r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11106
Expires: Wed, 30 Nov 2022 05:41:09 GMT
Date: Wed, 30 Nov 2022 02:36:03 GMT
Connection: keep-alive
welcometothevelvet.com/forums/member.php?217662-bypepoorned
172.121.182.179301 Moved Permanently 0 B URL HTTP/1.1 welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP 172.121.182.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forums/member.php?217662-bypepoorned HTTP/1.1
Host: welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 30 Nov 2022 02:36:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 974
Cache-Control: max-age=115882
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:03 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 10:47:25 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4287
Expires: Wed, 30 Nov 2022 03:47:30 GMT
Date: Wed, 30 Nov 2022 02:36:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 02:19:39 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 984
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: C5uQvVwHG7C6hd/qcMx2IuWMIL78jtPTmY3LtoXjcejuyd2i3dH0b1lSzFZYxhTqT/cdPFQvxNw=
x-amz-request-id: GPZCCAB7Q75H5EBS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 01:45:02 GMT
age: 3061
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 02:36:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 02:11:13 GMT
cache-control: public,max-age=3600
age: 1491
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
172.121.182.179200 OK 803 B URL HTTP/1.1 www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP 172.121.182.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash ae91f79a068e46b343f1b5e275b75d18
e7d78981578a3159c05bd4adfadcdb4a84f01140
dc5cc9e6d6344e2b9a5602c0717bc95c4c10c892b2e17b59737d5e67dc101eb6
GET /forums/member.php?217662-bypepoorned HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:03 GMT
Content-Type: text/html
Content-Length: 803
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 974
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:04 GMT
Last-Modified: Wed, 30 Nov 2022 02:19:50 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
www.welcometothevelvet.com/common.js
172.121.182.179200 OK 739 B URL HTTP/1.1 www.welcometothevelvet.com/common.js
IP 172.121.182.179:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash ebe4a22dd7954b912b7548d4cfdb156b
973fb26bebe4c5cd1df795408f84e133666f0266
9916d608a11c3e1039c2171df1c33d61f2caa31a2294892601a10579284cdb5b
GET /common.js HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
52.39.94.191101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.94.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rjDPYmzsJ76OAQ1G/ovr+A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vFs07fqjkGTzas9oMJ5R6qBoIyI=
www.welcometothevelvet.com/tj.js
172.121.182.179200 OK 520 B URL HTTP/1.1 www.welcometothevelvet.com/tj.js
IP 172.121.182.179:0
File type ASCII text, with CRLF line terminators
Hash 3aef4da7eb22232152da35f514231819
a9da4484f548a56fe86f95d67cfd22bb22e2839f
3e454279165414309b656cafbf59471ced537220be9cd06f06311aed9e508a77
GET /tj.js HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive
www.welcometothevelvet.com/favicon.ico
172.121.182.179200 OK 1.2 kB URL HTTP/1.1 www.welcometothevelvet.com/favicon.ico
IP 172.121.182.179:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.welcometothevelvet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 02:36:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Mon, 05 Dec 2022 02:36:04 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
push.zhanzhang.baidu.com/push.js
180.101.212.103200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 30 Nov 2022 02:36:05 GMT
Etag: "4078521116"
Expires: Thu, 30 Nov 2023 02:36:05 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=850C8E8C42ED2E93E10C4ACE3D9B3BA8:FG=1; max-age=31536000; expires=Thu, 30-Nov-23 02:36:05 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
www.wusong8.top/news/index.php
118.107.24.227301 Moved Permanently 311 B URL HTTP/1.1 www.wusong8.top/news/index.php
IP 118.107.24.227:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bb2eaed9df1a26c6de8acc871cae4a38
bb3e84f1dbcd825d4484f8dc27e1476e0ad15b67
e7c95a95aeff9208cc3c99af44c6207819a04463a2051a5efa2793ed8f1bbd0f
Analyzer Verdict Alert quad9 Sinkholed
GET /news/index.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 02:36:05 GMT
Server: Apache
Location: https://www.wusong8.top/news/index.php
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash fd462a58bd7ee5f3a53a0ba36d0030b3
c920fd63443ef9b25434a2d259363be5e0d5c976
d77dde942f6ed85c953b52241d3104c22a9315fdc7b26206e8356844dc97cfc4
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 03 Dec 2022 23:02:59 GMT
ETag: "c920fd63443ef9b25434a2d259363be5e0d5c976"
Last-Modified: Tue, 29 Nov 2022 23:03:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2606
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7720318858d11bfe-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16815
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4992
Expires: Wed, 30 Nov 2022 03:59:18 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acb1e555533322dbfeb8e0d8c956c43d
e1eec39299f081b53c647953b57da4f2f1ba10bc
579d2fd6aab6bba72a405bb1d0259856878adc90671a88b2b0edf5a284dba1f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5492
x-amzn-requestid: 4b09d9a8-09fa-40e5-a996-8a6ad9f8283e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgE9E5TIAMF6ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1f-2f17467d7a6318796d01fd2e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6QhRECWKI2TAlt2bgVuKlQPCeyzkes1_5i5kJ4FQYD591KBADY9qVg==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 17001
etag: "e1eec39299f081b53c647953b57da4f2f1ba10bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ceb8e975fb408de32c43f55febaa6414
453067f6ab356aa87a3ad3b56e33545376597852
e0ecbb6052b4fef75f58da8dae589c81ab9ec9d304de08f26c144a2c3ce9eaac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3719
x-amzn-requestid: 6fab3454-fedd-4a1e-ae47-468ddd6233bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaGQ4IAMFUkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-4b313cf054d6301e71cdc0c1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phw8DXQgjOyH5g4gvbqgZk-2sHr2n9cHVr4lqqPXfXtyhG32gs2pIg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 17001
etag: "453067f6ab356aa87a3ad3b56e33545376597852"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 16040
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f621857774e4b4adda95f58081644859
639165dc66d171b8266f22cd495181427112bc80
341fd33d3d9486079c182d60e21c355244b6597e6e09ba51ecee2e331b38ca2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: 7f386e94-3c17-44a1-a36b-3d0eeff4623d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEQQoAMFihA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-5069acfd038ffb2c124b7bd8;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Bh6VQ3BLEXcZKHFyJxHVGQWVQm-w2s0786t8SQOcHQUaNvSFc1rg-A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
etag: "639165dc66d171b8266f22cd495181427112bc80"
content-type: image/jpeg
age: 16995
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8825a2c5c0d98323f489e0b816b7f1d8
05f46985ea4ace57460120876da8e19db08857b3
1d12590a78b32146d6f1d107fb93bdb6cb45228d15babd087c0111495d7138e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 67e1ba67-b4fb-42c8-985d-f34164101c7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhIGGtloAMFxjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcd-295995bb1123430c55659fe3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vOFoi7vW7NluI5wQB03BGh9efp_jvCoH1sUh4s1ubG_JAC6KcDkHxg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:15:52 GMT
age: 15614
etag: "05f46985ea4ace57460120876da8e19db08857b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 17195
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.share.baidu.com/s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
112.34.113.148200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned
IP 112.34.113.148:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.welcometothevelvet.com/forums/member.php?217662-bypepoorned HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 30 Nov 2022 02:36:06 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6f265aaf7ce67893131f1e9e15b0f97e
2a988cdadcd83ff5c01edbd449eaa06f27a5b4e7
71122134e85b3bf8883be216f291d0002bf713743c4776b9525d93dc95bbb9ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71122134E85B3BF8883BE216F291D0002BF713743C4776B9525D93DC95BBB9CA"
Last-Modified: Tue, 29 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8281
Expires: Wed, 30 Nov 2022 04:54:07 GMT
Date: Wed, 30 Nov 2022 02:36:06 GMT
Connection: keep-alive
hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?2d0723feb7c312b2638d45d87c2fcb18
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (617)
Hash c447387bf164f4d43e549325fa9e965a
e14e7514f25dad6b0066e664cb0ff955dd39b562
977a0c2624d1b8e435f347deab96bbfbcdf9da7d453846f4119bb16bfb16ae4b
GET /hm.js?2d0723feb7c312b2638d45d87c2fcb18 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 14c7608ab26237283be37689d531e857
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=338CFB2E12C8631E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.wusong8.top/news/index.php
118.107.24.227200 OK 800 B URL HTTP/2 www.wusong8.top/news/index.php
IP 118.107.24.227:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash ceb99eb1c85cd79306890effe9922fb0
14e1e1c3f57ce194c196f0958f86c8d0dd1fe7e8
78b02279b95da980cb328d38605400e5f028ae040246274cbe8bc22a64fc6b81
Analyzer Verdict Alert quad9 Sinkholed
GET /news/index.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.welcometothevelvet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 800
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:06 GMT
server: Apache
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?5755d298f25aacb18aed89539d4c03ff
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 8cb110dbd38f16e79682fbb51ce2050a
a6a645a0c2573cf7c847269ed00128102c713877
1bff10217b61a2e961a21db13115ffad8911a9d87f6879c397e80289f7473aee
GET /hm.js?5755d298f25aacb18aed89539d4c03ff HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 3b37bf2d03e67517090bed9db55cf199
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=85D11B2D9072BB09; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1677695953&si=2d0723feb7c312b2638d45d87c2fcb18&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=53E83D2954327475; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1590422631&si=5755d298f25aacb18aed89539d4c03ff&v=1.3.0&lv=1&sn=9501&r=0&ww=1280&u=http%3A%2F%2Fwww.welcometothevelvet.com%2Fforums%2Fmember.php%3F217662-bypepoorned&tt=%E9%84%A2%E9%99%B5%E8%B5%AB%E5%B1%A0%E5%B7%A5%E8%B4%B8%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.welcometothevelvet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FB6045DFE5E77BA7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?2ff4f1dee667bb8c36c9731e185cb15f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (623)
Hash d4d6de04a1d15a5da09f7658477203be
c75c386d84a977827f7f98ed928eca0ff4b972df
2eac92bff55ac8c445be469f0deed82df49d604c7b996282a7a60fc3f695dfc2
GET /hm.js?2ff4f1dee667bb8c36c9731e185cb15f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11261
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 691a18696105d6b537475e4d7b090fff
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=042C8CD168C9D1FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ede83dd75a39dd6faf6db374429f6beb
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 5a083bf73b023338ae533d6a6852de75
502f0785e68bae2ccbb4daefe1372e394c93e25a
68e9ad3194e86c40ee1de0a4ce9f9e354cad6cb54940e98571bf9d59f40e1d0c
GET /hm.js?ede83dd75a39dd6faf6db374429f6beb HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 30 Nov 2022 02:36:06 GMT
Etag: 6b9ca62c67f2aafe6c3963bae7e63ddd
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=47AC0DB847BD6F15; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1528550442&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C5B96E0F602817FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1008353448&si=ede83dd75a39dd6faf6db374429f6beb&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0BA46F63FBF4E3AB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.wusong8.top/news/data.php
118.107.24.227200 OK 48 B URL HTTP/2 www.wusong8.top/news/data.php
IP 118.107.24.227:0
ASN #64050 BGPNET Global ASN
File type HTML document, ASCII text, with no line terminators
Hash f69fb634a6a577288c3494a6ab47ec37
2b5e8faece4f59e6a5cb44f10524d4b6811058b7
738ef7d25b825fa91fd8354a62e8407238e3448f9674cb16a2c6c11db6d905b7
Analyzer Verdict Alert quad9 Sinkholed
GET /news/data.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/news/index.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 48
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:09 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong8.top/news/list.php
118.107.24.227200 OK 188 B URL HTTP/2 www.wusong8.top/news/list.php
IP 118.107.24.227:0
ASN #64050 BGPNET Global ASN
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 4903793f6f2dde226ee1ca6034c4da60
e7fae08dc0b3c4e432346b828d3126855a21440e
0ab0407436933a5d045245eed087ebfb5c58f6bfec531901edd2c7f6623d06ea
Analyzer Verdict Alert quad9 Sinkholed
GET /news/list.php HTTP/1.1
Host: www.wusong8.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/news/data.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 188
content-type: text/html; charset=UTF-8
date: Wed, 30 Nov 2022 02:36:09 GMT
server: Apache
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?hca=042C8CD168C9D1FC&cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&ep=1815%2C1815&et=3&ja=0&ln=en-us&lo=0&rnd=2001906142&si=2ff4f1dee667bb8c36c9731e185cb15f&su=http%3A%2F%2Fwww.welcometothevelvet.com%2F&v=1.3.0&lv=1&sn=9502&r=0&ww=1268&u=https%3A%2F%2Fwww.wusong8.top%2Fnews%2Findex.php HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 30 Nov 2022 02:36:09 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4075738F104A8073; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4d1045c3301443765ef5b03b7d58e64e
5ce363e3e6b9b4ca75b2ff2c4da4fcd950f93c9b
2d2e0692d46e7d4addd642b2930ce340e9ebc86524317524c565fd56ec1ee3d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D2E0692D46E7D4ADDD642B2930CE340E9EBC86524317524C565FD56EC1EE3D2"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21579
Expires: Wed, 30 Nov 2022 08:35:49 GMT
Date: Wed, 30 Nov 2022 02:36:10 GMT
Connection: keep-alive
www.wusong99.top/
118.107.24.226200 OK 10 kB IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (424), with CRLF line terminators
Hash b9157cbbe0defbb4efe6ffa18bda1686
154419a84b4e79e3a4f37f305a4f2f9a7cf3e39b
098c3214990651b8eca9845d1387f44cb906e8a2a1a221841872472be318b055
GET / HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong8.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 10128
content-type: text/html; charset=utf-8
date: Wed, 30 Nov 2022 02:36:10 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/css/style.css
118.107.24.226200 OK 5.0 kB URL HTTP/2 www.wusong99.top/template/m1938pc/static/css/style.css
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type assembler source, Unicode text, UTF-8 text, with very long lines (341)
Hash c9c3bebc7d5156b5239f3d07805b675a
483eb9bf5750c81d360bfc4252aba1a8ef860a39
1313efea8d46cff6de67d641829e3b885e51615911b9bcd07a71ecc68e5c706b
GET /template/m1938pc/static/css/style.css HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:00 GMT
etag: "6320-5eafebf8f8500-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5002
content-type: text/css
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/picture/ws.png
118.107.24.226200 OK 8.1 kB URL HTTP/2 www.wusong99.top/template/m1938pc/static/picture/ws.png
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 209 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 0521d89e61c4673bdd15aa965b1ed297
e92339e9d8892d43d63377ffc6176b2ddf766c28
0c397570e789de68f83c6dc1e1f6059ce301e6efcd5a3201234c5ad594968759
GET /template/m1938pc/static/picture/ws.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 04:42:38 GMT
etag: "1fbb-5ec615a8b0715"
accept-ranges: bytes
content-length: 8123
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/picture/APP.png
118.107.24.226200 OK 925 B URL HTTP/2 www.wusong99.top/template/m1938pc/static/picture/APP.png
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 35 x 35, 8-bit gray+alpha, non-interlaced\012- data
Hash 0cb72b3daa1ba608e4ce0cd8e7329d27
f25259de1125e72629c0326a70a8915216fa11c1
16392ae4192e4c5c3b29abd5a202417400dc5bc982176303901942df636abe76
GET /template/m1938pc/static/picture/APP.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 20 Oct 2022 09:25:24 GMT
etag: "39d-5eb73e7b4cb7c"
accept-ranges: bytes
content-length: 925
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/picture/1.gif
118.107.24.226200 OK 254 B URL HTTP/2 www.wusong99.top/template/m1938pc/static/picture/1.gif
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/static/picture/1.gif HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 19 Oct 2022 11:56:54 GMT
etag: "fe-5eb61e7a83063"
accept-ranges: bytes
content-length: 254
content-type: image/gif
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/ads/dh.js
118.107.24.226404 Not Found 263 B URL HTTP/2 www.wusong99.top/template/m1938pc/ads/dh.js
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6a4c2706be59a217cdba37df73be3d39
c92d076b05847300ddada1a0406fd55ca751fb3e
a6b30dc4536f40ecbc2eee7aba7fa4d3efa658de6259a191d708006c4e43274a
GET /template/m1938pc/ads/dh.js HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 263
content-type: text/html; charset=iso-8859-1
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/picture/play.png
118.107.24.226200 OK 2.8 kB URL HTTP/2 www.wusong99.top/template/m1938pc/static/picture/play.png
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 100 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 653d6a429cb3efc3fa2e24f2499172c1
a1ec6a548d9517e5a37d4348945722f638a268b9
1c78627080fdab664e583cf66844c937fcc680e6a55a0f85b0bc5a8091de15d8
GET /template/m1938pc/static/picture/play.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 21 Oct 2022 05:33:39 GMT
etag: "add-5eb84c8c0ea59"
accept-ranges: bytes
content-length: 2781
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2221a47a7f4efedc71aa819b193b51bb
45aa419cebb596927fbf8e0d01c79147a8761d79
8ab2b17c9323cc19f9e470bca878332499d0649d4dffe6bad5762326352d813a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB2B17C9323CC19F9E470BCA878332499D0649D4DFFE6BAD5762326352D813A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9719
Expires: Wed, 30 Nov 2022 05:18:10 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive
aooacctp.vip/lm/se5.gif
172.67.161.53200 OK 397 kB IP 172.67.161.53:0
File type GIF image data, version 89a, 320 x 180\012- data
Size 397 kB (396964 bytes)
Hash 7b42e791e269b8425a0f380efdd8e5fd
10c09c8f711478c7aeccc988c076d299fafcbbfa
00ef96678470106e95be9f6f4dc07debbbb63a96db839adbf17e5e04e27caf60
GET /lm/se5.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 396964
last-modified: Wed, 25 May 2022 14:04:51 GMT
etag: "628e3783-60ea4"
expires: Wed, 07 Dec 2022 13:30:26 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1907574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j49qdCt8hjUYEYh8sX0XSV8SLwdK7Ow70NwVaEQ4R8%2F5HW325xmrzVUi3hmiwJrmgNijJFZxcdIiSVyNcg%2BMSQHwKe32OsBvcL6JVoGflmVOHhBYE0HywtsQGRiQQM0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031ae3c1c0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0102y12000a3kjdfv5BC0.gif
104.110.17.24200 OK 647 kB URL HTTP/2 dimg04.c-ctrip.com/images/0102y12000a3kjdfv5BC0.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 647 kB (646750 bytes)
Hash 72371f5b3f1ea1f932ea3882fd5aa02d
b07f955239aaace3a248b70e6137fc91e31bfe7c
f451864300cba47430ddb92cc3f6a9a6602ffacf2c52da2384cce41cb8927912
GET /images/0102y12000a3kjdfv5BC0.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 646750
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=7373820
expires: Thu, 23 Feb 2023 10:53:11 GMT
date: Wed, 30 Nov 2022 02:36:11 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP 142.250.74.131:0
Hash 380fc74ad0e94f2ab86dea65a186385f
fdc37b5360ac431beaee656f81e4dc6ed4bd3c1c
a6b7d4eba8c5d0b14da00ed947c0cbb7540441909c0e1070b504472e5000754a
POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tukudhgg.vip/lm/aaa122.gif
188.114.97.1200 OK 514 kB URL HTTP/2 tukudhgg.vip/lm/aaa122.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 320 x 186\012- data
Size 514 kB (513487 bytes)
Hash eb6ae4c3d42252ba0149361e28da9f18
b42e20c95a707951729969f9250f0b66f3ab4992
43abb0219a75601add12728d8c9a91af813a1342cc8b70acc6d5d5429af2fb62
GET /lm/aaa122.gif HTTP/1.1
Host: tukudhgg.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 513487
last-modified: Wed, 25 May 2022 14:05:09 GMT
etag: "628e3795-7d5cf"
expires: Sun, 04 Dec 2022 21:39:58 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2137409
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nO%2FUl39xKpfuPo5K5Ixa5%2FuOJlhRwYw%2BG%2Fdn6EFdqny7wcAcTF7QPws%2BGGESM7iI91b2C8tVyiawvT3CoE%2BrK%2FxkYON5KaoXgFrafrakahw5S1JElHkv7x%2B6N%2BpMv00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031ae9e170b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8207661ce638c10b2ea4b5db5a5e3f0a
8dc78f6d05f7f2003c4caaad8bf07d486a0d1d0b
45f96c94a57fcf004fece7ca224e9767075a36d151c7aab260976f41bb7841d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=99735
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Etag: "6385a432-116"
Expires: Thu, 01 Dec 2022 06:18:26 GMT
Last-Modified: Tue, 29 Nov 2022 06:18:26 GMT
Server: nginx
Content-Length: 278
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2221a47a7f4efedc71aa819b193b51bb
45aa419cebb596927fbf8e0d01c79147a8761d79
8ab2b17c9323cc19f9e470bca878332499d0649d4dffe6bad5762326352d813a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB2B17C9323CC19F9E470BCA878332499D0649D4DFFE6BAD5762326352D813A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9719
Expires: Wed, 30 Nov 2022 05:18:10 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16962
Expires: Wed, 30 Nov 2022 07:18:53 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16904
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:11 GMT
Connection: keep-alive
tupkku.top/lm/spk320.gif
104.21.51.97200 OK 137 kB IP 104.21.51.97:0
File type GIF image data, version 89a, 720 x 428\012- data
Size 137 kB (136930 bytes)
Hash 8ee25a766c10b2ade919dad65e1c9b37
a1d17bdfcda79dbf1ff41eed3e899db67c6c16c6
b9720e5b3ae93583e8e915eddc4c9c00d915c81be0ca0f20069443f18f37c0bb
GET /lm/spk320.gif HTTP/1.1
Host: tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:11 GMT
content-type: image/gif
content-length: 136930
last-modified: Thu, 15 Sep 2022 09:25:05 GMT
etag: "6322ef71-216e2"
expires: Thu, 22 Dec 2022 17:00:13 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 598946
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MO%2FYWmrN8BK21RK37Rzn1X%2Ba0i9%2BEF3oTcVWqf3sicMMFM5C4Qk6cmLQ9T2Nx4MQYd7KW7TGU1xE4bDnVA%2FiWbKgaful6Hk1lUHjCDE7Sfmz58NJogcKeyIJIpCe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031aefc74b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.tupkku.top//lm/spk190.gif
104.21.51.97200 OK 173 kB URL HTTP/2 www.tupkku.top//lm/spk190.gif
IP 104.21.51.97:0
File type GIF image data, version 89a, 720 x 428\012- data
Size 173 kB (173345 bytes)
Hash 35311cb75e25f68d1dad6a630474ece2
e48ba5dcba824a35199fc4fc843be185c53f7f3b
c4ea26086533e343ba5eb059ca8d027490d161fca19228180f13f0032f91d901
GET //lm/spk190.gif HTTP/1.1
Host: www.tupkku.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:12 GMT
content-type: image/gif
content-length: 173345
last-modified: Thu, 15 Sep 2022 09:25:11 GMT
etag: "6322ef77-2a521"
expires: Thu, 01 Dec 2022 07:10:47 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2448770
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjhMxgz5Ng4JLfgq1PkjxicCqv0kjYLYhyZgIcRjEylbRrnu4wdmN23p6%2FfGKYX7TCHOYEhd%2B%2BZTf6TnPCjrYhftKUanSaW1gTU1JZjsyV6WxE8QhAQjw%2BmjZl%2BWc8v4GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031aefc53b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/t1eJGFHGm7w
IP 142.250.74.131:0
Hash 380fc74ad0e94f2ab86dea65a186385f
fdc37b5360ac431beaee656f81e4dc6ed4bd3c1c
a6b7d4eba8c5d0b14da00ed947c0cbb7540441909c0e1070b504472e5000754a
POST /s/gts1p5/t1eJGFHGm7w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:36:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16903
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7129b782bde3d61deb8b05792f7e9637
54d1f80c6550fb52c13fa697d37d1df226eb15f1
86d164a0a1480f787e8c38174a10e3b935062413e6ee8ddb327fa5eb641de20f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "86D164A0A1480F787E8C38174A10E3B935062413E6EE8DDB327FA5EB641DE20F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16903
Expires: Wed, 30 Nov 2022 07:17:55 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
www.wusong99.top/template/m1938pc/static/images/arrow_up.png
118.107.24.226200 OK 398 B URL HTTP/2 www.wusong99.top/template/m1938pc/static/images/arrow_up.png
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 353247650251bb3b54b709aa3441deb0
9784d902cbdfbf51cbe3f0281098575311fd5d2f
cdd12906b6861716ac4c33bcb08ff9164f9269b304748e54886482e773d26aec
GET /template/m1938pc/static/images/arrow_up.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/template/m1938pc/static/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:16 GMT
etag: "18e-5eafec083a900"
accept-ranges: bytes
content-length: 398
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.wusong99.top/template/m1938pc/static/images/share.png
118.107.24.226200 OK 3.2 kB URL HTTP/2 www.wusong99.top/template/m1938pc/static/images/share.png
IP 118.107.24.226:0
ASN #64050 BGPNET Global ASN
File type PNG image data, 39 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 02f6a2fe1a4a8668aca32a1c08040c0f
72d7273e5e561ed4c70bd0ccef8e66407b9e7ce0
30a473f2f6a26ac3d2fb1538744d781985d6051cf1e8a54a4e8a8d1fabb0e8f8
GET /template/m1938pc/static/images/share.png HTTP/1.1
Host: www.wusong99.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/template/m1938pc/static/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 13:39:06 GMT
etag: "c64-5eafebfeb1280"
accept-ranges: bytes
content-length: 3172
content-type: image/png
date: Wed, 30 Nov 2022 02:36:11 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3527f465466795564ac31416125a339b
2fedbaa960f22a6ab101e4123da549d0245fab8e
1f8298fa17c8728777eefd62cf8a456c1505fa814a7f9c9a76dacea9a4938c0b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F8298FA17C8728777EEFD62CF8A456C1505FA814A7F9C9A76DACEA9A4938C0B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Wed, 30 Nov 2022 08:35:36 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6fe45284fd5640dabb0ab3143d48268c
56498f3640dc4dbb5f5e7454dedc39d7d1b6b77c
9b78c77303704e4f30da1099922b98de9dde822424da5bff0a04ede14c60d91e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B78C77303704E4F30DA1099922B98DE9DDE822424DA5BFF0A04EDE14C60D91E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7381
Expires: Wed, 30 Nov 2022 04:39:13 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
200.benbenys.com/view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg
23.224.61.222200 OK 57 kB URL HTTP/1.1 200.benbenys.com/view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg
IP 23.224.61.222:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=805, orientation=[*0*], datetime=MM, width=1080], progressive, precision 8, 1080x805, components 3\012- data
Hash 61b977b3527d7c0e27e2af877b5a5c59
4a1f0beee6c8215da2bfda76b5f1c87d62925bfc
945a7b57589fc601eb17079a589c721417a1307db96c103791138bce8b5a7fff
GET /view.php/61b977b3527d7c0e27e2af877b5a5c59.jpg HTTP/1.1
Host: 200.benbenys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Server: Apache
Expires: Fri, 30 Dec 2022 02:36:12 GMT
Pragma: cache
Cache-Control: max-age=2592000
Upgrade: h2
Connection: Upgrade, close
Content-Length: 57375
Content-Type: image/jpeg
yazi16.top/template/m1938pc/baidu/960.gif
104.233.156.153200 OK 4.7 kB URL HTTP/2 yazi16.top/template/m1938pc/baidu/960.gif
IP 104.233.156.153:0
File type PNG image data, 1440 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash d646ac0d3f6527f695529ac117232aa8
fdd0d1f51a7568d58665d70de303e261fb608c83
0fef174759ab23ad9e762f7851675d4fe094be2cf37e8863aa6d4aa8cf7505b6
GET /template/m1938pc/baidu/960.gif HTTP/1.1
Host: yazi16.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 23 Nov 2022 12:50:10 GMT
etag: "1270-5ee22ba9d7d2b"
accept-ranges: bytes
content-length: 4720
content-type: image/gif
date: Wed, 30 Nov 2022 02:36:12 GMT
server: Apache
X-Firefox-Spdy: h2
kvhmm.com/4753106fd5cd4282494606a4f0e82c03.gif
137.175.13.78301 Moved Permanently 162 B URL HTTP/2 kvhmm.com/4753106fd5cd4282494606a4f0e82c03.gif
IP 137.175.13.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /4753106fd5cd4282494606a4f0e82c03.gif HTTP/1.1
Host: kvhmm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 30 Nov 2022 02:36:13 GMT
content-type: text/html
content-length: 162
location: https://kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 7a63423902ff9c3485f9d39456bbc4e9
6fc1a10e9b0eb624a4dff710090edb5c2e41e019
1446fd8cba7b8e64175df1d7ccd9af7f7e99366ddfe6f7b0d86648c7a446bbc2
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 04 Dec 2022 01:02:01 GMT
ETag: "6fc1a10e9b0eb624a4dff710090edb5c2e41e019"
Last-Modified: Wed, 30 Nov 2022 01:02:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772031afbfc5b506-OSL
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a64758212c090b59b9dc9e6b0afe17c
9c1d780d1c0bb5c563ec2b28df750f539c9bb4fc
73cc69104c027472c323b0f53b869f1bf07d1ee516b4e2352d544d2710180a40
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "73CC69104C027472C323B0F53B869F1BF07D1EE516B4E2352D544D2710180A40"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11528
Expires: Wed, 30 Nov 2022 05:48:20 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d27e0525e331a4c3ae096be1a00433af
764b36118b987432e13dd88b9b446a8ec0dc13e9
0929458f0ff0dceccb96bfc844263380c5424939c2e03a59bc4d71d764c4271c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0929458F0FF0DCECCB96BFC844263380C5424939C2E03A59BC4D71D764C4271C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1179
Expires: Wed, 30 Nov 2022 02:55:51 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif
104.21.233.215200 OK 184 kB URL HTTP/2 kvtfff.top/4753106fd5cd4282494606a4f0e82c03.gif
IP 104.21.233.215:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 184 kB (183681 bytes)
Hash be0586befbaae0be5e24acbc3d7148fd
ca3696c5f5e3016796aaa5a41c7089ef878a67f1
450822c1b2a66de63023cf9163d1ef8e0e6ad97a019b140c84efaab1e26c3af3
GET /4753106fd5cd4282494606a4f0e82c03.gif HTTP/1.1
Host: kvtfff.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.wusong99.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:36:12 GMT
content-type: image/gif
content-length: 183681
last-modified: Thu, 24 Nov 2022 09:51:56 GMT
etag: "637f3ebc-2cd81"
expires: Sun, 25 Dec 2022 11:37:01 GMT
cache-control: max-age=5356800
cf-cache-status: HIT
age: 399551
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2Bcwe8aoZwb8fWdKLFeepZFYVfx2rL1HifNzlLnNCeLinKFmAAIsVpNex2ZlnvX3BSk%2FZ%2BzB%2FbIrOHDuaYTLkK6f6H7oL0mac6rzT4659A3%2FFlyCUqiOakzqcgId"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772031b18d96719e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a64758212c090b59b9dc9e6b0afe17c
9c1d780d1c0bb5c563ec2b28df750f539c9bb4fc
73cc69104c027472c323b0f53b869f1bf07d1ee516b4e2352d544d2710180a40
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "73CC69104C027472C323B0F53B869F1BF07D1EE516B4E2352D544D2710180A40"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11528
Expires: Wed, 30 Nov 2022 05:48:20 GMT
Date: Wed, 30 Nov 2022 02:36:12 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0c19ca72e81d8660d70f39dcd6b00e60
3cc8753898e23239877b82aed3dd7cdf2fb2ef4a
3208e14e6158147ced774fa926fbe3f53ec1607d381dc43c4a3ae1c41d423b1e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 02:36:12 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 09:55:22 GMT
Expires: Mon, 05 Dec 2022 09:55:21 GMT
Etag: "3cc8753898e23239877b82aed3dd7cdf2fb2ef4a"
Cache-Control: max-age=457748,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772031b18d6ab4fd-OSL
img.1153555.com/images/63847e722f45e5cbe914ec3d.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.1153555.com/images/63847e722f45e5cbe914ec3d.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/63847e722f45e5cbe914ec3d.gif HTTP/1.1
Host: img.1153555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wusong99.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/472d3bc0f442448e8d60a62f7c8b80d0
X-Firefox-Spdy: h2