcc97e0dc1
a1fabf9e794492452aeddae395618e245e892805
830e9e2171ca93ba4618970ee447880c54d99edc65aa4b26fa4e02c2fb963982
GET /template/m1938pc/ads/kongjiang.gif HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/gif
Content-Length: 73157
Last-Modified: Thu, 02 Feb 2023 10:14:07 GMT
Connection: keep-alive
ETag: "63db8cef-11dc5"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 4a07b64336f57540295f56731f316c03
dc39885721c65da38f7d152f7eeba919d07154a6
d79215a4a8c6c426d2943af77e06c9dad5fc32db1d6f5ab65174a4454600fa17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1777
Cache-Control: max-age=146512
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:42:50 GMT
Etag: "63e2c8b9-2d7"
Expires: Thu, 09 Feb 2023 22:24:42 GMT
Last-Modified: Tue, 07 Feb 2023 21:55:05 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 727
p3.douyinpic.com/obj/tos-cn-i-dy/3e7c904dfb7f409f9e6981ebc7e496cb
47.246.44.226200 OK 506 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/3e7c904dfb7f409f9e6981ebc7e496cb
IP 47.246.44.226:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 70\012- data
Size 506 kB (505710 bytes)
Hash d63ef12d0280b3e158a677e65dbdfc4a
a7f5ba73badd87984d5f0633899af90aaf56db76
70121186fa1c91e1ae1ea1d8e0973721daf9ea921f34bec643f9e4836e15856b
GET /obj/tos-cn-i-dy/3e7c904dfb7f409f9e6981ebc7e496cb HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 505710
date: Tue, 31 Jan 2023 05:18:05 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 30 Jan 2023 13:25:16 GMT
nw-session-id: 2023013021251666718FADD7461C1B9EE2tlfcw02dy
nw-session-trace: 2023-01-30T21:25:16.606854344+08:00 45
x-bdcdn-cache-status: TCP_HIT
x-length: 505710
x-powered-by: ImageX
x-response-date: Mon, 30 Jan 2023 21:25:16 GMT
x-tt-logid: 2023013021251666718FADD7461C1B9EE2
via: n150-059-133, cache19.l2de2[0,0,206-0,H], cache17.l2de2[1,0], cache17.l2de2[1,0], cache1.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc02:19:466::91
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01b1b4ef092888dfb9df4db4c4c4c13125e0f8ffafbb2cdfc03a6ac1b5e591282cec2e40809dd70175e53db0f447db05ab8a175caf63ef40ea37fc61d063bbd86f3f57d26b7090200a3e5682ca23e3dbe34e9f32a5659eb0b8e7a756358b88c724
x-response-lb: image
ali-swift-global-savetime: 1675142285
age: 692685
x-cache: HIT TCP_MEM_HIT dirn:11:300754434
x-swift-savetime: Tue, 31 Jan 2023 06:12:21 GMT
x-swift-cachetime: 31532744
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16758349706985104e
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=425052454&si=34af60b7a11a9cb51812e2be84a892b9&v=1.3.0&lv=1&sn=39538&r=0&ww=1280&u=http%3A%2F%2Fwww.zq-wd.com%2F555d6702c950ecb729a966504af0a635%2Fsignin.php&tt=%E5%8D%8E%E5%8C%97%E6%B2%9F%E8%87%BC%E7%89%A9%E6%B5%81%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=425052454&si=34af60b7a11a9cb51812e2be84a892b9&v=1.3.0&lv=1&sn=39538&r=0&ww=1280&u=http%3A%2F%2Fwww.zq-wd.com%2F555d6702c950ecb729a966504af0a635%2Fsignin.php&tt=%E5%8D%8E%E5%8C%97%E6%B2%9F%E8%87%BC%E7%89%A9%E6%B5%81%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=425052454&si=34af60b7a11a9cb51812e2be84a892b9&v=1.3.0&lv=1&sn=39538&r=0&ww=1280&u=http%3A%2F%2Fwww.zq-wd.com%2F555d6702c950ecb729a966504af0a635%2Fsignin.php&tt=%E5%8D%8E%E5%8C%97%E6%B2%9F%E8%87%BC%E7%89%A9%E6%B5%81%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.zq-wd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 05:42:50 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F40BE02CD11CBFF1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p3.douyinpic.com/obj/tos-cn-i-dy/62b96b792d09439f9ded2ead53b76328
47.246.44.226200 OK 180 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/62b96b792d09439f9ded2ead53b76328
IP 47.246.44.226:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 300 x 250\012- data
Size 180 kB (180339 bytes)
Hash 157cc4620c454f3e1852b544ad7f8b1c
d32dfdef2a092c097a22cbc66eff064e991e40dc
691bfd19f363505d0ff8f189935c6c5201090e56dc4e61c75e9db781ef26cad7
GET /obj/tos-cn-i-dy/62b96b792d09439f9ded2ead53b76328 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 180339
date: Thu, 02 Feb 2023 16:20:04 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 02 Feb 2023 13:41:53 GMT
nw-session-id: 20230202214153F46B0E56FC7A6FB03EA3tf24d02dy
nw-session-trace: 2023-02-02T21:41:53.614486574+08:00 433
x-bdcdn-cache-status: TCP_HIT
x-length: 180339
x-powered-by: ImageX
x-response-date: Thu, 02 Feb 2023 21:41:53 GMT
x-tt-logid: 20230202214153F46B0E56FC7A6FB03EA3
via: n204-100-029, cache17.l2de2[0,0,206-0,H], cache15.l2de2[1,0], cache15.l2de2[1,0], cache7.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc01:27:215::152
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 019a6b6abbdabcace9c7a85b2f475a44d5563ad658fda087b8c82f72ceee70c4da47765688eed2a10eef8f8d88570e22074ae4bedd9e29b417b6fa4d5017ad4a8ebdbf46d783cccd7e31c05863f06d1f2091491810b0a22cbd0c7bc59595f0314f
x-response-lb: image
ali-swift-global-savetime: 1675354804
age: 480166
x-cache: HIT TCP_MEM_HIT dirn:5:409360064
x-swift-savetime: Fri, 03 Feb 2023 00:21:59 GMT
x-swift-cachetime: 31507085
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16758349708045160e
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1020326400&si=b90722b5d2498b7f299d13d5ab36a800&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39538&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1020326400&si=b90722b5d2498b7f299d13d5ab36a800&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39538&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1020326400&si=b90722b5d2498b7f299d13d5ab36a800&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39538&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 05:42:50 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=41C098881E88E590; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
jjna.top/template/m1938pc/ads/bibo.gif
122.10.10.164200 OK 355 kB URL HTTP/1.1 jjna.top/template/m1938pc/ads/bibo.gif
IP 122.10.10.164:0
ASN #134548 DXTL Tseung Kwan O Service
File type GIF image data, version 89a, 960 x 60\012- data
Size 355 kB (355361 bytes)
Hash c9d6002216323dd36e9a428a46fa4209
e287daccaea06192967ead4a46290ec9a9080f02
11105b08395bb42d516058100e71ceaebcb2c2d182e2c2e4acc64f73ab6f2477
GET /template/m1938pc/ads/bibo.gif HTTP/1.1
Host: jjna.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjna.top/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 05:42:49 GMT
Content-Type: image/gif
Content-Length: 355361
Last-Modified: Thu, 02 Feb 2023 10:14:02 GMT
Connection: keep-alive
ETag: "63db8cea-56c21"
Expires: Fri, 10 Mar 2023 05:42:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
8499583.com/8499/s200x200.gif
23.224.101.37200 OK 248 kB URL HTTP/2 8499583.com/8499/s200x200.gif
IP 23.224.101.37:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 248 kB (248099 bytes)
Hash 761862416e1a2ae8b95e67e823ee7e5a
05c3fd100ac5801602b15243bb49e31b063ea7b5
69f49182c975f54c14c7f88bbd74ddd97f9b87a294147b26f1a2bf83000971e2
GET /8499/s200x200.gif HTTP/1.1
Host: 8499583.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:42:50 GMT
content-type: image/gif
content-length: 248099
last-modified: Wed, 28 Dec 2022 09:29:16 GMT
etag: "3c923-5f0e000943a64"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?d742f37d799b672d7761483ec806a10f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?d742f37d799b672d7761483ec806a10f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (630)
Hash 39d8fc4ae838dcc25e8c5d6b6a6dfd78
17338ea3884e913c0a4587d5ae10154adf680e32
fc770fa4bc48ecb968eb641ad9aba52687f0afb6d671e18a1a4181fb71b1aa3c
GET /hm.js?d742f37d799b672d7761483ec806a10f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11268
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 05:42:50 GMT
Etag: a42c655f69090e2c64985f7146f99852
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=887A2DCC090F6D74; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?b6267909077517b271f24efcf233727e
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?b6267909077517b271f24efcf233727e
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 34551f097586feab5109a08f95aa2fa3
1ef4b3b36c2fa71b776ddeeda062703e2fc87073
c8f99408d13dd413d4056daa38c98ca1cef5de5b09a81ec705b665f51b8c42f7
GET /hm.js?b6267909077517b271f24efcf233727e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 05:42:50 GMT
Etag: a4651da0f86f461fa78de12ad63eb0f2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=880B6DA0CD662900; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?c7e75a198aeeb6c19451998248286982
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?c7e75a198aeeb6c19451998248286982
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash e9744acd012018d7290debb70813bd73
6205903f6f59e7d4ad619dcc4adadcf6b228bb1a
2944219fb3ab02b39275d46772f15a5fc61f09b91b1847590749af4512b68816
GET /hm.js?c7e75a198aeeb6c19451998248286982 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11265
Content-Type: application/javascript
Date: Wed, 08 Feb 2023 05:42:50 GMT
Etag: 6e10e93027e931c2ad31899c23bd735e
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4DB93E13816F90B8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b2e7acca2917671af0963ccdec89f61d
ccf222d952b9b9a1dd7083eb01b07e552c391275
414088d34014d62926596eda40f3c3905871dd775812a3e54f198d9d77b89a7c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 05:42:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 03:22:09 GMT
Expires: Tue, 14 Feb 2023 03:22:08 GMT
Etag: "ccf222d952b9b9a1dd7083eb01b07e552c391275"
Cache-Control: max-age=509356,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79620b5ccfea1c06-OSL
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1213912996&si=d742f37d799b672d7761483ec806a10f&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1213912996&si=d742f37d799b672d7761483ec806a10f&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1213912996&si=d742f37d799b672d7761483ec806a10f&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 05:42:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F3862FF2D92F8ABF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=340315384&si=c7e75a198aeeb6c19451998248286982&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=340315384&si=c7e75a198aeeb6c19451998248286982&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=340315384&si=c7e75a198aeeb6c19451998248286982&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 05:42:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=12FAC31104ED67D3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2043430944&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2043430944&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2043430944&si=b6267909077517b271f24efcf233727e&su=http%3A%2F%2Fwww.zq-wd.com%2F&v=1.3.0&lv=1&sn=39539&r=0&ww=1268&u=http%3A%2F%2Fjjna.top%2F&tt=%E4%BC%98%E6%92%ADTV HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 08 Feb 2023 05:42:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=6B79725EC69E6264; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p.qlogo.cn/qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjWNundlxFzh4RVn7iclj3asdlcq0yDbtViagxYbGicsA10M/0
43.154.254.32200 OK 306 kB URL HTTP/2 p.qlogo.cn/qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjWNundlxFzh4RVn7iclj3asdlcq0yDbtViagxYbGicsA10M/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 100\012- data
Size 306 kB (306060 bytes)
Hash 46849841d98246ac6d44660ddbc19642
61f8e7ee0ba933a87feec89b47c28d6d337090a8
1007ba0e9fd38f3c0a55517657bd3b22e22fe9055ac4463ced82c796017f0917
GET /qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjWNundlxFzh4RVn7iclj3asdlcq0yDbtViagxYbGicsA10M/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 08 Feb 2023 05:42:50 GMT
content-type: image/gif
content-length: 306060
vary: Accept,Origin
last-modified: Mon, 19 Dec 2022 13:01:50 GMT
cache-control: max-age=2592000
x-delay: 51188 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 9
x-reqgue: 0
size: 306060
chid: 0
fid: 0
x-nws-log-uuid: fb9303af-ca4a-4bbd-9393-9314fb20b850
X-Firefox-Spdy: h2
u1011.com/4190ec1275ad41e5b97e3f9b9b17e2b8.gif
45.61.212.163200 OK 32 kB URL HTTP/2 u1011.com/4190ec1275ad41e5b97e3f9b9b17e2b8.gif
IP 45.61.212.163:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 65b2dc464a3013c17cdb8a8c643719d8
fae937a6f094f2ceb6b0fa84f5a4e9ce336ee70d
70be7f27981ddf58e361ad923fa88110eaf976b93913eaea5f584856b99ed0cc
GET /4190ec1275ad41e5b97e3f9b9b17e2b8.gif HTTP/1.1
Host: u1011.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "63c6929c-7dc8"
server: nginx
date: Tue, 07 Feb 2023 07:29:15 GMT
content-type: image/gif
last-modified: Tue, 17 Jan 2023 12:20:44 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us5-cdnb-03
content-length: 32200
X-Firefox-Spdy: h2
595tuchuang.com/960x60.gif
183.255.106.33200 OK 318 kB URL HTTP/2 595tuchuang.com/960x60.gif
IP 183.255.106.33:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 318 kB (317903 bytes)
Hash fb3f1f47e7cd3c017411f4a08cb222b7
9ef0eebfa48d7d3c66398066ad781c2e4c5c2fce
864310898b7de94e28b82e0e318d801e6537365a75078d2f94b98a25c81e98a9
GET /960x60.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:42:50 GMT
content-type: image/gif
content-length: 317903
last-modified: Thu, 15 Dec 2022 11:17:02 GMT
etag: "639b022e-4d9cf"
expires: Wed, 01 Mar 2023 06:45:41 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
img.5969a.com/images/63dbbbbb5eeed921ab034c9c.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.5969a.com/images/63dbbbbb5eeed921ab034c9c.gif
IP 3.36.126.81:0
GET /images/63dbbbbb5eeed921ab034c9c.gif HTTP/1.1
Host: img.5969a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/62b96b792d09439f9ded2ead53b76328
X-Firefox-Spdy: h2
img.6327a.com/images/63dbaf845eeed921ab034c99.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.6327a.com/images/63dbaf845eeed921ab034c99.gif
IP 3.36.126.81:0
GET /images/63dbaf845eeed921ab034c99.gif HTTP/1.1
Host: img.6327a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jjna.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/3e7c904dfb7f409f9e6981ebc7e496cb
X-Firefox-Spdy: h2