r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12236
Expires: Wed, 07 Dec 2022 03:51:55 GMT
Date: Wed, 07 Dec 2022 00:27:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3359
Cache-Control: max-age=125958
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:27:59 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 11:27:17 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8393
Expires: Wed, 07 Dec 2022 02:47:52 GMT
Date: Wed, 07 Dec 2022 00:27:59 GMT
Connection: keep-alive
www.qzzxks.com/index.php
160.202.75.28200 OK 807 B IP 160.202.75.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash cc10e70a8b4319c078a2fa278104f01a
888c94f99d282eccb97b432905b834e843ef9be8
e2ac321bcf800e9f6050754592ad121113f5e21f0464e4d9e1858fe2e61fe0ae
GET /index.php HTTP/1.1
Host: www.qzzxks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:27:59 GMT
Content-Type: text/html
Content-Length: 807
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 00:18:42 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 557
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: olW577fDk2P2jwanF9EN20/cZazGwoWWk6sw27jamPy+vUrgBtrrl7xycJELqdbqBK7kwUGgSyU=
x-amz-request-id: SC929HZZAR4VENJK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 23:47:17 GMT
age: 2442
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:27:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.qzzxks.com/tj.js
160.202.75.28200 OK 998 B IP 160.202.75.28:0
File type HTML document, ASCII text, with CRLF line terminators
Hash ffda4b5e4a09cf9052e51ee6b0fd48f0
0bcd6259bc09248ff3f098e76f4afb449563847a
5a068182225b8cdbc032094292560096a10a7293bcea082cefbb80ff3e662df4
GET /tj.js HTTP/1.1
Host: www.qzzxks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:00 GMT
Content-Type: application/x-javascript
Content-Length: 998
Connection: keep-alive
www.qzzxks.com/common.js
160.202.75.28200 OK 1.1 kB IP 160.202.75.28:0
File type HTML document, ASCII text, with very long lines (389), with CRLF line terminators
Hash 2707490b59abe7180af8f151f1ed1440
ccb586334bf9f38fa4500625d372140a89f9dffb
0a668a351a44c86f65d2eed8ec0583b328ed3c0498eac2243942d472cc0e8332
GET /common.js HTTP/1.1
Host: www.qzzxks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:00 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 00:11:20 GMT
cache-control: public,max-age=3600
age: 1000
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3346
Cache-Control: max-age=120876
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:00 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:02:36 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.zhanzhang.baidu.com/push.js
182.61.201.94200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 07 Dec 2022 00:28:00 GMT
Etag: "4078521116"
Expires: Thu, 07 Dec 2023 00:28:00 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E03CBD3C0C44F26CAD697944A5E0A477:FG=1; max-age=31536000; expires=Thu, 07-Dec-23 00:28:00 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash e287754c60a88666a6312bad9576d6d6
ebf26b4fc9095405264affb5ec5bb74da1390c11
1e3b86f238eebe96b7a33f7df7dfd4815e9e6f6ebf801e7dd8489687d05bc870
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 10 Dec 2022 22:20:00 GMT
ETag: "ebf26b4fc9095405264affb5ec5bb74da1390c11"
Last-Modified: Tue, 06 Dec 2022 22:20:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3421
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77592388d81fb500-OSL
api.share.baidu.com/s.gif?l=http://www.qzzxks.com/index.php
182.61.240.101200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.qzzxks.com/index.php
IP 182.61.240.101:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.qzzxks.com/index.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 07 Dec 2022 00:28:00 GMT
push.services.mozilla.com/
52.89.114.252101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.114.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yu0/bHqOjaIuGAf/ASjlfw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dbBHMqU46OSQK6S1HgKGd/+Tu+s=
api.heiniu103.com/news/index.php
210.56.56.28200 OK 600 B URL HTTP/1.1 api.heiniu103.com/news/index.php
IP 210.56.56.28:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 8e25132ff0c5279644cda32a0f44d7d6
7d05b4b57ae022fe7bb7e4f7acd76480e3f51d31
f928d8d18d498f35c61881b874d10739ba33cda71742d738adfa86e74fcbffe6
GET /news/index.php HTTP/1.1
Host: api.heiniu103.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.qzzxks.com/favicon.ico
160.202.75.28200 OK 1.2 kB URL HTTP/1.1 www.qzzxks.com/favicon.ico
IP 160.202.75.28:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.qzzxks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.qzzxks.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:01 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Mon, 12 Dec 2022 00:28:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
hm.baidu.com/hm.js?f5a5c5c92b8ba0ce4c14073f16113b3c
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?f5a5c5c92b8ba0ce4c14073f16113b3c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (621)
Hash 855c95b7c7edc6356ed5f2c3e7ec7f8f
ea72a734da40c56ff3e2b20f78026dfc647267f6
4c4b2b7a305e6888ecc2732f1baafbde6b31813fd02db06d148658aed9588740
GET /hm.js?f5a5c5c92b8ba0ce4c14073f16113b3c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.qzzxks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Wed, 07 Dec 2022 00:28:01 GMT
Etag: 1d8f4d6fb53a3a8896c0fd86273fe198
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0265D6E60F749597; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?881d54a417f64ae7f9a36ce68c12aaf1
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?881d54a417f64ae7f9a36ce68c12aaf1
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (622)
Hash 6478fb7b7523564f7530d6742481b9b8
0e15d9c3cf104c6e762121b873f7dcc74343387d
74202543a5a62ff25ed95604637244386728894988a44d82246407520e0819f2
GET /hm.js?881d54a417f64ae7f9a36ce68c12aaf1 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.qzzxks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11260
Content-Type: application/javascript
Date: Wed, 07 Dec 2022 00:28:01 GMT
Etag: c40565785729c75b02edde00b1ec257d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3F04860B0CE8BCFA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=116333258&si=f5a5c5c92b8ba0ce4c14073f16113b3c&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=116333258&si=f5a5c5c92b8ba0ce4c14073f16113b3c&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=116333258&si=f5a5c5c92b8ba0ce4c14073f16113b3c&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.qzzxks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 07 Dec 2022 00:28:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=AC1021583CEDB3CF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1430398941&si=881d54a417f64ae7f9a36ce68c12aaf1&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1430398941&si=881d54a417f64ae7f9a36ce68c12aaf1&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1430398941&si=881d54a417f64ae7f9a36ce68c12aaf1&v=1.3.0&lv=1&sn=16801&r=0&ww=1280&u=http%3A%2F%2Fwww.qzzxks.com%2Findex.php&tt=%E9%A9%BB%E9%A9%AC%E5%BA%97%E8%BE%9F%E6%95%B2%E8%B4%A7%E8%BF%90%E4%BB%A3%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.qzzxks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 07 Dec 2022 00:28:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=3AB13562B1799DE4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4945
Expires: Wed, 07 Dec 2022 01:50:27 GMT
Date: Wed, 07 Dec 2022 00:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4945
Expires: Wed, 07 Dec 2022 01:50:27 GMT
Date: Wed, 07 Dec 2022 00:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4942
Expires: Wed, 07 Dec 2022 01:50:24 GMT
Date: Wed, 07 Dec 2022 00:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4942
Expires: Wed, 07 Dec 2022 01:50:24 GMT
Date: Wed, 07 Dec 2022 00:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4945
Expires: Wed, 07 Dec 2022 01:50:27 GMT
Date: Wed, 07 Dec 2022 00:28:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9257f2e3b9bd1b3aa262b0f4bf57968
4bcdd6ecd63834aa1010faf19457a97f37ae99fa
9afd592279c51b533b3bf72a860cf4a8f2bc6cf01b07d1ab6f11f0ff302e0ef6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7392
x-amzn-requestid: f4b6890a-7a8f-48f8-b2af-365cb5f681e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwREFiXoAMFSMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-009e524f30c72d0629c877bb;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C0-H0LUbxaxMEXoDf6PXEFAvVTj2D9K2M7eshRo39QzAAWSk2ubepA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 03:51:07 GMT
age: 74215
etag: "4bcdd6ecd63834aa1010faf19457a97f37ae99fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4884ce2731d3033b12e4792c1bbf453e
63b6efc98cb04228d82ac28fceb97bb1cf8d82fb
8c37704d0e1fd16239e28cbdb88c5ac6a2e9cfb70f8457bfab127202f89d3788
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14896
x-amzn-requestid: 58d94b15-dce0-44c0-96b1-917f1206a39e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnA4RFkeoAMFfGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c4834-7c1667b53795d5c11a3bfdda;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:11:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tM0WOO_Ypgj2QxJSz9GHZZTsKjzsvyD6tjpp4G0ZpuGAIGmnEe4oqQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 08:11:23 GMT
age: 58599
etag: "63b6efc98cb04228d82ac28fceb97bb1cf8d82fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 8769
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e95ebce9d79ba46cb96af9a45af1762f
985c6761675e6bcc0186f64d55f94cf09352f05c
5837d6bf31e57f955ba2577f112281cc33a5502b358c83192f4e396b57042ac0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 0f5d1b0e-1193-4006-8a54-555681d9f62e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlqVGMjoAMFS6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb641-6366ea6464122d857407cdff;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nm0qQpo75zvDYWxv8V3GvOSBFenh8ocfjV9d02Mc2l-ABieIb3h2uA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:53:40 GMT
age: 9262
etag: "985c6761675e6bcc0186f64d55f94cf09352f05c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 550ee57c325ce8d4892400deb24141d3
acece1761a7d4d3926500726c19d528bb204ef4c
7cc68e966362916947e7d6e24d3c001c64298fec2438a97538765d801fa7c92c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10362
x-amzn-requestid: 7fdd2011-e283-467e-9f04-741946a834ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpl_1EsooAMFhvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5065-0cddad1919d984065bd0b03e;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 01:59:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uhgTdyHGPZ1Ocp6wLQNVgcZ0z2CPyV0a_51MXD6Q04tsJ3RhgMY2Fw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:58:02 GMT
age: 9000
etag: "acece1761a7d4d3926500726c19d528bb204ef4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9f7b9c77a99173619ee85d0cfa8e2f8
05ba0fab4533b9837dd8558ffa5eb168e974d2b3
17184aca15041d2770fe14397fc0ab87e5f8e9f910b557031ba7fbf1349b0b9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11464
x-amzn-requestid: 04d9e95d-563e-4258-934e-add82f95a638
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGysEDmIAMFSIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851aa-426e37fb562dc25b3449311b;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tqhoE46EqpCXH19gao1hu0hiwVHvIxHtOwjTK7OtHdiwPSThKQE-Eg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 06:41:10 GMT
age: 64012
etag: "05ba0fab4533b9837dd8558ffa5eb168e974d2b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.heiniu103.com/news/api.php
210.56.56.28200 OK 49 B URL HTTP/1.1 api.heiniu103.com/news/api.php
IP 210.56.56.28:0
ASN #64050 BGPNET Global ASN
File type HTML document, ASCII text
Hash 02c69063945230ddd10f0363577e1525
60c10d68ed1c511cfefb5d6b188a7d2855f0e066
be6ac5413f3f694f006a85dd75fd537624b8d616810dd2171e4cbec9bc6f5659
GET /news/api.php HTTP/1.1
Host: api.heiniu103.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://api.heiniu103.com/news/index.php
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
api.heiniu103.com/news/data.php
210.56.56.28200 OK 191 B URL HTTP/1.1 api.heiniu103.com/news/data.php
IP 210.56.56.28:0
ASN #64050 BGPNET Global ASN
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 90f32cde00026dd5c837221916379a68
6abdf0963e9d944c377ab8953d387172b43feaf1
28324b6cf5da0a9c44c954ce7d77d2f764e729a7e850866cb600b3e1c76e8857
GET /news/data.php HTTP/1.1
Host: api.heiniu103.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://api.heiniu103.com/news/api.php
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3f92b3a77b0315b50b6f854acfc7058c
9c077182fea64226bb3a4ab87c5956ce965c9bc4
4dd99f999e92e7429cd85f17cf19b723e075cebcc7a98a77fbf82e9dc4d9af31
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4DD99F999E92E7429CD85F17CF19B723E075CEBCC7A98A77FBF82E9DC4D9AF31"
Last-Modified: Mon, 05 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=114
Expires: Wed, 07 Dec 2022 00:29:57 GMT
Date: Wed, 07 Dec 2022 00:28:03 GMT
Connection: keep-alive
www.heiniu124.site/template/heiniu/html9/ads/xf.js
104.247.198.189200 OK 906 B URL HTTP/2 www.heiniu124.site/template/heiniu/html9/ads/xf.js
IP 104.247.198.189:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (555), with CRLF line terminators
Hash 729c8f57a63d82c9ffebcb46d8aac4b1
31af0393b90265b663dc043d25e5864b1b914977
0f2989b30211103356e8baf89c7c4a9d510e5fec86a3eb034518be05d66f680c
GET /template/heiniu/html9/ads/xf.js HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: application/javascript
content-length: 906
last-modified: Tue, 06 Dec 2022 10:59:57 GMT
etag: "638f20ad-38a"
expires: Wed, 07 Dec 2022 12:28:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heiniu124.site/static/images/1.gif
104.247.198.189200 OK 254 B URL HTTP/2 www.heiniu124.site/static/images/1.gif
IP 104.247.198.189:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /static/images/1.gif HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/gif
content-length: 254
last-modified: Tue, 30 Aug 2022 15:22:21 GMT
etag: "630e2b2d-fe"
expires: Fri, 06 Jan 2023 00:28:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heiniu124.site/template/heiniu/images/loading.svg
104.247.198.189200 OK 506 B URL HTTP/2 www.heiniu124.site/template/heiniu/images/loading.svg
IP 104.247.198.189:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash bb36cf278bc5f407c3a64054c13dbbdf
ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2
fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff
GET /template/heiniu/images/loading.svg HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Sun, 09 Jan 2022 08:39:24 GMT
etag: "61da9f3c-1fa"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash ac42b66f8eed5be3d6bc7a5f517e7ca4
ab436b2a48df3d77e5b9943048e8f6e959b04d2e
e971705586bc6523e6f42ba1ea01923a06c380f719977e2c7e8cfd035a6de915
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:04 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 23:13:52 GMT
Expires: Sun, 11 Dec 2022 23:13:51 GMT
Etag: "ab436b2a48df3d77e5b9943048e8f6e959b04d2e"
Cache-Control: max-age=426946,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a15bfab4ff-OSL
ocsp.pki.goog/s/gts1p5/8PiKUJKCkz4
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8PiKUJKCkz4
IP 216.58.211.3:0
Hash 0bc19eed9d6c1d95a595075e1efcdc7a
ac2d003ac4efba97c84ef6955375be309854c3dd
b92844074c5c59ec98f296e1a48ebda792f7eaa561d3eff872f16cce4e138922
POST /s/gts1p5/8PiKUJKCkz4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 01bd6326440286b83989b34457cd5030
a9ea764283cf52d0ccf94284a3eb9131f44a62b9
eb8b73103bc86a10adf0ca570da221a357d5b7b2a8b70378c558186f5a3f2b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB8B73103BC86A10ADF0CA570DA221A357D5B7B2A8B70378C558186F5A3F2B5E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14490
Expires: Wed, 07 Dec 2022 04:29:34 GMT
Date: Wed, 07 Dec 2022 00:28:04 GMT
Connection: keep-alive
www.tupku.top/lm/031815-80.gif
188.114.96.1200 OK 1.6 MB URL HTTP/2 www.tupku.top/lm/031815-80.gif
IP 188.114.96.1:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /lm/031815-80.gif HTTP/1.1
Host: www.tupku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/gif
content-length: 1626999
last-modified: Thu, 07 Jul 2022 15:13:11 GMT
etag: "62c6f807-18d377"
expires: Mon, 02 Jan 2023 17:35:35 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 283942
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7GpRRdrMXUFdznYQaPNfnmlNGG3Sq1efFuF7IDhVvP5GFez1qmnnPdyPubtzjDH%2FLSNcrx58IXTEzaIyXFxsH%2Bcud2%2BF82Wuhg5hluFQAN1X8UzdK5n32EFnz4QOllX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775923a1dc37b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c0e0b60f82d2fb18adcfca90fa1f158a
40c606ddddbca03999d4a177d283d0c6b1d01af4
79f8115169b4963c56f64080ccd0ed1301a7be17bd738dfad6a36aba85d8c524
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79F8115169B4963C56F64080CCD0ED1301A7BE17BD738DFAD6A36ABA85D8C524"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5693
Expires: Wed, 07 Dec 2022 02:02:57 GMT
Date: Wed, 07 Dec 2022 00:28:04 GMT
Connection: keep-alive
www.heiniu124.site/static/images/ty1.gif
104.247.198.189200 OK 311 kB URL HTTP/2 www.heiniu124.site/static/images/ty1.gif
IP 104.247.198.189:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 311 kB (311286 bytes)
Hash 30a7c91db583059228754a8c1ab9b207
690df8fd762ba6a5eeeb6fd92a61a4f358aaf835
28f2b6356156a475a328af42ab23a62cc7b07c94fb486e304c1dc812413cc7ba
GET /static/images/ty1.gif HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/gif
content-length: 311286
last-modified: Tue, 29 Nov 2022 09:29:40 GMT
etag: "6385d104-4bff6"
expires: Fri, 06 Jan 2023 00:28:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heiniu124.site/dingpiao.html
104.247.198.189200 OK 165 B URL HTTP/2 www.heiniu124.site/dingpiao.html
IP 104.247.198.189:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 2c8c403461a3fb3c91bc7e3e32f2408a
3202fcb4253710dc75ecd4e06caf32478edb44db
2afe09da4437d941eacee4eb3b9dc825df96e9eea248552c434def47b6d92e4d
GET /dingpiao.html HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: text/html
content-length: 165
last-modified: Mon, 07 Nov 2022 17:09:23 GMT
etag: "63693bc3-a5"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a02b0d457bfedc42f9f93ee95e8a582c
f6002834b06abc040e7d7c5911d4eb0586ab1408
e4789beb3da5f0fab76299a7a5f355e1effa62607a5f24e643484ce8c27e4214
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4789BEB3DA5F0FAB76299A7A5F355E1EFFA62607A5F24E643484CE8C27E4214"
Last-Modified: Sun, 04 Dec 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3353
Expires: Wed, 07 Dec 2022 01:23:57 GMT
Date: Wed, 07 Dec 2022 00:28:04 GMT
Connection: keep-alive
www.heiniu124.site/logo.html
104.247.198.189200 OK 904 B URL HTTP/2 www.heiniu124.site/logo.html
IP 104.247.198.189:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 16038df59a2fb6d2d680d09a621057c6
74a4afc1881eea5c56e9c1853baea7fa60d23b95
ed839998dcaea302be5bbe68a966aad7658f8e9bfff1ac213487ea0c58396c73
GET /logo.html HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: text/html
content-length: 904
last-modified: Thu, 01 Sep 2022 13:59:09 GMT
etag: "6310baad-388"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/8PiKUJKCkz4
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8PiKUJKCkz4
IP 216.58.211.3:0
Hash 0bc19eed9d6c1d95a595075e1efcdc7a
ac2d003ac4efba97c84ef6955375be309854c3dd
b92844074c5c59ec98f296e1a48ebda792f7eaa561d3eff872f16cce4e138922
POST /s/gts1p5/8PiKUJKCkz4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heiniu124.site/template/heiniu/images/video-mask.png
104.247.198.189200 OK 107 B URL HTTP/2 www.heiniu124.site/template/heiniu/images/video-mask.png
IP 104.247.198.189:0
File type PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Hash 6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa
GET /template/heiniu/images/video-mask.png HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/template/heiniu/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/png
content-length: 107
last-modified: Tue, 04 Jan 2022 15:14:22 GMT
etag: "61d4644e-6b"
expires: Fri, 06 Jan 2023 00:28:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heiniu124.site/template/heiniu/images/video-play.png
104.247.198.189200 OK 1.6 kB URL HTTP/2 www.heiniu124.site/template/heiniu/images/video-play.png
IP 104.247.198.189:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/heiniu/images/video-play.png HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/template/heiniu/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/png
content-length: 1567
last-modified: Tue, 04 Jan 2022 15:14:20 GMT
etag: "61d4644c-61f"
expires: Fri, 06 Jan 2023 00:28:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 3c56ac527cf2019c0f0b9568f148de6c
a9d1aaa46261f94efe60ef00be5c0af965301e4a
2d9bf20e5b1d384ed6655e2d32a10c23a669bfffd39c5217efc661c23fa6ba41
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 10 Dec 2022 20:58:11 GMT
ETag: "a9d1aaa46261f94efe60ef00be5c0af965301e4a"
Last-Modified: Tue, 06 Dec 2022 20:58:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2408
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775923a31dd0b4ee-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 3c56ac527cf2019c0f0b9568f148de6c
a9d1aaa46261f94efe60ef00be5c0af965301e4a
2d9bf20e5b1d384ed6655e2d32a10c23a669bfffd39c5217efc661c23fa6ba41
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 10 Dec 2022 20:58:11 GMT
ETag: "a9d1aaa46261f94efe60ef00be5c0af965301e4a"
Last-Modified: Tue, 06 Dec 2022 20:58:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2408
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775923a31e3bb511-OSL
kvmaa.com/0faf263b1025a51efcea7acd844cc402.gif
137.175.13.78301 Moved Permanently 162 B URL HTTP/2 kvmaa.com/0faf263b1025a51efcea7acd844cc402.gif
IP 137.175.13.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /0faf263b1025a51efcea7acd844cc402.gif HTTP/1.1
Host: kvmaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 07 Dec 2022 00:28:10 GMT
content-type: text/html
content-length: 162
location: https://nvhbbb.top/0faf263b1025a51efcea7acd844cc402.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash e01f39e37f5ba49729fbe9abcc54c9d2
1ee4ab8580b8537b3250f65250902ba00bd44e46
7a7b229f58dbec5e264f32e3be1352880cb273be0dc7a37d28f4eaf8c4035a61
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 00:28:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 06 Dec 2022 14:07:17 GMT
Expires: Wed, 07 Dec 2022 14:07:17 GMT
ETag: "1ee4ab8580b8537b3250f65250902ba00bd44e46"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.heiniu124.site/LOGO1.png
104.247.198.189200 OK 370 kB URL HTTP/2 www.heiniu124.site/LOGO1.png
IP 104.247.198.189:0
File type PNG image data, 1324 x 557, 8-bit/color RGBA, non-interlaced\012- data
Size 370 kB (370064 bytes)
Hash a11158c68b22f268712d7225f24ef06d
b9aafabb251fcdcf1dd711358c10e46656773031
dc4cebb48b3ba6425c0086b60bb77c8e5ab58eed01a2b7548411c8171ca9f608
GET /LOGO1.png HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/logo.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/png
content-length: 370064
last-modified: Wed, 31 Aug 2022 11:39:34 GMT
etag: "630f4876-5a590"
expires: Fri, 06 Jan 2023 00:28:04 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
dvcasha2.ocsp-certum.com/
95.101.10.107200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.107:0
ASN #20940 Akamai International B.V.
Hash 079ff5b15d6ddd4c63667d00041b07a8
2eab4d6e8af875ccadc4e586407bf459785148fb
d0b83f4bc050f6b7b3a28645ab0acf1ce1590adab56c481b94c91abc949a755a
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=886
Date: Wed, 07 Dec 2022 00:28:05 GMT
Connection: keep-alive
X-N: S
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c7e8e15bec4337e96ff2670a943e6771
65416a3f63ba24851cbfd798dcf6669d0c8c01e6
fc4cc54f2f49b89b2a102b4c855c4a21e5ed92ba81ea2c1a6578a8839fe57c18
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5261
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:05 GMT
Etag: "638e035d-117"
Last-Modified: Tue, 06 Dec 2022 23:00:24 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
nvhbbb.top/0faf263b1025a51efcea7acd844cc402.gif
172.67.170.188200 OK 1.1 MB URL HTTP/2 nvhbbb.top/0faf263b1025a51efcea7acd844cc402.gif
IP 172.67.170.188:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.1 MB (1082384 bytes)
Hash a2513b4510f6797c4cbe4012fc79c64c
41f15aa49c66eed88a541224dedda5d215f9e7ef
16e775f7ac1e0368c216cdcf70bc3d56d7d952d7653898dbb8093efcd712cc71
GET /0faf263b1025a51efcea7acd844cc402.gif HTTP/1.1
Host: nvhbbb.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heiniu124.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
content-length: 1082384
last-modified: Sat, 27 Aug 2022 07:44:24 GMT
etag: "6309cb58-108410"
expires: Wed, 14 Dec 2022 15:33:54 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1932851
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYtkV6H2DwHLlKUIlwjANLPJBN2vHjtE6gsPImRqKf0XP3GFYsSJ74ZoIZp1ZrpU86hLzZogGvCvIPy43lOEAAQYXeTyymkDjb7difNQDWndNMKzVWReysg7342D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775923a3fe880b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c7e8e15bec4337e96ff2670a943e6771
65416a3f63ba24851cbfd798dcf6669d0c8c01e6
fc4cc54f2f49b89b2a102b4c855c4a21e5ed92ba81ea2c1a6578a8839fe57c18
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5261
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:05 GMT
Etag: "638e035d-117"
Last-Modified: Tue, 06 Dec 2022 23:00:24 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 294532771ec7c7264bdba78879944370
d3248d28284457ce792a96e2cc58c3976abac075
6331f93d481f2216492e2570b45268f31743aa2a1592630c511f0087f16d4170
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:57:15 GMT
Expires: Sat, 10 Dec 2022 15:57:14 GMT
Etag: "d3248d28284457ce792a96e2cc58c3976abac075"
Cache-Control: max-age=314348,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a48c4fb509-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash f8b76b242fd2e8879cdfc7fbd1415faf
1871f8392aa2d3c3e8578d55db36191afc9327ec
361971753f91e7cad9e1bddef1c21a30753abbfb3b7f1cec82c8031700224ec1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 23:53:08 GMT
Expires: Sat, 10 Dec 2022 23:53:07 GMT
Etag: "1871f8392aa2d3c3e8578d55db36191afc9327ec"
Cache-Control: max-age=342901,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a4ac57b509-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5acb2c3ddcee337d0073307463094da
4f1ba8d8605091a4d3e09494b110b9d5589c308b
f519ea5d152f96e84bbf604bf3a818ef625b9fe4b59afbb68ab6b629e4f640c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F519EA5D152F96E84BBF604BF3A818EF625B9FE4B59AFBB68AB6B629E4F640C6"
Last-Modified: Sun, 04 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3392
Expires: Wed, 07 Dec 2022 01:24:37 GMT
Date: Wed, 07 Dec 2022 00:28:05 GMT
Connection: keep-alive
678tktp.com/tp/960x60.gif
154.83.27.44200 OK 42 kB URL HTTP/1.1 678tktp.com/tp/960x60.gif
IP 154.83.27.44:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 4fd9de737ce6698fb5c3a0eb52ed3cdf
da1fc841a82ddbfcee0dde9dd50b34acad24ce50
03cae438deedf1f1eb905ac79daef3fa63b8a45c51c9fbbe8164e7df0ac4a58c
GET /tp/960x60.gif HTTP/1.1
Host: 678tktp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 00:27:51 GMT
Content-Type: image/gif
Content-Length: 41618
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 04:31:47 GMT
ETag: "63688a33-a292"
Expires: Fri, 23 Dec 2022 08:46:32 GMT
Cache-Control: max-age=2592000
Via: 154.83.27.42
CDN-Cache: HIT
Accept-Ranges: bytes
678tktp.com/tp/960x120.gif
154.83.27.44200 OK 75 kB URL HTTP/1.1 678tktp.com/tp/960x120.gif
IP 154.83.27.44:0
File type GIF image data, version 89a, 960 x 120\012- data
Hash ad89b04a650ba472e5adb83c0f4a15d2
591524ba7af6b410980ad1617b996e6146262b1f
1bb76fc0b39af60c7f718f08315968e0526747d6f4a3531d7154416020ad395f
GET /tp/960x120.gif HTTP/1.1
Host: 678tktp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 00:27:51 GMT
Content-Type: image/gif
Content-Length: 74832
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 05:30:03 GMT
ETag: "636c8c5b-12450"
Expires: Fri, 23 Dec 2022 08:46:32 GMT
Cache-Control: max-age=2592000
Via: 154.83.27.42
CDN-Cache: HIT
Accept-Ranges: bytes
hm.baidu.com/hm.js?d4e0c5a80073dc4a06760f766d6bd014
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?d4e0c5a80073dc4a06760f766d6bd014
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 31f4965e52f3e3d2cef56ac2e4b506fe
181725ad031c972ed3c141ccc3807a05ecd83319
ced42c4cab25c9a2d252a3de6d176470d775a6ced60599f68eac22ec736615ed
GET /hm.js?d4e0c5a80073dc4a06760f766d6bd014 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 07 Dec 2022 00:28:04 GMT
Etag: 674a0c3909dbc778a30bcff3cea33b5d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=98E9380247D03883; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg
172.247.77.90503 Service Temporarily Unavailable 190 B URL HTTP/1.1 ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg
IP 172.247.77.90:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554
GET /upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg HTTP/1.1
Host: ddcdn.comtucdncom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 503 Service Temporarily Unavailable
Server: Tengine
Date: Wed, 07 Dec 2022 00:29:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 190
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a5e73ae633cecbc65d4929a188021ea6
8a612cd4f12fa0062270f13581c96ae67edae824
a77e66056b53df293e55763ad4364e41ec5ce375a19d5e25b8df163d39778599
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 01:54:29 GMT
Expires: Mon, 12 Dec 2022 01:54:28 GMT
Etag: "8a612cd4f12fa0062270f13581c96ae67edae824"
Cache-Control: max-age=436582,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a48e48b51b-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash b2cc089033d7269b3d1b706fd506b8ea
d42422aef691629a0424d6a3b4a816a3452c8050
28f3bb2013e58b47c55711c8ac5338ff7a9301fd7078ed2436957c3abc776d73
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 23:55:16 GMT
Expires: Tue, 13 Dec 2022 23:55:15 GMT
Etag: "d42422aef691629a0424d6a3b4a816a3452c8050"
Cache-Control: max-age=602229,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a48d330b3d-OSL
www.heiniu124.site/template/heiniu/html9/ads/dulian.js
104.247.198.189200 OK 8.0 kB URL HTTP/2 www.heiniu124.site/template/heiniu/html9/ads/dulian.js
IP 104.247.198.189:0
Hash 3961e0a6fbc89776a87f83e4d6d9815c
e5ba2bf8a24af4f029736d77db1b196b23d82121
915023315f0557080ab5a338767eb05ca37bf3b47dc1018520f7f7370985d7b9
GET /template/heiniu/html9/ads/dulian.js HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 12:57:08 GMT
vary: Accept-Encoding
etag: W/"63762fa4-4bf"
expires: Wed, 07 Dec 2022 12:28:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 870297c53111e48331371df0ee3a1e7d
062832114a906e78cbb218ed329de7e99ee28e22
94677a4305d0ae6090eb32d3f9e3df202975e215328c5132df63a992090c9a41
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 08:52:34 GMT
Expires: Tue, 13 Dec 2022 08:52:33 GMT
Etag: "062832114a906e78cbb218ed329de7e99ee28e22"
Cache-Control: max-age=548067,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a6bd99b509-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e4506b1337858ccb144e9640408b5ac6
f7018d2749af0eb53eaf37abda39ba4eaa8c22f7
e711666b16e026aeaf84d9aa4c681ff4028c1a2867f83f60402bbc8b8fea339f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E711666B16E026AEAF84D9AA4C681FF4028C1A2867F83F60402BBC8B8FEA339F"
Last-Modified: Sun, 04 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=210
Expires: Wed, 07 Dec 2022 00:31:35 GMT
Date: Wed, 07 Dec 2022 00:28:05 GMT
Connection: keep-alive
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 64e997a5b35c1d213020194ae1be4355
8ed4247fbf8080a06e69fb5e3e7ed439d7a4502e
e14f91a28cec212c468c4f9d10e5994e04a5c01db9e75ed30ebc97567fc9f771
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 09:48:55 GMT
Expires: Tue, 13 Dec 2022 09:48:54 GMT
Etag: "8ed4247fbf8080a06e69fb5e3e7ed439d7a4502e"
Cache-Control: max-age=551448,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a5ce92b4ff-OSL
8499683.com/8499/s/960x60.gif
172.247.109.207200 OK 331 kB URL HTTP/2 8499683.com/8499/s/960x60.gif
IP 172.247.109.207:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /8499/s/960x60.gif HTTP/1.1
Host: 8499683.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: image/gif
content-length: 331043
last-modified: Wed, 09 Nov 2022 06:23:10 GMT
etag: "50d23-5ed03b0c9c3d8"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
tp3296.com/tu/8.gif
104.218.232.173200 OK 537 kB IP 104.218.232.173:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 537 kB (536961 bytes)
Hash debb2e33d5ade9cdf6c54aa8aa04b196
da4e175d1875fb825fc736a3bea503abf8a830c2
fe1a03920b1d77c7781af3a45ac96579550d526e70d2fbaf1b98346c4cda4744
GET /tu/8.gif HTTP/1.1
Host: tp3296.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=uNW8LzWiuBlsOchDqOur; Domain=.tp3296.com; HttpOnly; Path=/; Expires=Thu, 07-Dec-2023 00:28:05 GMT
date: Tue, 06 Dec 2022 19:12:11 GMT
content-type: image/gif
content-length: 536961
last-modified: Sun, 04 Dec 2022 11:30:40 GMT
x-powered-by: ASP.NET
x-cache-status: HIT
accept-ranges: bytes
etag: "d6b880d6d37d91:0"
age: 18955
ddg-cache-status: HIT
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=346616030&si=d4e0c5a80073dc4a06760f766d6bd014&su=http%3A%2F%2Fapi.heiniu103.com%2F&v=1.3.0&lv=1&sn=16805&r=0&ww=1280&u=https%3A%2F%2Fwww.heiniu124.site%2F&tt=%E9%BB%91%E7%89%9B%E5%BD%B1%E8%A7%86
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=346616030&si=d4e0c5a80073dc4a06760f766d6bd014&su=http%3A%2F%2Fapi.heiniu103.com%2F&v=1.3.0&lv=1&sn=16805&r=0&ww=1280&u=https%3A%2F%2Fwww.heiniu124.site%2F&tt=%E9%BB%91%E7%89%9B%E5%BD%B1%E8%A7%86
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=346616030&si=d4e0c5a80073dc4a06760f766d6bd014&su=http%3A%2F%2Fapi.heiniu103.com%2F&v=1.3.0&lv=1&sn=16805&r=0&ww=1280&u=https%3A%2F%2Fwww.heiniu124.site%2F&tt=%E9%BB%91%E7%89%9B%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 07 Dec 2022 00:28:05 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=44BCAC70192F8B6F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 9f8bb50a8eeb9214c1e8a1f6422450df
a27b369edbec5e5559cbbd15761cc5230013ee25
5484e5b2aea0f53873b505dad609c7e457c5f677d043b10ed8d401003eee336c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 04:41:26 GMT
Expires: Sun, 11 Dec 2022 04:41:25 GMT
Etag: "a27b369edbec5e5559cbbd15761cc5230013ee25"
Cache-Control: max-age=360199,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775923a6bd9ab509-OSL
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 0f16558350cdc0791ab380ce4cd55636
7a1654c58ed6498272e499839d14aa99909199e8
6162272254439de90561c9a5529ea309b8d2dbd2522299ec26ca6fed6afe4532
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6399
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 00:28:05 GMT
Last-Modified: Tue, 06 Dec 2022 22:41:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 727
p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
47.246.44.231200 OK 460 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
IP 47.246.44.231:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 460 kB (459882 bytes)
Hash 9755d798f1df0ff90ff281daf889c27e
6684c546dc5b1e65c84786cf929562e4bf5a4854
86943358042194179070f2e3fa41e8296cd53999c5d025fdcaf6ddff98714f87
GET /obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 459882
date: Mon, 05 Dec 2022 11:57:37 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 11:29:24 GMT
nw-session-id: 202212051929240102090950660FC6D0DCgkhk903dy
nw-session-trace: 2022-12-05T19:29:24.652328753+08:00 35
x-bdcdn-cache-status: TCP_HIT
x-length: 459882
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 19:29:24 GMT
x-tt-logid: 202212051929240102090950660FC6D0DC
via: n132-078-099, cache9.l2de2[0,0,206-0,H], cache3.l2de2[1,0], cache3.l2de2[1,0], cache4.se1[0,0,200-0,H], cache7.se1[2,0]
x-request-ip: fdbd:dc03:4:481::12
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01e53d331f021ee346a4a71cd251f620c397b4785e133000e4fcc6a1414827e76105afaf9318ee148ff06afa2468c0c77cf2a1905b0e38acce52cf9db0363cd74a65d3a109f76bc5c653c18372cd8b87f98cdbbed705c989cbdb2708cf3e5eac60
x-response-lb: image
ali-swift-global-savetime: 1670241457
age: 131428
x-cache: HIT TCP_MEM_HIT dirn:2:442320201
x-swift-savetime: Mon, 05 Dec 2022 12:00:14 GMT
x-swift-cachetime: 31535843
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16703728859667906e
X-Firefox-Spdy: h2
n0544.com/1a87e234dcbe4ff4a98ff97ecb77714d.gif
52.140.202.5200 OK 86 kB URL HTTP/1.1 n0544.com/1a87e234dcbe4ff4a98ff97ecb77714d.gif
IP 52.140.202.5:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Hash ef0cc62ebb1cf803edf48dd63b77c8c8
b3de14b8b8f9c75fb82b52d4d434db20f3f0d866
34278eba78b4da490cb8f9df8b1566148c1ebccec95f2f509946737c58523f14
GET /1a87e234dcbe4ff4a98ff97ecb77714d.gif HTTP/1.1
Host: n0544.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 06 Nov 2022 11:19:17 GMT
ETag: W/"63679835-5ae62"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
png.pngtree.com/png-vector/20190603/ourmid/pngtree-icon-close-button-png-image_1357955.jpg
104.18.2.157403 Forbidden 1.6 kB URL HTTP/2 png.pngtree.com/png-vector/20190603/ourmid/pngtree-icon-close-button-png-image_1357955.jpg
IP 104.18.2.157:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 2bef2df584bb76a6e31dbe0e52b9bc2e
e89bca3462c830681a4288ba96ac3bcb4e4ce173
445ba6df920a93fa407b4872f41393ead5463b89697222135e88baa5c6436278
GET /png-vector/20190603/ourmid/pngtree-icon-close-button-png-image_1357955.jpg HTTP/1.1
Host: png.pngtree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: application/xml
x-amz-request-id: GS081ZJXFJ4HQW23
x-amz-id-2: S954OERkzpmBxhEdh1CkV47Ykq5z6juq9tiC8MxizxphxRRylZfw3ZrP7zi9aJa6q2cCZEirYA4=
cf-cache-status: MISS
set-cookie: __cf_bm=EFjf0BtFzD9wN4gQL.FZKkut6sOsl9CodLSPxbmCVD8-1670372885-0-Aftae8mDaVuRjfYkvdfbEqBGeIJAizUfUw5lNEmiyXd1FfCFR03egBhNpgLviQELkMfseaQd/4EBgc5hfW1KrMw=; path=/; expires=Wed, 07-Dec-22 00:58:05 GMT; domain=.pngtree.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 775923a1bb890afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heiniu124.site/template/heiniu/static/js/jquery.min.js
104.247.198.189200 OK 173 kB URL HTTP/2 www.heiniu124.site/template/heiniu/static/js/jquery.min.js
IP 104.247.198.189:0
Size 173 kB (172751 bytes)
Hash aa2581acd6b15c1ff39090ea5702e6ec
9e490f90a04902ca38e92d32e992d83fef8b0ac5
c20b5a17d8ef0bc5de68d02097b2b2bed5409067ffe5fd3d54642e05a01e4f2d
GET /template/heiniu/static/js/jquery.min.js HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:07:32 GMT
vary: Accept-Encoding
etag: W/"61d99aa4-17b8b"
expires: Wed, 07 Dec 2022 12:28:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
n0633.com/dd5989a3f06b4e28a35148890e18f165.gif
52.140.202.5200 OK 142 kB URL HTTP/1.1 n0633.com/dd5989a3f06b4e28a35148890e18f165.gif
IP 52.140.202.5:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 60\012- data
Size 142 kB (141802 bytes)
Hash d266492116a9903619eeb035b0f4cdd9
4444e9192f207b2b946d71bc38fdf7e23fe8912c
829c5302dd74ad53f4d8adf3de284908c5d6a1662b28b395fea1b4d3d9e78eed
GET /dd5989a3f06b4e28a35148890e18f165.gif HTTP/1.1
Host: n0633.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 06 Nov 2022 11:18:41 GMT
ETag: W/"63679811-4002e"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
tpkj2222.com/img/k80m/oJ8rVeomP.gif
66.203.152.244200 OK 213 kB URL HTTP/1.1 tpkj2222.com/img/k80m/oJ8rVeomP.gif
IP 66.203.152.244:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 80\012- data
Size 213 kB (212917 bytes)
Hash d1931dd316b9ac2d1bd98a9c89bb2c77
5660ca5156b14a4b0df59089738774977eab5357
48886aed2c4e673776c75db728e4fddc8647a559dee0d8f3549cc6d7a5062053
GET /img/k80m/oJ8rVeomP.gif HTTP/1.1
Host: tpkj2222.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 00:28:05 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"423944-1669660103000"
Last-Modified: Mon, 28 Nov 2022 18:28:23 GMT
Expires: Thu, 22 Dec 2022 00:28:05 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
362728tdg.com/088b8cc79b9d4c55a585fb5c30c4f17d..gif
45.61.212.219200 OK 423 kB URL HTTP/1.1 362728tdg.com/088b8cc79b9d4c55a585fb5c30c4f17d..gif
IP 45.61.212.219:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 423 kB (422791 bytes)
Hash bdeb53a7d3c2f219a7ae903a7346cd91
e5349fa31f22ce3605b9256c0a6e37def92b13b6
316319f597bb6dd3d686c46a51e67693243868108b798fa8174f8a124b6422b4
Analyzer Verdict Alert quad9 Sinkholed
GET /088b8cc79b9d4c55a585fb5c30c4f17d..gif HTTP/1.1
Host: 362728tdg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b9112-67387"
Date: Fri, 02 Dec 2022 08:10:20 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:21:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-19
Content-Length: 422791
323823umv.com/27db8dd096cc4577abd9f2f9779baf99.gif
45.61.212.124200 OK 359 kB URL HTTP/1.1 323823umv.com/27db8dd096cc4577abd9f2f9779baf99.gif
IP 45.61.212.124:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 359 kB (358672 bytes)
Hash 668143938c3bb811847d83330decd423
f86300da5d773b84bc65d3c901a4767fd8566c48
a06c47f458fdbd01ba8ba0202fb615e94e2353d65098b480ede52a13a645f859
Analyzer Verdict Alert quad9 Sinkholed
GET /27db8dd096cc4577abd9f2f9779baf99.gif HTTP/1.1
Host: 323823umv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "636e06e6-57910"
Date: Thu, 01 Dec 2022 02:03:09 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 11 Nov 2022 08:25:10 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us2-cdnb-24
Content-Length: 358672
p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0
43.154.254.32200 OK 62 kB URL HTTP/2 p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash ee52eff8577d4346eca344892bd41406
5e2ad497a1866f71f088860d05f2b962e82a16e1
b1d685515a8e1186c3f5d4844256b95fcc83121fa45f29a2e58e852537332267
GET /qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/png
content-length: 62229
vary: Accept,Origin
last-modified: Tue, 19 Oct 2021 21:03:59 GMT
cache-control: max-age=2592000
x-delay: 20382 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 62229
chid: 0
fid: 0
x-nws-log-uuid: f88f43c2-0435-4ead-950b-048d03764ddc
X-Firefox-Spdy: h2
kjimg10.360buyimg.com/ott/jfs/t1/48391/16/19388/893726/6380d3c5E0d000912/3cef13072ce017c1.gif
182.140.218.3200 OK 894 kB URL HTTP/2 kjimg10.360buyimg.com/ott/jfs/t1/48391/16/19388/893726/6380d3c5E0d000912/3cef13072ce017c1.gif
IP 182.140.218.3:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type GIF image data, version 89a, 960 x 80\012- data
Size 894 kB (893726 bytes)
Hash 1e34697200f13da14c5bfabeba617325
9a18ed38d5d385f885c28a4280b4c61302745b65
b63a862a0f65ff9f685e9b67fd171a6df96878469b0a85d1da2f644399c0409f
GET /ott/jfs/t1/48391/16/19388/893726/6380d3c5E0d000912/3cef13072ce017c1.gif HTTP/1.1
Host: kjimg10.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:06 GMT
content-type: image/gif
content-length: 893726
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:44:40 GMT
last-modified: Fri, 25 Nov 2022 14:40:05 GMT
age: 985407
via: http/1.1 ORI-CLOUD-HUN-MIX-16 (jcs [cRs f ]), http/1.1 SCchengdu-CT-11-MIX-25 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669387480861-0-0-20-47-47;200;200-1670149734967-0-0-0-1-1;200-1670372886303-0-0-0-1-1
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0
43.154.254.32200 OK 1.6 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.6 MB (1607696 bytes)
Hash 9c26f4dcfdfa72ecdcbe3ea854547b4c
fed85b90734400d6810be2b07403f5c8a194a507
ebd842d015d6684a6995a73f1e81f0dea219815318f8993501da9ca79cca74d2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
content-length: 1607696
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:45 GMT
cache-control: max-age=2592000
x-delay: 155910 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1607696
chid: 0
fid: 0
x-nws-log-uuid: 9521f421-59cb-4022-aa20-814d7b5a9234
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFH6FcgBhB2kUaqwqMxcrvqBRNpc2co4QDcqgbic4g5Kxo/0
43.154.254.32200 OK 331 kB URL HTTP/2 p.qlogo.cn/qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFH6FcgBhB2kUaqwqMxcrvqBRNpc2co4QDcqgbic4g5Kxo/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 331 kB (331043 bytes)
Hash 09f29e56330449942571a66f47f82fb5
30fc3421671176f6f724f32ee910470f03661ddc
b1a0f29b0a924b51c844351bddb87fddf9fa4ef5909f69f818e968f18413a725
GET /qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFH6FcgBhB2kUaqwqMxcrvqBRNpc2co4QDcqgbic4g5Kxo/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
content-length: 331043
vary: Accept,Origin
last-modified: Tue, 08 Nov 2022 23:44:27 GMT
cache-control: max-age=2592000
x-delay: 51374 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 331043
chid: 0
fid: 0
x-nws-log-uuid: c056b981-c34f-43cb-9b27-3048af307557
X-Firefox-Spdy: h2
kjimg10.360buyimg.com/ott/jfs/t1/188356/40/31421/821623/6380d2b6Edaed9267/df706c5356933481.gif
182.140.218.3200 OK 822 kB URL HTTP/2 kjimg10.360buyimg.com/ott/jfs/t1/188356/40/31421/821623/6380d2b6Edaed9267/df706c5356933481.gif
IP 182.140.218.3:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type GIF image data, version 89a, 980 x 160\012- data
Size 822 kB (821623 bytes)
Hash 6e7efad191d0c5345ea445c917efac40
bb6ab910f18cd25024b702fc1a36e15f78858145
cd8b62d69bc31827e84e8831d7ce2a3cade35dc906a9ffa8199ef80cc80081dd
GET /ott/jfs/t1/188356/40/31421/821623/6380d2b6Edaed9267/df706c5356933481.gif HTTP/1.1
Host: kjimg10.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:06 GMT
content-type: image/gif
content-length: 821623
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:59:36 GMT
last-modified: Fri, 25 Nov 2022 14:35:34 GMT
age: 984510
via: http/1.1 ORI-CLOUD-HUN-MIX-27 (jcs [cHs f ]), http/1.1 SCchengdu-CT-11-MIX-25 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669388376795-0-0-0-22-22;200;200-1670159303347-0-0-0-3-3;200-1670372886308-0-0-0-0-0
X-Firefox-Spdy: h2
kjimg10.360buyimg.com/ott/jfs/t1/186869/1/30207/414559/6380d0eeEe5d321f3/d814360fbc3be0d8.gif
182.140.218.3200 OK 415 kB URL HTTP/2 kjimg10.360buyimg.com/ott/jfs/t1/186869/1/30207/414559/6380d0eeEe5d321f3/d814360fbc3be0d8.gif
IP 182.140.218.3:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type GIF image data, version 89a, 960 x 80\012- data
Size 415 kB (414559 bytes)
Hash 1a2cba8175d957d2379d06e6d2d4250d
190eb918616fa53aaca8a53b917f2627e626fecc
17e78ffe065be76212de6b960082ea287cc0e712b6f170f44c63e2144ec14c84
GET /ott/jfs/t1/186869/1/30207/414559/6380d0eeEe5d321f3/d814360fbc3be0d8.gif HTTP/1.1
Host: kjimg10.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:06 GMT
content-type: image/gif
content-length: 414559
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:48:35 GMT
last-modified: Fri, 25 Nov 2022 14:27:58 GMT
age: 985172
via: http/1.1 ORI-CLOUD-HUN-MIX-33 (jcs [cHs f ]), http/1.1 SCchengdu-CT-11-MIX-25 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669387714839-0-0-0-467-467;200;200-1670144123443-0-0-0-2-2;200-1670372886327-0-0-0-1-1
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
43.154.254.32200 OK 1.4 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.4 MB (1362871 bytes)
Hash b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 101756 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: ee0f16d0-3f6c-414c-883e-e94d3daaa60a
X-Firefox-Spdy: h2
www.heiniu124.site/
104.247.198.189200 OK 0 B IP 104.247.198.189:0
GET / HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://api.heiniu103.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.heiniu124.site/template/heiniu/static/js/jquery.lazyload.min.js
104.247.198.189200 OK 0 B URL HTTP/2 www.heiniu124.site/template/heiniu/static/js/jquery.lazyload.min.js
IP 104.247.198.189:0
GET /template/heiniu/static/js/jquery.lazyload.min.js HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:08:22 GMT
vary: Accept-Encoding
etag: W/"61d99ad6-d35"
expires: Wed, 07 Dec 2022 12:28:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.1152555.com/images/638de85c09ca91e002014478.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.1152555.com/images/638de85c09ca91e002014478.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/638de85c09ca91e002014478.gif HTTP/1.1
Host: img.1152555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
X-Firefox-Spdy: h2
n0600.com/6e4dc77a6bac4172b88f0018ea775b20.gif
20.222.57.42200 OK 0 B URL HTTP/2 n0600.com/6e4dc77a6bac4172b88f0018ea775b20.gif
IP 20.222.57.42:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /6e4dc77a6bac4172b88f0018ea775b20.gif HTTP/1.1
Host: n0600.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Sat, 19 Nov 2022 19:38:27 GMT
etag: W/"637930b3-352e2"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
n0522.com/921c18d91f0f4f4c876b15f39b47d1f2.gif
20.222.167.166200 OK 0 B URL HTTP/2 n0522.com/921c18d91f0f4f4c876b15f39b47d1f2.gif
IP 20.222.167.166:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /921c18d91f0f4f4c876b15f39b47d1f2.gif HTTP/1.1
Host: n0522.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 00:28:05 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Sun, 06 Nov 2022 11:19:32 GMT
etag: W/"63679844-6c2c7"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.heiniu124.site/template/heiniu/css/zui.css
104.247.198.189200 OK 0 B URL HTTP/2 www.heiniu124.site/template/heiniu/css/zui.css
IP 104.247.198.189:0
GET /template/heiniu/css/zui.css HTTP/1.1
Host: www.heiniu124.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heiniu124.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 00:28:04 GMT
content-type: text/css
last-modified: Thu, 19 May 2022 10:41:58 GMT
vary: Accept-Encoding
etag: W/"62861ef6-164b3"
expires: Wed, 07 Dec 2022 12:28:04 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2