r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb20c18681040b740ab1730562beb45c
abedefb801b0e13987d6619a77e0368771f9dfcb
288c1832db391da57e3d74ffa893ec2c47ef9c1945f85b88473c563b55a3dfb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "288C1832DB391DA57E3D74FFA893EC2C47EF9C1945F85B88473C563B55A3DFB3"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9024
Expires: Sun, 25 Dec 2022 17:45:54 GMT
Date: Sun, 25 Dec 2022 15:15:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17768
Expires: Sun, 25 Dec 2022 20:11:38 GMT
Date: Sun, 25 Dec 2022 15:15:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6b1d63d9d906daa309dc263b4991bbe9
04680ddd86781d46dfe6a9671571b3ad1f3758f3
46fff7230b88de4cd81dfb0feb783d2dec27e49041f9257d2fb891030781bf6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46FFF7230B88DE4CD81DFB0FEB783D2DEC27E49041F9257D2FB891030781BF6C"
Last-Modified: Fri, 23 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5451
Expires: Sun, 25 Dec 2022 16:46:21 GMT
Date: Sun, 25 Dec 2022 15:15:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 25 Dec 2022 14:46:23 GMT
content-type: application/json
age: 1747
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +earizjkw2o1/ntLi9hVZiGia5OZtEm8lRbg77mq0h37BOKHhwL/eyFP3w8aU4aVbvBua6NdPQw=
x-amz-request-id: 1SZNEPM8JN0RBMQ3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Dec 2022 14:57:03 GMT
age: 1107
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 15:15:30 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.bahadirhan.com/index.php
154.95.190.247200 OK 619 B URL HTTP/1.1 www.bahadirhan.com/index.php
IP 154.95.190.247:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (725), with CRLF line terminators
Hash b199ad4b41755e8de0cb1cc5c51ac2f3
ce288978375a808b4e9f82f27b0f2de2ecb8480a
d120ad2fe57f9fb4518f9f27f0ccc9eb02a12c071d7de8d0982de956890dfb8d
GET /index.php HTTP/1.1
Host: www.bahadirhan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.bahadirhan.com/tj.js
154.95.190.247200 OK 258 B IP 154.95.190.247:0
ASN #134548 DXTL Tseung Kwan O Service
File type ASCII text, with CRLF line terminators
Hash 305e91b323355c98b8fc27631e10c252
06bad59074367ce1cdf10509ca1a70176e50fa18
26a7bcf20a705bc37364e85734a5d5751a55be12f4c74a776624b26db4c9fece
GET /tj.js HTTP/1.1
Host: www.bahadirhan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bahadirhan.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:31 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.bahadirhan.com/common.js
154.95.190.247200 OK 808 B URL HTTP/1.1 www.bahadirhan.com/common.js
IP 154.95.190.247:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, ASCII text, with very long lines (1229), with CRLF line terminators
Hash 84294ffc0ac8f94ae0225b0780f5e237
132c434ac72b59f2d5f712caba8722d9155727e6
297aad6783d502948bb5b1ab3481a8e2759c9f223c8f9dfeb41efbfdc98e8b2f
GET /common.js HTTP/1.1
Host: www.bahadirhan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bahadirhan.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:31 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 25 Dec 2022 14:33:29 GMT
age: 2522
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdc6ddd27a64c85bd15f78b39a79874c
965b8f1b763483b4b4dfe35526d27393d1fdf05c
d2f4dee4d920109e0751634731bea278c9ea9e6c0120ac07969eba74ddbfe615
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1339
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:31 GMT
Last-Modified: Sun, 25 Dec 2022 14:53:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
www.bahadirhan.com/favicon.ico
154.95.190.247200 OK 1.2 kB URL HTTP/1.1 www.bahadirhan.com/favicon.ico
IP 154.95.190.247:0
ASN #134548 DXTL Tseung Kwan O Service
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.bahadirhan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bahadirhan.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:32 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Fri, 30 Dec 2022 15:15:32 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9MiHDuGwQE49zP9W6gQDUw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3iDWjl9XUB3Nhm+KWs+DY1zS36g=
ldtqh.top/
23.225.251.22200 OK 19 kB IP 23.225.251.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (547), with CRLF, LF line terminators
Hash 72e4472c3920d2a0d41a96d43d7d5fea
c6b16256ab8a7a30c4a81ad4f50fedf1bee5c456
a59ef5bb4f34a6a52b6583c1ba534e3aac8ff5a12cae799c0ab419c8bff67981
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ldtqh.top/template/m1938pc/js/piaofu.js
23.225.251.22200 OK 2.2 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/js/piaofu.js
IP 23.225.251.22:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (488)
Hash a0c000e78f665f79f5c8f311aef0042a
c7a865b427f85ac6848ba4da16e11323b0a1a71e
653553c861e8661922777c4e41353dde9b09892f81cf3eef13d8595db1898289
GET /template/m1938pc/js/piaofu.js HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/javascript
Last-Modified: Fri, 23 Dec 2022 05:06:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63a53762-1c52"
Expires: Mon, 26 Dec 2022 03:15:33 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ldtqh.top/template/m1938pc/css/style2.css
23.225.251.22200 OK 11 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/css/style2.css
IP 23.225.251.22:0
File type Unicode text, UTF-8 text, with very long lines (3613)
Hash da86cffa40f3ee5809e6e19c882affea
ab8da20d093c0b715c83c05f9a6ecf7d5d97de41
5db719406a14331897294d542f8b0eaeddc00255bf3f38d672b90b1e729eb215
GET /template/m1938pc/css/style2.css HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: text/css
Last-Modified: Thu, 17 Nov 2022 17:12:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63766b64-7dbf"
Expires: Mon, 26 Dec 2022 03:15:33 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ldtqh.top/template/m1938pc/css/ate.css
23.225.251.22200 OK 6.6 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/css/ate.css
IP 23.225.251.22:0
File type ASCII text, with CRLF line terminators
Hash ae2d751d81b7b1d0167000f3d01f25c6
087cc8f592b71183c694560cf838c5fe66390308
36f47b4fcd158b72669449c224e78be55cab40c44c1dd1c10c753e7b4dc6a84b
GET /template/m1938pc/css/ate.css HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2022 14:54:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632dc89f-12c0f"
Expires: Mon, 26 Dec 2022 03:15:33 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ldtqh.top/template/m1938pc/css/zui.css
23.225.251.22200 OK 19 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/css/zui.css
IP 23.225.251.22:0
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash da9fba91b7a287cf9a61e5c44cbaa94e
bf1c11c6853f04561ac7e871b22c2a8febe15c0a
f8d2c763f24226391d3b7896e9a62a361dce857aa2bd5cd3b4e380fbd7f68aa6
GET /template/m1938pc/css/zui.css HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: text/css
Last-Modified: Sat, 22 May 2021 12:07:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60a8f3ef-14f36"
Expires: Mon, 26 Dec 2022 03:15:33 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ldtqh.top/template/m1938pc/js/jquery-1.9.1.min.js
23.225.251.22200 OK 37 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/js/jquery-1.9.1.min.js
IP 23.225.251.22:0
File type ASCII text, with very long lines (32089), with CRLF line terminators
Hash cb8b32d2a46a250954f981780ea7d0d3
149d7140bb977c0ea043397cd72f067e56974692
080e5c45daae1e54faf78ecb600d5bd6680e7889343ebf220f94b6b9a343beae
GET /template/m1938pc/js/jquery-1.9.1.min.js HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/javascript
Last-Modified: Sun, 10 Mar 2019 13:12:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5c850d54-169d9"
Expires: Mon, 26 Dec 2022 03:15:33 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ldtqh.top/template/m1938pc/ads/img/1.gif
23.225.251.22200 OK 254 B URL HTTP/1.1 ldtqh.top/template/m1938pc/ads/img/1.gif
IP 23.225.251.22:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/ads/img/1.gif HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: image/gif
Content-Length: 254
Last-Modified: Sun, 10 Jul 2022 14:39:44 GMT
Connection: keep-alive
ETag: "62cae4b0-fe"
Expires: Tue, 24 Jan 2023 15:15:33 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 464041a04e712c43ccf2845824e422a9
f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad
2c101db9e972f0976945c5e6a85ce6a16c713baae660a51bac036bd335507862
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 12:03:26 GMT
ETag: "f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad"
Last-Modified: Sun, 25 Dec 2022 12:03:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1332
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288643dbf1bfe-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 464041a04e712c43ccf2845824e422a9
f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad
2c101db9e972f0976945c5e6a85ce6a16c713baae660a51bac036bd335507862
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 12:03:26 GMT
ETag: "f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad"
Last-Modified: Sun, 25 Dec 2022 12:03:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1332
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288643d6ab521-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 464041a04e712c43ccf2845824e422a9
f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad
2c101db9e972f0976945c5e6a85ce6a16c713baae660a51bac036bd335507862
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 12:03:26 GMT
ETag: "f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad"
Last-Modified: Sun, 25 Dec 2022 12:03:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1332
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288643b15b512-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 464041a04e712c43ccf2845824e422a9
f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad
2c101db9e972f0976945c5e6a85ce6a16c713baae660a51bac036bd335507862
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 12:03:26 GMT
ETag: "f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad"
Last-Modified: Sun, 25 Dec 2022 12:03:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1332
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288643aca0b4d-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 464041a04e712c43ccf2845824e422a9
f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad
2c101db9e972f0976945c5e6a85ce6a16c713baae660a51bac036bd335507862
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 12:03:26 GMT
ETag: "f98a4f05fc9cb77797f332e3509fa8e6a6cdf4ad"
Last-Modified: Sun, 25 Dec 2022 12:03:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1332
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288643d10b4f4-OSL
hm.baidu.com/hm.js?652df2382b1e5357df38d835bedacfa0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?652df2382b1e5357df38d835bedacfa0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 192e659cf3507dae72b3713e43851728
4497fb66c17a04ebdbfc5793e77f57761ef49720
9d604ce2b9738001b09b32ca7ff3242c6f510a5c4761dd89cafb266fd8308db0
GET /hm.js?652df2382b1e5357df38d835bedacfa0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 5a02ebbb6b0879eb00e00204f5b63500
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=DBF8CD4E2A971EE9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?e8a0e1358d3cb03b1ea4430ec4a89b0c
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?e8a0e1358d3cb03b1ea4430ec4a89b0c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 1cf38b35f9f13966cc976c259abaca4e
96bda29ec869e0abd48e86083cc8141e161b8f7d
65f1121f0481e962448c1ac17aa56a1facb8b9aa09967cca5530db9bac0edd04
GET /hm.js?e8a0e1358d3cb03b1ea4430ec4a89b0c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 0d9c73a43648b64d5c6e011866d9ada0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=97911BF6B36BF69E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?45085bf4538c3e4eb7670e56f0a63aed
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?45085bf4538c3e4eb7670e56f0a63aed
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 3551490b1c660599e8ad4f040f71431c
bb019537649ceddab7b85fa6adc6c4f764c0a8a3
be83e5770b328e546d7010effc900b0233f908a5c1770815c8da5904b8fddbc4
GET /hm.js?45085bf4538c3e4eb7670e56f0a63aed HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: b21db41c74c4068fa668c858439b94e3
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=48AC5FCAC9FB60E0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?7e1b546edac7022276b2c3e9efa0e048
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?7e1b546edac7022276b2c3e9efa0e048
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash ebeb5c4f03c3add975a6f4e5d3d69eee
78b8bb8b9adb4c894c280122f0dcace8fe5b361b
b2a582673152819798198a3e7eb8afc5846c66a6ed32444ee8c9523b6a4019e6
GET /hm.js?7e1b546edac7022276b2c3e9efa0e048 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 617bcc50b548b457488c83d82c1b2c78
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=546BDAA6851B6447; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?7110f1a1de5e930021263eb593d95fde
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?7110f1a1de5e930021263eb593d95fde
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (619)
Hash d9f5298b9af40f41f7c52bbd2f9bd2b5
83d583e881457671fbb1493e64c673b82627f0a0
b4d4f2a320aa80fdb0b9998672e507e2d8d7f63eae49884d189aecd542b74a1e
GET /hm.js?7110f1a1de5e930021263eb593d95fde HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: b625e23c393d89096238e830712cdab8
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=575D12CE9E03AC50; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?c0f3ee6e34ef84cad064a613db94e2a0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?c0f3ee6e34ef84cad064a613db94e2a0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (617)
Hash 094e3944c3b0464753f3bd02088e9bbb
01e6247cf185d341413ca23dfd132760936a7910
766b5d927d700eb55a4c42e1f182933de144cfabaa11f7e94cfbffd5ead39709
GET /hm.js?c0f3ee6e34ef84cad064a613db94e2a0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 23d7c016c93c30fd71d29ae38314ce9d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0684B50F4C2F07A8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?652df2382b1e5357df38d835bedacfa0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?652df2382b1e5357df38d835bedacfa0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 962d0a683414d2e674a2a5db294d3b61
0593eba751017afe73b9a2b18b5667631b07a2f3
2e652efcb24de31e9b81f9af2a997d9192e76e4f12dcb9c765045890d671d6eb
GET /hm.js?652df2382b1e5357df38d835bedacfa0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 5a02ebbb6b0879eb00e00204f5b63500
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 587a6465fe2a3c25c410f7027ebb8b4a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3031CC06B71129C2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?45085bf4538c3e4eb7670e56f0a63aed
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?45085bf4538c3e4eb7670e56f0a63aed
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (616)
Hash 6710d9b7246057be5dbd21ff1508ed4e
7bd6891bab0c78834058d02109f4f5afafab9695
96c008606853629fcb7ef3ead3b6ff91100f12897daf0af64ffdca822152937a
GET /hm.js?45085bf4538c3e4eb7670e56f0a63aed HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: b21db41c74c4068fa668c858439b94e3
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: 052f7a507a4dfc4cafac17cd30f5b65e
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7DB8BB88FAA38EA1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?7110f1a1de5e930021263eb593d95fde
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?7110f1a1de5e930021263eb593d95fde
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (619)
Hash 5421cd0da7dc5b902b7e72bd02dbafde
387e5b9dbd1562efcd771a6f9f4eae662d3fef5b
c2dbe6a94bbc04a1484a0b1fc2b42345bab940c1cffbcfd89d3034bcc0fcd15f
GET /hm.js?7110f1a1de5e930021263eb593d95fde HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: b625e23c393d89096238e830712cdab8
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Sun, 25 Dec 2022 15:15:33 GMT
Etag: b47bde501cbcbd64850832a113635fdc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=2D6282CF8ADE0850; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c209f74bd3d75a33b1ad9b3589a64e61
1bc17ee9f512ebfcfac28fee0730c318655892a9
b549dd1e8495e9f56dcf6534ecd4fbd4b6a8ae8954cecb01cd4c4863bae39a42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B549DD1E8495E9F56DCF6534ECD4FBD4B6A8AE8954CECB01CD4C4863BAE39A42"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4075
Expires: Sun, 25 Dec 2022 16:23:29 GMT
Date: Sun, 25 Dec 2022 15:15:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c209f74bd3d75a33b1ad9b3589a64e61
1bc17ee9f512ebfcfac28fee0730c318655892a9
b549dd1e8495e9f56dcf6534ecd4fbd4b6a8ae8954cecb01cd4c4863bae39a42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B549DD1E8495E9F56DCF6534ECD4FBD4B6A8AE8954CECB01CD4C4863BAE39A42"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4075
Expires: Sun, 25 Dec 2022 16:23:29 GMT
Date: Sun, 25 Dec 2022 15:15:34 GMT
Connection: keep-alive
ldtqh.top/template/m1938pc/images/video-play.png
23.225.251.22200 OK 1.6 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/images/video-play.png
IP 23.225.251.22:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/png
Content-Length: 1567
Last-Modified: Sat, 22 May 2021 12:07:20 GMT
Connection: keep-alive
ETag: "60a8f3f8-61f"
Expires: Tue, 24 Jan 2023 15:15:35 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ldtqh.top/template/m1938pc/fonts/iconfont.woff
23.225.251.22200 OK 525 B URL HTTP/1.1 ldtqh.top/template/m1938pc/fonts/iconfont.woff
IP 23.225.251.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash f66ed8f90ffb0fc831098b7701d3ba8a
1bc63ccb714f1272c80b224aa8fd9da94914825d
6ccac1f3560824c5e11e27d1798e447cfc5a930e5824009d6b1cf8eb98e248de
GET /template/m1938pc/fonts/iconfont.woff HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ldtqh.top/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: font/woff
Content-Length: 525
Last-Modified: Sat, 22 May 2021 12:07:23 GMT
Connection: keep-alive
ETag: "60a8f3fb-20d"
Accept-Ranges: bytes
kzepp.com/30e1c730f6e3ac776984b64a67e5249c.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzepp.com/30e1c730f6e3ac776984b64a67e5249c.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /30e1c730f6e3ac776984b64a67e5249c.gif HTTP/1.1
Host: kzepp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/30e1c730f6e3ac776984b64a67e5249c.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzepp.com/5362e21a0a78871b3e015f8f067416ee.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzepp.com/5362e21a0a78871b3e015f8f067416ee.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /5362e21a0a78871b3e015f8f067416ee.gif HTTP/1.1
Host: kzepp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/5362e21a0a78871b3e015f8f067416ee.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash b4a415490e38821eb57f79afd7c061b6
229203822d3de42743e4ec5904e4a053fa091754
5bf12d4f61262274ea8cfca58e9ff96ffa2c0611eb5f2e11ef1ff98a5aae32a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=141672
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:34 GMT
Etag: "63a7ef7e-2d7"
Expires: Tue, 27 Dec 2022 06:36:46 GMT
Last-Modified: Sun, 25 Dec 2022 06:36:46 GMT
Server: nginx
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 47f42c053493607e4b9d5c58de6337d4
b15b2497c6e7a550b2de2eb9c8ad2df826d95cf7
436822de061a1226a1ce1c99794288052f80b4459becf202deadb591cf0022a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4803
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:34 GMT
Etag: "63a7bb83-117"
Last-Modified: Sun, 25 Dec 2022 13:55:31 GMT
Server: ECS (amb/6BA2)
X-Cache: HIT
Content-Length: 279
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1181927347&si=652df2382b1e5357df38d835bedacfa0&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1181927347&si=652df2382b1e5357df38d835bedacfa0&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1181927347&si=652df2382b1e5357df38d835bedacfa0&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=437F5A1632AF9923; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
n0533.com/bb4daf25ef5548c8bf815eda6cc7331f.gif
40.115.202.177200 OK 39 kB URL HTTP/1.1 n0533.com/bb4daf25ef5548c8bf815eda6cc7331f.gif
IP 40.115.202.177:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 300 x 174\012- data
Hash cd246f11bfaa71b1104355cd399cfe1a
cb176b03649f6bfc9b14be7171f71af26a591750
abbdeeed18db78c21f10aaa3059fdb6e11f7a30ace6ee9c59a144dd0aaf383e1
GET /bb4daf25ef5548c8bf815eda6cc7331f.gif HTTP/1.1
Host: n0533.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:34 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 11:36:43 GMT
ETag: W/"63849d4b-b343"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=894756562&si=e8a0e1358d3cb03b1ea4430ec4a89b0c&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=894756562&si=e8a0e1358d3cb03b1ea4430ec4a89b0c&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=894756562&si=e8a0e1358d3cb03b1ea4430ec4a89b0c&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=1E00743A878EA3A6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1838475069&si=45085bf4538c3e4eb7670e56f0a63aed&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1838475069&si=45085bf4538c3e4eb7670e56f0a63aed&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1838475069&si=45085bf4538c3e4eb7670e56f0a63aed&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=BE5524559BDDC1FB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=843132906&si=7e1b546edac7022276b2c3e9efa0e048&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=843132906&si=7e1b546edac7022276b2c3e9efa0e048&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=843132906&si=7e1b546edac7022276b2c3e9efa0e048&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4410ACEC57960ED9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1764285358&si=c0f3ee6e34ef84cad064a613db94e2a0&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1764285358&si=c0f3ee6e34ef84cad064a613db94e2a0&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1764285358&si=c0f3ee6e34ef84cad064a613db94e2a0&v=1.3.0&lv=1&sn=52411&r=0&ww=1280&u=http%3A%2F%2Fwww.bahadirhan.com%2Findex.php&tt=%E8%AF%B8%E6%9A%A8%E5%88%9A%E7%8E%96%E5%BB%BA%E7%AD%91%E6%9D%90%E6%96%99%E9%9B%86%E5%9B%A2%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bahadirhan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4028B13D72314094; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=558784958&si=7110f1a1de5e930021263eb593d95fde&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=558784958&si=7110f1a1de5e930021263eb593d95fde&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=558784958&si=7110f1a1de5e930021263eb593d95fde&su=http%3A%2F%2Fwww.bahadirhan.com%2F&v=1.3.0&lv=1&sn=52411&r=0&ww=1268&u=http%3A%2F%2Fldtqh.top%2F&tt=%E8%8B%B9%E6%9E%9C%E5%BD%B1%E8%A7%86%20%E7%94%B5%E6%8A%A5%E5%90%88%E4%BD%9CTG%3A%40pggg6666 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Dec 2022 15:15:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=EF5938069ACC2739; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
kzepp.com/387aa3cb8bec96e607972d99d3ac1058.gif
45.154.215.92301 Moved Permanently 162 B URL HTTP/2 kzepp.com/387aa3cb8bec96e607972d99d3ac1058.gif
IP 45.154.215.92:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /387aa3cb8bec96e607972d99d3ac1058.gif HTTP/1.1
Host: kzepp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ldtqh.top/template/m1938pc/fonts/iconfont.ttf
23.225.251.22200 OK 46 kB URL HTTP/1.1 ldtqh.top/template/m1938pc/fonts/iconfont.ttf
IP 23.225.251.22:0
File type TrueType Font data, 11 tables, 1st "GSUB", 18 names, Macintosh, \012- data
Hash 1fef2d0a45d285ddce1382c398b3280f
5d37f3b0299ad350526e312fa1420297662ecaf6
16cde01229a31bba3526a149d3c51ba4e7637980dfd574c9f7cfa8d5e4631073
GET /template/m1938pc/fonts/iconfont.ttf HTTP/1.1
Host: ldtqh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ldtqh.top/template/m1938pc/css/zui.css
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/octet-stream
Content-Length: 46508
Last-Modified: Sat, 22 May 2021 12:07:19 GMT
Connection: keep-alive
ETag: "60a8f3f7-b5ac"
Accept-Ranges: bytes
z4a.net/images/2022/12/04/960x80asaa-2.gif
104.21.234.235200 OK 647 kB URL HTTP/2 z4a.net/images/2022/12/04/960x80asaa-2.gif
IP 104.21.234.235:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 647 kB (646750 bytes)
Hash 72371f5b3f1ea1f932ea3882fd5aa02d
b07f955239aaace3a248b70e6137fc91e31bfe7c
f451864300cba47430ddb92cc3f6a9a6602ffacf2c52da2384cce41cb8927912
GET /images/2022/12/04/960x80asaa-2.gif HTTP/1.1
Host: z4a.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: image/gif
content-length: 646750
expires: Mon, 04 Dec 2023 11:55:23 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 1826411
last-modified: Sun, 04 Dec 2022 11:55:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ReNp2OywiFj6aAnDATnQR0UE5rabORjlVMylWuQrB0nlqlQLG7kspflIgPxzylPnZoqu2blCyQ1KexZTxTwCDMZNULMYfv90uPtLizrhS6HZcSSrA4sXSMl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77f2886effd07726-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
828239sam.com/76993090aaf84334ad113f7d5ed05bd0.gif
45.61.212.127200 OK 161 kB URL HTTP/1.1 828239sam.com/76993090aaf84334ad113f7d5ed05bd0.gif
IP 45.61.212.127:0
File type GIF image data, version 89a, 320 x 185\012- data
Size 161 kB (160599 bytes)
Hash 1e6146135f463f9dd5a91b6ec27e6dc6
b4871d778c720ce51a7c0e9fef07230b6ac0935a
ee63a02abc03ac35bb66a8010518568351f9215b346ffdc244f6b8926ff08519
Analyzer Verdict Alert quad9 Sinkholed
GET /76993090aaf84334ad113f7d5ed05bd0.gif HTTP/1.1
Host: 828239sam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6372555c-27357"
Date: Sun, 25 Dec 2022 15:04:37 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 14 Nov 2022 14:49:00 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us2-cdnb-27
Content-Length: 160599
media.smooch.io/apps/6285f2169b5df200f527f3e4/conversations/e88b1c6777de326b00e3a948/ajLkzQk028BompVUuFYFKVHm/960X120a.gif
143.204.55.21200 OK 128 kB URL HTTP/2 media.smooch.io/apps/6285f2169b5df200f527f3e4/conversations/e88b1c6777de326b00e3a948/ajLkzQk028BompVUuFYFKVHm/960X120a.gif
IP 143.204.55.21:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 128 kB (128455 bytes)
Hash dcc4ff4d0e96712724245cae590af34f
9d5dab6c0645dd1720b4a0caba1fa77d4a9cfcdd
8ad56948813a9e4f24a45e36b05e106186a6db1085537b35b12d57865bc26012
GET /apps/6285f2169b5df200f527f3e4/conversations/e88b1c6777de326b00e3a948/ajLkzQk028BompVUuFYFKVHm/960X120a.gif HTTP/1.1
Host: media.smooch.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 128455
date: Thu, 15 Dec 2022 03:28:28 GMT
x-amz-replication-status: COMPLETED
last-modified: Fri, 21 Oct 2022 11:51:01 GMT
etag: "dcc4ff4d0e96712724245cae590af34f"
cache-control: max-age=315532800
x-amz-version-id: HFSK.QIFIFT8MPbzEhE2Y9m016sy7O0O
accept-ranges: bytes
server: AmazonS3
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
age: 906428
x-content-type-options: nosniff
x-robots-tag: noindex
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IUdPuftKuvUwDFcYojcR1fL_iBNa6OxYiKBiaq3ASLhaohNJTxDwbQ==
X-Firefox-Spdy: h2
p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/f374b372f2044d82a542ac46bcd11f97~noop.image
4.34.42.102200 OK 411 kB URL HTTP/2 p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/f374b372f2044d82a542ac46bcd11f97~noop.image
IP 4.34.42.102:0
File type GIF image data, version 89a, 310 x 150\012- data
Size 411 kB (411269 bytes)
Hash 1d4b2ac87053bfd6b4d016d35f987929
9f1b633c80dc08166f0bd7afec2b10c26cc1d68a
226692d5b63d42cc17cb7aff3eb635eb8373d3d3ab02439a612b2ab91f0f8183
GET /img/tos-cn-i-siecs4i2o7/f374b372f2044d82a542ac46bcd11f97~noop.image HTTP/1.1
Host: p9.toutiaoimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 411269
date: Fri, 16 Sep 2022 14:40:02 GMT
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 03 Mar 2022 12:12:44 GMT
nw-session-id: 2022030320124301015110820802924FB5dhbtg01tt
nw-session-trace: 2022-03-03T20:12:44.05210233+08:00 56
x-bdcdn-cache-status: TCP_HIT
x-length: 411269
x-powered-by: ImageX
x-response-date: Thu, 03 Mar 2022 20:12:44 GMT
x-tt-logid: 2022030320124301015110820802924FB5
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC24_dx-lt-yd-zhejiang-huzhou-3-cache-2, BC24_dx-lt-yd-zhejiang-huzhou-3-cache-2, BC33_US-Michigan-chieago-1-cache-1, BC104_US-Colorado-Denver-1-cache-1, BC104_US-Colorado-Denver-1-cache-1
x-cache: HIT from BC104_US-Colorado-Denver-1-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2
img.alicdn.com/imgextra/i1/133635909329/O1CN01tjzAup2Imjb8FL1oh_!!133635909329.jpg
47.246.44.251200 OK 9.2 kB URL HTTP/2 img.alicdn.com/imgextra/i1/133635909329/O1CN01tjzAup2Imjb8FL1oh_!!133635909329.jpg
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x360, components 3\012- data
Hash 43ae14560cdbc69ce960a28002f04309
4dc694c2754882f840c77807016676732c38138b
af0e248de25efb22e6edd4e1453e686154b00ce5039f94dceb2684a332ddad0e
GET /imgextra/i1/133635909329/O1CN01tjzAup2Imjb8FL1oh_!!133635909329.jpg HTTP/1.1
Host: img.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/jpeg
content-length: 9166
date: Tue, 10 May 2022 07:04:29 GMT
last-modified: Fri, 13 Aug 2021 10:28:00 GMT
picasso-ret-code: SUCCESS
request-time: 0.160
expires: Wed, 10 May 2023 07:04:29 GMT
cache-control: max-age=31536000
ali-swift-global-savetime: 1652166269
via: cache31.l2ot7-1[0,0,200-0,H], cache5.l2ot7-1[1,0], cache1.se1[0,0,200-0,H], cache2.se1[1,0]
access-control-allow-origin: *
age: 19815066
x-cache: HIT TCP_MEM_HIT dirn:11:245941157
x-swift-savetime: Wed, 31 Aug 2022 14:41:30 GMT
x-swift-cachetime: 21745379
s-rt: 1
timing-allow-origin: *
eagleid: 2ff62c9616719813354822624e
X-Firefox-Spdy: h2
kzeww.com/4f5ca562874d2b77c6c37263e48db5c6.gif
13.227.254.43200 OK 236 kB URL HTTP/2 kzeww.com/4f5ca562874d2b77c6c37263e48db5c6.gif
IP 13.227.254.43:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 236 kB (236292 bytes)
Hash cd5e004cbaac71f638074f0cbe9746a3
4054e5695aa4e4ec6463f54e47575019088c08b4
5eec74f9163478267e1289dcd3b02be5581e9e0f6ede10a80fcdf4afadf149ec
GET /4f5ca562874d2b77c6c37263e48db5c6.gif HTTP/1.1
Host: kzeww.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 236292
last-modified: Thu, 15 Dec 2022 01:45:46 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 03:18:36 GMT
etag: "cd5e004cbaac71f638074f0cbe9746a3"
x-cache: Hit from cloudfront
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: d3LDWjrZ-ETkXzr2UvTRSDOGbEmvYLzHKzbJbE-VLFqutlbQODAZ6Q==
age: 43018
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 45085761e1d47862ad7166436fa8871e
e58a8ae64ea9106faedae9ca21e782088bac77b9
9402a4087e0829adc823426c76e50e8ebc56b68d685972ecb95d278f9b5c4ef9
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:47:01 GMT
ETag: "e58a8ae64ea9106faedae9ca21e782088bac77b9"
Last-Modified: Sun, 25 Dec 2022 11:47:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3207
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f28873bbcd1c0e-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 45085761e1d47862ad7166436fa8871e
e58a8ae64ea9106faedae9ca21e782088bac77b9
9402a4087e0829adc823426c76e50e8ebc56b68d685972ecb95d278f9b5c4ef9
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:47:01 GMT
ETag: "e58a8ae64ea9106faedae9ca21e782088bac77b9"
Last-Modified: Sun, 25 Dec 2022 11:47:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3207
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f28873bffe1c0a-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 45085761e1d47862ad7166436fa8871e
e58a8ae64ea9106faedae9ca21e782088bac77b9
9402a4087e0829adc823426c76e50e8ebc56b68d685972ecb95d278f9b5c4ef9
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:47:01 GMT
ETag: "e58a8ae64ea9106faedae9ca21e782088bac77b9"
Last-Modified: Sun, 25 Dec 2022 11:47:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3207
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f28873bbc91c0e-OSL
kzeww.com/29a0c1076f156731fd828b93d43f8694.gif
13.227.254.43200 OK 53 kB URL HTTP/2 kzeww.com/29a0c1076f156731fd828b93d43f8694.gif
IP 13.227.254.43:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash bc94f35d804bab4c47d693209563f52c
2f150b2cef4c6b4e751a15961dddc6caa148c19b
e89e6e255774a5471cc8c8054621f8787ad3d778b5a41b17c56112803c43c8a0
GET /29a0c1076f156731fd828b93d43f8694.gif HTTP/1.1
Host: kzeww.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 52655
last-modified: Thu, 15 Dec 2022 01:49:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 11:08:48 GMT
etag: "bc94f35d804bab4c47d693209563f52c"
x-cache: Hit from cloudfront
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 0u3V5pFEcS8hGHVo4tJX74E81WE3AGjycHWIdrWz4WCRxxJhnD8CZQ==
age: 14807
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3427e82893fd532e2294755206677999
fa214d109e929a6d922c9e6268163bb8111b5e01
7b4549b06bd9baafd45fdac76c3117db178abe0de8ba163e510713e324f226d2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 06:26:17 GMT
Expires: Fri, 30 Dec 2022 06:26:16 GMT
Etag: "fa214d109e929a6d922c9e6268163bb8111b5e01"
Cache-Control: max-age=399640,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28873b8110afe-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash feff7f6b53261f8fe4f24c2d15ccc123
67b22353abbbb62631fab39ed0e568e3146050c3
5387ef907b45ab0eb825120401e6abdf9adad69c2f357a0a3af1d1af6732c65f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 06:12:21 GMT
Expires: Thu, 29 Dec 2022 06:12:20 GMT
Etag: "67b22353abbbb62631fab39ed0e568e3146050c3"
Cache-Control: max-age=312404,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28873bc04b50b-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 6a2a14b15ec06b01e5e43834474d3e19
fee1ae4e423fa4567f86b7d5c8fd4c5990756b3b
51a3eeefd787f821d88fec94c0b74467e6632fdfdcde58322d97c2b224b65081
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 13:20:36 GMT
Expires: Thu, 29 Dec 2022 13:20:35 GMT
Etag: "fee1ae4e423fa4567f86b7d5c8fd4c5990756b3b"
Cache-Control: max-age=338099,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28873bbbf0b65-OSL
kzezz.com/a74c56cdc17aee373fdc370a7e52e9ca.gif
13.227.254.84200 OK 400 kB URL HTTP/2 kzezz.com/a74c56cdc17aee373fdc370a7e52e9ca.gif
IP 13.227.254.84:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 400 kB (400264 bytes)
Hash b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1
GET /a74c56cdc17aee373fdc370a7e52e9ca.gif HTTP/1.1
Host: kzezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 400264
last-modified: Mon, 19 Dec 2022 08:05:22 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 06:08:59 GMT
etag: "b722c3905b96f11823e04826aafdd50e"
x-cache: Hit from cloudfront
via: 1.1 3c724fc8704aec61a7bab068ccd978fe.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: jkFTP0agjCH9PXbio3gAeGBDiUizsabC6hkcgFSiXjt18HT88Lke2w==
age: 32796
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f8d17ab24bd92876edf8d1feb60a2876
95b24fa3015684cfc5ad52d3f850e1702bebe736
ebf59c19407e512e802f8eb48707a09a8f59f5436be8553034e6ea31d3035c7b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 23:20:37 GMT
Expires: Fri, 30 Dec 2022 23:20:36 GMT
Etag: "95b24fa3015684cfc5ad52d3f850e1702bebe736"
Cache-Control: max-age=460500,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f2887408690afe-OSL
xinchacha2dv.ocsp-certum.com/
23.36.79.17200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash 5cbcdbb6bdedb8479b22b4bc72408845
8a29d6864a534bd1060350e8a312917cac63a605
944c1ffaa2ef2ecd0037d0646003395f2ea2c781db09f1dac2f6ede8937f35e0
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=769
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
X-N: S
xinchacha2dv.ocsp-certum.com/
23.36.79.17200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash 5cbcdbb6bdedb8479b22b4bc72408845
8a29d6864a534bd1060350e8a312917cac63a605
944c1ffaa2ef2ecd0037d0646003395f2ea2c781db09f1dac2f6ede8937f35e0
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=695
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
X-N: S
xinchacha2dv.ocsp-certum.com/
23.36.79.17200 OK 1.5 kB URL HTTP/1.1 xinchacha2dv.ocsp-certum.com/
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash 5cbcdbb6bdedb8479b22b4bc72408845
8a29d6864a534bd1060350e8a312917cac63a605
944c1ffaa2ef2ecd0037d0646003395f2ea2c781db09f1dac2f6ede8937f35e0
POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=695
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
X-N: S
kzezz.com/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
13.227.254.84200 OK 38 kB URL HTTP/2 kzezz.com/d8766c5ff8e42ad5dafb8044a9ffd1e1.gif
IP 13.227.254.84:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 84051de17ff2fbe6c2af3e15319f4de8
a8013e3dbbd4bbe5bb25e2ee1da2e34f2c5b8a47
62801552ce63b30c91b5e476981f7d85e808025c2e15d82bcb103b3884f64ad8
GET /d8766c5ff8e42ad5dafb8044a9ffd1e1.gif HTTP/1.1
Host: kzezz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 37847
last-modified: Mon, 19 Dec 2022 08:26:09 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 06:09:56 GMT
etag: "84051de17ff2fbe6c2af3e15319f4de8"
x-cache: Hit from cloudfront
via: 1.1 3c724fc8704aec61a7bab068ccd978fe.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: WLERPRmSao7yMS9QVy6ZhjU3Wsg0EM8IhAObbKBeGQDXFXYvcBnMdA==
age: 64284
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 2d4ec71b7c4cb1935d864e8b2b29143c
177ce17e18807398ed4a7e74ff61e3ddcadbf201
0eb8b2fd304bb2356a1f5809ae688dff7ecf309c8c1d97b395e7cfc7cb13f5e3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 25 Dec 2022 13:37:48 GMT
Expires: Mon, 26 Dec 2022 13:37:48 GMT
ETag: "177ce17e18807398ed4a7e74ff61e3ddcadbf201"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 2d4ec71b7c4cb1935d864e8b2b29143c
177ce17e18807398ed4a7e74ff61e3ddcadbf201
0eb8b2fd304bb2356a1f5809ae688dff7ecf309c8c1d97b395e7cfc7cb13f5e3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 25 Dec 2022 13:37:48 GMT
Expires: Mon, 26 Dec 2022 13:37:48 GMT
ETag: "177ce17e18807398ed4a7e74ff61e3ddcadbf201"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 235eb362eedd513d11b30a9c8b357410
200f0e4666be12974686b54874e655c4fc1d50ab
574472b0ed59daabd07815e980db91463f8d1cff35bde0de74d8860403d3c01f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "574472B0ED59DAABD07815E980DB91463F8D1CFF35BDE0DE74D8860403D3C01F"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6565
Expires: Sun, 25 Dec 2022 17:05:00 GMT
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
statuse.digitalcertvalidation.com/
93.184.220.29200 OK 471 B URL HTTP/1.1 statuse.digitalcertvalidation.com/
IP 93.184.220.29:0
Hash 730cccee45c4a52c1763214b81787046
c3cfca8e49fd6336faf523ff9d86fcfb238bca4a
5e3fbd1f1b6c7a6b0efbc94de58a855a488dc20697815adc1ea567d6aeb5e89a
POST / HTTP/1.1
Host: statuse.digitalcertvalidation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1859
Cache-Control: max-age=151105
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:35 GMT
Etag: "63a80d15-1d7"
Expires: Tue, 27 Dec 2022 09:14:00 GMT
Last-Modified: Sun, 25 Dec 2022 08:43:01 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
statuse.digitalcertvalidation.com/
93.184.220.29200 OK 471 B URL HTTP/1.1 statuse.digitalcertvalidation.com/
IP 93.184.220.29:0
Hash 730cccee45c4a52c1763214b81787046
c3cfca8e49fd6336faf523ff9d86fcfb238bca4a
5e3fbd1f1b6c7a6b0efbc94de58a855a488dc20697815adc1ea567d6aeb5e89a
POST / HTTP/1.1
Host: statuse.digitalcertvalidation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4727
Cache-Control: max-age=153973
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:35 GMT
Etag: "63a80d15-1d7"
Expires: Tue, 27 Dec 2022 10:01:48 GMT
Last-Modified: Sun, 25 Dec 2022 08:43:01 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3558
Expires: Sun, 25 Dec 2022 16:14:53 GMT
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 28f33ac31d49227bfea2aa18b9c647e7
70b7584eb94fb8e29ed6116d9d49850d1d590fd3
cad62eb0d415420f8a86cb8cb0e3366e385bb059145b276f7ed13969c717063b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 14:10:58 GMT
Expires: Thu, 29 Dec 2022 14:10:57 GMT
Etag: "70b7584eb94fb8e29ed6116d9d49850d1d590fd3"
Cache-Control: max-age=341121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28873bd46b4f7-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3558
Expires: Sun, 25 Dec 2022 16:14:53 GMT
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0ab1bb58f592edab2abf55836383389
266ca036a6ff4a0f6be79fd1281e8c61ecdc5fab
73456092e6c143a996789bf1b0513c817daf01219bfa310cfbf212d565b0644b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6632
x-amzn-requestid: f0ed9030-aa96-42a8-bde0-85169dea945c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: do621E9zIAMFoSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6a4f8-22a8ca5212c4bf5366ca5543;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 07:06:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VcgEvhBEeCgObGGrtdlB96fzY6degQk22KsZlKTCmTbRuiO7CbJodw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 07:10:18 GMT
age: 29117
etag: "266ca036a6ff4a0f6be79fd1281e8c61ecdc5fab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d780f4b4a5928afafeea1348a117ab7
f0623d0355e6b57a5b9bed048b93e1b6b102dfe9
ad6dd8216b30147c99abfff2d1672d731ff940b2fb1da015d3fd5b0b96d11d0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10502
x-amzn-requestid: 52ecc48a-9ba2-45ce-b4d4-a05b6bd49214
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlFHaFnfoAMF6wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51bc8-527601d115cb2f6d76d14958;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:08:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5obtiiP91WkrOa9NATTuqVwUG64JoT_PbMfG7rmw6BdgGhilopoCGA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 03:14:39 GMT
age: 43256
etag: "f0623d0355e6b57a5b9bed048b93e1b6b102dfe9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfcc8c32-c58e-4619-a571-4fe67835fb5a.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfcc8c32-c58e-4619-a571-4fe67835fb5a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f05951322bb0251f4d30ee5aa2358247
53c51221619a43a05a613eeac66ed5d63eb7fcb0
f5f17d41c12c5392e1f354e0ed599197d532aeac0c3064e68f9edbdbb1f34891
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfcc8c32-c58e-4619-a571-4fe67835fb5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9903
x-amzn-requestid: a6333cc9-7adc-4148-bd04-2ebf413ddb9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnPzH5XoAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f31-1104e20a41c9311c37e15c8e;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QWmdPj5TGq4NRlIamW8KBKQy-RUCu4oddhkqGFTzg1QlL6ErqfuVKg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 21:45:39 GMT
age: 62996
etag: "53c51221619a43a05a613eeac66ed5d63eb7fcb0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 060f377fc7bb087a495ce5bb536d246f
64d4ff943882dd8f80e860505218e321d2951465
36566e692827354e1d91c9223e3c3ddc78de454b7a2ba3a4240f93869bc021ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10071
x-amzn-requestid: c32aaf36-e6d2-4dbc-8bb6-91aaa85657b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJ4rHjPoAMFxFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebd04-3ee9cc203213ff6d2963696a;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:11:00 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xdL7TgKIkDaxdkkLKSILVUiiNYWxNjHMhaFY5zo6qTRVl0LZpLCgVw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 da4fa914888b330b3e8a08632b8e41be.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 21:59:56 GMT
age: 62139
etag: "64d4ff943882dd8f80e860505218e321d2951465"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8dee6282a859a55ad30148c8e36e3cc8
c55bdd00c0d39f468908bd22a62a6e9b3182e4b8
4d951f758f425e3a8f127d2bc6e43558ee9ad775f147e8aae6f016007fbf4160
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11084
x-amzn-requestid: ee635254-6e82-4c96-b4b3-590fabf5b188
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbNEXGT9IAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a12882-248a27d00736e6c643109714;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 03:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phFiS2Rrln0CSLvdj9TGf57DMmNji3BmRgO0wBBpZK4UqxhNHWln4g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 13:43:23 GMT
age: 5532
etag: "c55bdd00c0d39f468908bd22a62a6e9b3182e4b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f8c72ec1e9749463326e11f003982211
a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c
afeea88b39c0fa6957e58d13562222415705d408f89583adcf428a02140abbdd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: e8b31f4c-cf9e-4027-ba28-86dcc5ac5190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnRDHvSIAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f39-06c81a124ae007023d03c375;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K4yo4xbEQJQh6HZOfia0oQeSLF0UCRjP6_2utECzhCITAQIEGvGWjw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 21:39:55 GMT
age: 63340
etag: "a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tgqd.tsmgsoce.com/pf2022.jpg
172.67.217.11200 OK 23 kB URL HTTP/2 tgqd.tsmgsoce.com/pf2022.jpg
IP 172.67.217.11:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x576, components 3\012- data
Hash 7660372b7e830716e25deef41b32d08c
3346df51d6890cd8391c77a9ed597911c8a47323
642b78336be967e5264b8324d678d4ed106fb65c2a86d7764a3b35694787c01a
GET /pf2022.jpg HTTP/1.1
Host: tgqd.tsmgsoce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:35 GMT
content-type: image/jpeg
content-length: 23342
last-modified: Sat, 28 May 2022 08:46:59 GMT
etag: "6291e183-5b2e"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-headers: auth_token,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Range,User-Agent,X-CustomHeader,X-Mx-ReqToken,X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 600
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTGhr6VNa7GTETAU8yLkqeooW8vju95%2FCeAP0Y%2BZh9%2B5o%2BaEa8yYqVieyeHIyuWaQkorbDGCc5tnvNKDWGkqDqg6om9mYxK8DlHe2HAkHjWSlCx9i0YUq5QPPIf%2BoWbv%2BLVB0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f28872ddebb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tgqd.tsmgsoce.com/08632c2cb69a054ca5e9087305ea1572.gif
172.67.217.11200 OK 753 kB URL HTTP/2 tgqd.tsmgsoce.com/08632c2cb69a054ca5e9087305ea1572.gif
IP 172.67.217.11:0
File type GIF image data, version 89a, 1140 x 100\012- data
Size 753 kB (753205 bytes)
Hash a209d1f6a12830e5db7565f434f6208d
8478ba874fa8d2dbbe509fff7683f2e6ecd202bd
686e2eab2a7060edbb12f5afeb95486a048659d5ec3212870d66bfacc06a51f1
GET /08632c2cb69a054ca5e9087305ea1572.gif HTTP/1.1
Host: tgqd.tsmgsoce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:35 GMT
content-type: image/gif
content-length: 753205
last-modified: Tue, 09 Aug 2022 02:45:17 GMT
etag: "62f1ca3d-b7e35"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-headers: auth_token,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Range,User-Agent,X-CustomHeader,X-Mx-ReqToken,X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 600
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mt04GrQHT4g%2FYscnP1dMmEUWG8HXPgeJCyVG%2BzeYVZRr78XSKlZk5OXXY1LOaFKcZE3KSsI3Z0xvAXomfHvirR0%2BQF8feapu0G%2Fp1P4wLmL99dbbVbmgll4zTFv8G6ezGx7ibg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f28872cde2b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tgqd.tsmgsoce.com/photo_2022-06-01_20-47-37.jpg
172.67.217.11200 OK 34 kB URL HTTP/2 tgqd.tsmgsoce.com/photo_2022-06-01_20-47-37.jpg
IP 172.67.217.11:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x227, components 3\012- data
Hash c0d604a0cfb05fb9cf577d033e7eb92c
95fcfc3d6350cfc82153efc243b04d34a3091789
f5b5991b71976196a5b0194bac5db5ed79c2d25d4a5acc78e8a43de9e60eb5d6
GET /photo_2022-06-01_20-47-37.jpg HTTP/1.1
Host: tgqd.tsmgsoce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:35 GMT
content-type: image/jpeg
content-length: 33648
last-modified: Wed, 01 Jun 2022 13:49:38 GMT
etag: "62976e72-8370"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-headers: auth_token,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Range,User-Agent,X-CustomHeader,X-Mx-ReqToken,X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 600
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnRaWVEgt0mQD6ONhh2wdRq3yLmZwA1FiFszHl6tNuxkIakf4N0FZej4P3blxMLAo4UdiWGn7nNsq81KFh1URRJI%2BdTzY2rAfFnMJO5yY5d4KMgC%2Bna%2BMSI6%2BfPsxnA7TazOyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f28872edf5b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f70f7c77c5b13c7142787874277d9cd8
cbcb40b1be31af879a72f9b01484bb7981cdd453
19f5ea148045748aa9b9da0c7f8fd6efd7eece89e4a5a0ee7feeae7970c78db9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19F5EA148045748AA9B9DA0C7F8FD6EFD7EECE89E4A5A0EE7FEEAE7970C78DB9"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21596
Expires: Sun, 25 Dec 2022 21:15:31 GMT
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 235eb362eedd513d11b30a9c8b357410
200f0e4666be12974686b54874e655c4fc1d50ab
574472b0ed59daabd07815e980db91463f8d1cff35bde0de74d8860403d3c01f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "574472B0ED59DAABD07815E980DB91463F8D1CFF35BDE0DE74D8860403D3C01F"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Sun, 25 Dec 2022 21:15:34 GMT
Date: Sun, 25 Dec 2022 15:15:35 GMT
Connection: keep-alive
kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
13.227.254.82200 OK 354 kB URL HTTP/2 kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
IP 13.227.254.82:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 354 kB (354278 bytes)
Hash c6442fd82dd00372e745f394887172f2
dc8ce1d9b050eb7b70c1e47e815169c8ffdc77b9
813a5a49ef0682cdb74754e84f7b5d0159392b1fef69ec06e2875388e97d8843
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 354278
last-modified: Mon, 19 Dec 2022 07:47:28 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 17:19:26 GMT
etag: "c6442fd82dd00372e745f394887172f2"
x-cache: Hit from cloudfront
via: 1.1 625de659a90e36a729e80cd3fdf6ae3c.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: XczZfloQDPG9TY_9b0E_orTN7a2m9uB0MrMBcvnCV5TofdCxQ4UFyg==
age: 78969
X-Firefox-Spdy: h2
829355rff.com/e155d3fd4e1d4859bf3b03365a932676.gif
103.170.15.89200 OK 113 kB URL HTTP/1.1 829355rff.com/e155d3fd4e1d4859bf3b03365a932676.gif
IP 103.170.15.89:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 320 x 185\012- data
Size 113 kB (113076 bytes)
Hash 293a0887f1ab0b9517c19b77d51626dd
74adbd76d248f6cfc5cffdfaaaaaf942b69b080b
e14931a1bebe13bda41f170c97f7c45f725c13854e3a907c1648a403818326eb
GET /e155d3fd4e1d4859bf3b03365a932676.gif HTTP/1.1
Host: 829355rff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "637255ab-1b9b4"
Date: Tue, 20 Dec 2022 18:24:48 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 14 Nov 2022 14:50:19 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-19
Content-Length: 113076
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca046cfc49c389ce685ab0c555c92d47
4a8447661402b9af5ff2b4fab34194e1a1640d83
9cd2f3b93e353ee9558799add36c0bc8030dedb20763ac282dd9ba4e1b33825f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9CD2F3B93E353EE9558799ADD36C0BC8030DEDB20763AC282DD9BA4E1B33825F"
Last-Modified: Sun, 25 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Sun, 25 Dec 2022 21:15:06 GMT
Date: Sun, 25 Dec 2022 15:15:36 GMT
Connection: keep-alive
kzeaa.com/57d302c9956928857573010dc47c3edf.gif
13.227.254.82200 OK 19 kB URL HTTP/2 kzeaa.com/57d302c9956928857573010dc47c3edf.gif
IP 13.227.254.82:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 82e93de0d6bacd9bbfc18484a9e3eb94
5f955448a7c50cfd5d10d165f93694f1c46f9586
64902a334f6802036c61101f282dcf57faf1698eae2938434527b7041fe5a1ca
GET /57d302c9956928857573010dc47c3edf.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 18648
last-modified: Mon, 19 Dec 2022 07:50:07 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 15:19:56 GMT
etag: "82e93de0d6bacd9bbfc18484a9e3eb94"
x-cache: Hit from cloudfront
via: 1.1 625de659a90e36a729e80cd3fdf6ae3c.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: nEBzldiOhQVQOzWGLTO-O6TjjsyEKf8C9Bi-rH_CZaesUTT-bBlB1w==
age: 86138
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.131:0
Hash c943a7b01fb0ad34925b81284cfff37c
9d77631fd4593763397a6a7700c72171263883a8
26d11c606663dfa5dc77fa6f193fc82d3f3f245591df410b92a69220d9b6552e
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 853cae75bc6ab4086818b592911dc141
8539c3c25b2c8a0f92b926ffdcde188348c23678
54bab77634d3c1eab6c414917c5a0e96d423d235244e07e61dcfcc7b06dcd9fe
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "54BAB77634D3C1EAB6C414917C5A0E96D423D235244E07E61DCFCC7B06DCD9FE"
Last-Modified: Sun, 25 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Dec 2022 21:15:36 GMT
Date: Sun, 25 Dec 2022 15:15:36 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.131:0
Hash c943a7b01fb0ad34925b81284cfff37c
9d77631fd4593763397a6a7700c72171263883a8
26d11c606663dfa5dc77fa6f193fc82d3f3f245591df410b92a69220d9b6552e
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fulipa.app/tc/1024he.png
188.114.96.1200 OK 30 kB IP 188.114.96.1:0
File type PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced\012- data
Hash 6f25902511dff1bb8678b7646a7057ef
9102ddaa54da442b81d0cd9f235183ce93017ea7
407e4e748cf5530a01e93dc21e7eaf92958eec4586679abc1b620c18665a3664
GET /tc/1024he.png HTTP/1.1
Host: fulipa.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/png
content-length: 29662
last-modified: Mon, 21 Jun 2021 14:45:04 GMT
etag: "60d0a5f0-73de"
expires: Mon, 23 Jan 2023 15:49:54 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 84339
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10np%2F8U2zO8xPlcWk81pzT2G5c1GjgyuqYG7jJ6QTE%2BdoSSorKJ41vj7IEyk%2BhG7blO77OXoLj4CC%2BU1DlqJLuS%2BWv33%2FImfSu%2BKhrvfYjgjhQ5vx0C6nG7tc2P1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f288765939b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif
13.227.254.104200 OK 864 kB URL HTTP/2 kzecc.com/8fdce7479dd03f1ee73805e8d2e9bab8.gif
IP 13.227.254.104:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 864 kB (864004 bytes)
Hash d2c820747a9b9b8c3abaab0775436ab7
99651afd10bd3874fb84d7973845482cd2c81f23
8aa3c7b05ba9bb5176a7155ead2a0ea562b07fb0dd7b27a9cf91c38e95ed43ed
GET /8fdce7479dd03f1ee73805e8d2e9bab8.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 864004
last-modified: Mon, 19 Dec 2022 09:06:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 15:39:15 GMT
etag: "d2c820747a9b9b8c3abaab0775436ab7"
x-cache: Hit from cloudfront
via: 1.1 0fa3b62de49c01129844acc24e390b56.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: HntrmoFDef9yp2Mg-dlONjmYkm3ZdAiGtaDY7EhtOppKawVB7wUmOg==
age: 84980
X-Firefox-Spdy: h2
ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky640350a.gif
47.110.23.69200 OK 201 kB URL HTTP/1.1 ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky640350a.gif
IP 47.110.23.69:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 640 x 350\012- data
Size 201 kB (200947 bytes)
Hash 3f19ab9a2d1d98dcf63cd3d3793b8638
b1ba56c92e4cec8d46961fdeb39b5aa7dfe19aae
27a57f09899e35094b7dcc978c28c20dcd76ae1b8ca60ec86f14b3b0f386645e
GET /ky/ky640350a.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sun, 25 Dec 2022 15:15:34 GMT
Content-Type: image/gif
Content-Length: 200947
Connection: keep-alive
x-oss-request-id: 63A869169BB9203834B92FC5
Accept-Ranges: bytes
ETag: "3F19AB9A2D1D98DCF63CD3D3793B8638"
Last-Modified: Tue, 11 Oct 2022 10:35:21 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17767581690437961764
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: Pxmrmi0dmNz2PNPTeTuGOA==
x-oss-server-time: 3
kzecc.com/2dafd276863e05cd86626a2b7b394960.gif
13.227.254.104200 OK 19 kB URL HTTP/2 kzecc.com/2dafd276863e05cd86626a2b7b394960.gif
IP 13.227.254.104:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash fe02bebb3cbbf8cd029504e748ad437a
08e06dff48f5dd378b31684cd4d48375f19b1e5f
8d2f2df857ef73c5b13658bb7d6289d6dc4b840fce5b8bbcdc779f5db9741509
GET /2dafd276863e05cd86626a2b7b394960.gif HTTP/1.1
Host: kzecc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 19403
last-modified: Mon, 19 Dec 2022 09:08:57 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 06:06:40 GMT
etag: "fe02bebb3cbbf8cd029504e748ad437a"
x-cache: Hit from cloudfront
via: 1.1 0fa3b62de49c01129844acc24e390b56.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: oCwRefkBHrw-BRj7iyc8OQLZr_my5UqIxcf0FYINvE8a3qDzv3Cmqg==
age: 75994
X-Firefox-Spdy: h2
kzemm.com/bb7f858c0dad171784517c02e7bff891.gif
13.227.254.30200 OK 391 kB URL HTTP/2 kzemm.com/bb7f858c0dad171784517c02e7bff891.gif
IP 13.227.254.30:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 391 kB (390953 bytes)
Hash f849b3b0e9c6fdb31c56074c38c5123c
78200f076e1512a0f4b6f56f37d9f7ad355f0ad7
f9d4b673a595159370aa060f5d8b025842504116efc5b85269129a6c02110f6c
GET /bb7f858c0dad171784517c02e7bff891.gif HTTP/1.1
Host: kzemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 390953
last-modified: Sat, 17 Dec 2022 12:33:46 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 21:23:05 GMT
etag: "f849b3b0e9c6fdb31c56074c38c5123c"
x-cache: Hit from cloudfront
via: 1.1 265469026e8f406d053e31b75a003ea2.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: 4Jpa8CcFohF2Y-K81nqlSnEUwjJxGS5GnrgpIw8E376bSHANf1e51w==
age: 64349
X-Firefox-Spdy: h2
tpkj3333.com/img/k80m/obcIP5lGq.gif
66.203.157.56200 OK 9.3 kB URL HTTP/1.1 tpkj3333.com/img/k80m/obcIP5lGq.gif
IP 66.203.157.56:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 100 x 100\012- data
Hash c2f9f4a6851b4567eb13f170f72c7673
0deb37ffbcd11df226a741f2745bfccbb1d87b3f
45907b7abc56dbcbeb5f5d48cc2f67bb34c67b21481973787b8d39c31e210ca4
GET /img/k80m/obcIP5lGq.gif HTTP/1.1
Host: tpkj3333.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"9293-1671636839000"
Last-Modified: Wed, 21 Dec 2022 15:33:59 GMT
Expires: Mon, 09 Jan 2023 15:15:35 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
328858prw.com/1ee2b096a9794c4a9b25ba48a19a9e40.gif
45.61.212.46200 OK 30 kB URL HTTP/1.1 328858prw.com/1ee2b096a9794c4a9b25ba48a19a9e40.gif
IP 45.61.212.46:0
File type GIF image data, version 89a, 180 x 180\012- data
Hash c75065e9b2cdd6327ec4bcd5564139dd
942a4075f3561f09179d6a332eebfdca981601b0
2ca8007b97da4aa8dfe8e89950cd97d6c804f17d4d9cb51e0f7492335412724c
Analyzer Verdict Alert quad9 Sinkholed
GET /1ee2b096a9794c4a9b25ba48a19a9e40.gif HTTP/1.1
Host: 328858prw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b92f9-748c"
Date: Wed, 21 Dec 2022 07:04:54 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:29:45 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 29836
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash eb45a3328fd4982b343eb0d4db48b106
978fc381aa70e2fe5c3c1a80511d2e4fed0af04b
df943f8092fca182532c50bd2d46d5ccf8d329693c1bc5f4ee021608dc040c64
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 05:16:19 GMT
Expires: Sat, 31 Dec 2022 05:16:18 GMT
Etag: "978fc381aa70e2fe5c3c1a80511d2e4fed0af04b"
Cache-Control: max-age=481841,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f288760e3eb523-OSL
kzemm.com/936791423ed81f90684454d92e6332d8.gif
13.227.254.30200 OK 23 kB URL HTTP/2 kzemm.com/936791423ed81f90684454d92e6332d8.gif
IP 13.227.254.30:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 39a2f09459abdcaab15edd669758f70b
4018fc7ea647e461e5e41fce7290fd9d80013901
90e8fb2b2679186f183f64758707a506f41b459130a77fdd176071b660f65b41
GET /936791423ed81f90684454d92e6332d8.gif HTTP/1.1
Host: kzemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 23181
last-modified: Thu, 15 Dec 2022 01:48:25 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 09:13:17 GMT
etag: "39a2f09459abdcaab15edd669758f70b"
x-cache: Hit from cloudfront
via: 1.1 265469026e8f406d053e31b75a003ea2.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: DH7qUc59VGUDrVtkCdesjhMWlaJoga2kDl0-2yjylimPmObmTPXNiw==
age: 43487
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 61dc1b745e1640c23f63cd358d87510c
213eb21c9ec9bead6b71d3570033400168a4ff34
45ecffa3de0f2ef81123dd4721138bd81a1db4fca23da0dc2b3c3e39c57728bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=110372
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:36 GMT
Etag: "63a7753c-2d7"
Expires: Mon, 26 Dec 2022 21:55:08 GMT
Last-Modified: Sat, 24 Dec 2022 21:55:08 GMT
Server: nginx
Content-Length: 727
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash eb45a3328fd4982b343eb0d4db48b106
978fc381aa70e2fe5c3c1a80511d2e4fed0af04b
df943f8092fca182532c50bd2d46d5ccf8d329693c1bc5f4ee021608dc040c64
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 05:16:19 GMT
Expires: Sat, 31 Dec 2022 05:16:18 GMT
Etag: "978fc381aa70e2fe5c3c1a80511d2e4fed0af04b"
Cache-Control: max-age=481841,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f288754b360b3d-OSL
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 853cae75bc6ab4086818b592911dc141
8539c3c25b2c8a0f92b926ffdcde188348c23678
54bab77634d3c1eab6c414917c5a0e96d423d235244e07e61dcfcc7b06dcd9fe
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "54BAB77634D3C1EAB6C414917C5A0E96D423D235244E07E61DCFCC7B06DCD9FE"
Last-Modified: Sun, 25 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Dec 2022 21:15:36 GMT
Date: Sun, 25 Dec 2022 15:15:36 GMT
Connection: keep-alive
kzeii.com/025b77e9f27b2d7a0ed17ced0452d3af.gif
13.227.254.48200 OK 558 kB URL HTTP/2 kzeii.com/025b77e9f27b2d7a0ed17ced0452d3af.gif
IP 13.227.254.48:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 558 kB (558155 bytes)
Hash a9e003dcb2c2cce16d89cacf9ed03be0
9194d815ac2986ace29fa6bd219e3f74d33dce91
6120d8d907544d3072a80787683c5852f6b913f7a52d4b5025d5e3bbe28335cf
GET /025b77e9f27b2d7a0ed17ced0452d3af.gif HTTP/1.1
Host: kzeii.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 558155
last-modified: Mon, 19 Dec 2022 09:05:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 06:06:59 GMT
etag: "a9e003dcb2c2cce16d89cacf9ed03be0"
x-cache: Hit from cloudfront
via: 1.1 a691085135305af276cea0859fd6b128.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: Wer3jtizYKeWxJeqLcDxFCRk5WDA_fP30sXU8qfV44oswJVdJS6ZEQ==
age: 32917
X-Firefox-Spdy: h2
kzett.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
13.227.254.39200 OK 497 kB URL HTTP/2 kzett.com/65e7e65f41ad1c2cb20bb39e08e6b041.gif
IP 13.227.254.39:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 497 kB (497175 bytes)
Hash 308dfc606f51875abeaddaf59af06f44
fbc86f1ca7aaf6132c4643c7138b539a170fb6c1
1e1e5e16afd234768c984ee2f2551abbf8af6de533f12b80dbee9ab06a857bf3
GET /65e7e65f41ad1c2cb20bb39e08e6b041.gif HTTP/1.1
Host: kzett.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 497175
last-modified: Thu, 01 Dec 2022 15:50:53 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 11:28:30 GMT
etag: "308dfc606f51875abeaddaf59af06f44"
x-cache: Hit from cloudfront
via: 1.1 a8c2772b03befab22b97b650361ac508.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: SJRYVn5WuP-xq5-c4PjmSq6mKwt_BvjNmSehUKrE2JvIswb5so9ahw==
age: 13624
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/ef7549267ad04e16af055b00d3b86435
47.246.44.229200 OK 54 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/ef7549267ad04e16af055b00d3b86435
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 300 x 200\012- data
Hash ad9663932c5d061dde60781415ebbc95
a5b2f7f89b944f545d0c7aa25cb3a4fb8a781359
288b6fdbe53fd67fde5fb6fb42b5173e8c68f330016cad3a9276df8eae10526e
GET /obj/tos-cn-i-dy/ef7549267ad04e16af055b00d3b86435 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 53506
date: Sun, 18 Dec 2022 07:27:09 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sun, 18 Dec 2022 07:02:01 GMT
nw-session-id: 2022121815020101021207508839E7B650fdk6r01dy
nw-session-trace: 2022-12-18T15:02:01.758935127+08:00 51
x-bdcdn-cache-status: TCP_HIT
x-length: 53506
x-powered-by: ImageX
x-response-date: Sun, 18 Dec 2022 15:02:01 GMT
x-tt-logid: 2022121815020101021207508839E7B650
via: n204-098-236, cache25.l2de2[519,518,206-0,M], cache16.l2de2[520,0], cache16.l2de2[520,0], cache8.se1[0,0,200-0,H], cache2.se1[2,0]
x-request-ip: fdbd:dc01:25:635::160
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01b7c812b369b344683416195bc54e519308b58a242724722383e9c55fa0f6b3c4536c9c0332b8519d2cb3a1743e1509e58791279669d436fd3f92da4804a2afbc4c4292accfbd03c75754351fb116689684516c1478cb96972d5cd692083321a9
x-response-lb: image
ali-swift-global-savetime: 1671348429
age: 632907
x-cache: HIT TCP_HIT dirn:1:34286113
x-swift-savetime: Sun, 18 Dec 2022 07:27:09 GMT
x-swift-cachetime: 31536000
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9616719813361283068e
X-Firefox-Spdy: h2
kzeii.com/a5e370b7dfb7cdc846b888532e365343.gif
13.227.254.48200 OK 11 kB URL HTTP/2 kzeii.com/a5e370b7dfb7cdc846b888532e365343.gif
IP 13.227.254.48:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 8fdfe3dfd86568a32269faa559e16f57
89da3cd4f6c1a306d65064de8810a48d21584558
412171a93f3c7884149693b60d734f368ecfa8de2744f92bf9bf3fe8d852da24
GET /a5e370b7dfb7cdc846b888532e365343.gif HTTP/1.1
Host: kzeii.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 11106
last-modified: Mon, 19 Dec 2022 08:59:08 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 14:52:15 GMT
etag: "8fdfe3dfd86568a32269faa559e16f57"
x-cache: Hit from cloudfront
via: 1.1 a691085135305af276cea0859fd6b128.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: Gzcv824-avxIQeFGkzPu07a-KpuLb6_WnPFuC3fwro6qfQwaylxG2g==
age: 1400
X-Firefox-Spdy: h2
kzett.com/363336fe019a7dad576dbc0cd5e59477.gif
13.227.254.39200 OK 16 kB URL HTTP/2 kzett.com/363336fe019a7dad576dbc0cd5e59477.gif
IP 13.227.254.39:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash e7b760d5b9f1a1be175fed8a7896bf31
d9ea37fa0efad766da3bb101ad5735486f51b0a4
c1d4fc49d3a7165588dc654c14911fe2ebc87a83520e6074721ef9f810d5eba3
GET /363336fe019a7dad576dbc0cd5e59477.gif HTTP/1.1
Host: kzett.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 16442
last-modified: Thu, 01 Dec 2022 15:50:42 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Dec 2022 02:23:12 GMT
etag: "e7b760d5b9f1a1be175fed8a7896bf31"
x-cache: Hit from cloudfront
via: 1.1 a8c2772b03befab22b97b650361ac508.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-amz-cf-id: Y9oiiMa9P-81sp-3dN_pec0UntWOisdtufLOp5tXRV6YQkhn9z_Wiw==
age: 46343
X-Firefox-Spdy: h2
kvhdd.com/5362e21a0a78871b3e015f8f067416ee.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvhdd.com/5362e21a0a78871b3e015f8f067416ee.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /5362e21a0a78871b3e015f8f067416ee.gif HTTP/1.1
Host: kvhdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/5362e21a0a78871b3e015f8f067416ee.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c759e926e8433004d7cc42d019244e8e
fd77e36177eb4a3d0dc84cf1000dfc792c2eeb57
18061a760192e5e701995f92b686de24e2ce1e7f28d24d1ad2d9b55ca819b257
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18061A760192E5E701995F92B686DE24E2CE1E7F28D24D1AD2D9B55CA819B257"
Last-Modified: Fri, 23 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11193
Expires: Sun, 25 Dec 2022 18:22:09 GMT
Date: Sun, 25 Dec 2022 15:15:36 GMT
Connection: keep-alive
kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif
104.21.235.66200 OK 218 kB URL HTTP/2 kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif
IP 104.21.235.66:0
File type GIF image data, version 89a, 130 x 130\012- data
Size 218 kB (217499 bytes)
Hash 968425e8763f402127a3bb0629182a74
445416e9f948cb1cee6880173336fd55738eddaa
b157e151db49f2185dc1131f3b95fd09c945520a64faf7f36caaedc32ef817f0
GET /387aa3cb8bec96e607972d99d3ac1058.gif HTTP/1.1
Host: kvthhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ldtqh.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 217499
last-modified: Mon, 29 Aug 2022 07:44:30 GMT
etag: "630c6e5e-3519b"
expires: Thu, 12 Jan 2023 13:25:16 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1043420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dTdaG1i7tYjCx3aFxY5x5F3YEyYcZp8Tb%2BsUQV6RneCWMXUct57H5Zx5GAUEnd5KezoaRs6jrNgMULwuD6YG4sA9%2Bnla2026AH1PjviHh7JUv6zsGZynZzDkdtul"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f288767d617797-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvthhh.top/5362e21a0a78871b3e015f8f067416ee.gif
104.21.235.66200 OK 258 kB URL HTTP/2 kvthhh.top/5362e21a0a78871b3e015f8f067416ee.gif
IP 104.21.235.66:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 258 kB (258002 bytes)
Hash 52c6fa453c86b903d3c111f15d23ce08
2126ab9b4210ac26c5736384838d021274024f82
a5aae92bdf91d39f6102dd8f9026100c8d9ab42207c7a0542ec94cb9d1543b79
GET /5362e21a0a78871b3e015f8f067416ee.gif HTTP/1.1
Host: kvthhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ldtqh.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 258002
last-modified: Tue, 04 Oct 2022 06:41:53 GMT
etag: "633bd5b1-3efd2"
expires: Thu, 12 Jan 2023 17:55:13 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1027223
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMvhsc%2FWHvmVOSb5%2FYSm%2FlSsqXuMkLCDUftIBN0P2tnfYRhZhkW3peqcMB4RrPycXuH%2FL7QAdNW0Pt8g2Lj9s21ytI11DuDN%2Flio0dOm7jIT0BhTCDcy2HmqV0hf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f288765d317797-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/nV08C5449t0
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/nV08C5449t0
IP 142.250.74.131:0
Hash c943a7b01fb0ad34925b81284cfff37c
9d77631fd4593763397a6a7700c72171263883a8
26d11c606663dfa5dc77fa6f193fc82d3f3f245591df410b92a69220d9b6552e
POST /s/gts1p5/nV08C5449t0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 15:15:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
47.246.44.229200 OK 517 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 80\012- data
Size 517 kB (517096 bytes)
Hash b015f844cdbda5be42c43fe5bb5b993f
10587b61d92be7f0a4aa6653a9f6c164a9f3b69c
4e5d7e2968aaca9342c547ba9e97f05ff806b25b6f855f1f2793bcb2475e0205
GET /obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 517096
date: Sat, 17 Dec 2022 11:18:34 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 17 Dec 2022 11:00:48 GMT
nw-session-id: 2022121719004801013516002323962051twstf03dy
nw-session-trace: 2022-12-17T19:00:48.951640063+08:00 34
x-bdcdn-cache-status: TCP_HIT
x-length: 517096
x-powered-by: ImageX
x-response-date: Sat, 17 Dec 2022 19:00:48 GMT
x-tt-logid: 2022121719004801013516002323962051
via: n204-098-051, cache21.l2de2[0,0,206-0,H], cache16.l2de2[2,0], cache16.l2de2[2,0], cache3.se1[0,0,200-0,H], cache2.se1[0,0]
x-request-ip: fdbd:dc01:26:287::163
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=0
x-tt-trace-host: 01c70dd2b30bede540a99194c063ce108101d034b2bc06742999480189a70338073531a21048b7226c8d9db6b57c602b7a643b25caab025ee62988ef41f310316a2088155c6bd9b79fb7ee97192a19f9ebe92eeb40309de15bbb62b014771711ec
x-response-lb: image
ali-swift-global-savetime: 1671275914
age: 705422
x-cache: HIT TCP_MEM_HIT dirn:2:441582033
x-swift-savetime: Sat, 17 Dec 2022 12:39:27 GMT
x-swift-cachetime: 31531147
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9616719813361323070e
X-Firefox-Spdy: h2
kvthhh.top/30e1c730f6e3ac776984b64a67e5249c.gif
104.21.235.66200 OK 500 kB URL HTTP/2 kvthhh.top/30e1c730f6e3ac776984b64a67e5249c.gif
IP 104.21.235.66:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 500 kB (500321 bytes)
Hash df649d8cc0a48329cb6b29be777164af
c1a4bd41fc7f4c1170cc08c70144f9e53ce97627
4f96705d64f667c470d136bb0e4a160189d99009bfa813c2e5bf70192ede858e
GET /30e1c730f6e3ac776984b64a67e5249c.gif HTTP/1.1
Host: kvthhh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ldtqh.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 500321
last-modified: Wed, 07 Dec 2022 09:48:35 GMT
etag: "63906173-7a261"
expires: Fri, 20 Jan 2023 10:30:37 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 362699
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vg0qZJ4j22kfvBWRCViuyvCPR4CIw4H883rHsSOpMsxtzGQhm26wCKDS%2B0BdS8Aw6eYZQ1Z%2Fp99QxkENofDLP2nQDiUWzOalPZlOnZMq5nD37chJZdv8xzWveBW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f288765d297797-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.haobo082.xyz/ads/ggzz.png
104.233.252.248200 OK 1.9 kB URL HTTP/2 www.haobo082.xyz/ads/ggzz.png
IP 104.233.252.248:0
ASN #398478 PEGTECHINC-AP-01
File type PNG image data, 960 x 60, 8-bit/color RGB, non-interlaced\012- data
Hash bf7846b01faf1abdd5e12f648ab98a34
0824e9514e0fa5e269c8ec9d77dc7cfa2d4b46a1
fa5d9662d8232b18af869e9239e419640128601ebeb7ed26f8a21f85d495762b
GET /ads/ggzz.png HTTP/1.1
Host: www.haobo082.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/png
content-length: 1901
last-modified: Wed, 19 Oct 2022 07:43:21 GMT
etag: "634faa99-76d"
expires: Tue, 24 Jan 2023 15:15:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 42a29786a77604ab571ad89ba2781e1c
442a7cbf4de689941aec28b1f54345e87031d045
b64351a533bb3cf6a4c0f7455f673b4972713ba5ec58e314baba545990ed7e5e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 02:24:39 GMT
Expires: Sat, 31 Dec 2022 02:24:38 GMT
Etag: "442a7cbf4de689941aec28b1f54345e87031d045"
Cache-Control: max-age=471541,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28876f88bb50b-OSL
kvhaa.com/0faf263b1025a51efcea7acd844cc402.gif
45.154.214.206301 Moved Permanently 162 B URL HTTP/2 kvhaa.com/0faf263b1025a51efcea7acd844cc402.gif
IP 45.154.214.206:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /0faf263b1025a51efcea7acd844cc402.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/0faf263b1025a51efcea7acd844cc402.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ldbbs.ldmnq.com/bbs/topic/images/2022-12/62559a62-7d96-4f90-a0b5-94a7f2967f4b.gif
218.12.76.164200 OK 54 kB URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/62559a62-7d96-4f90-a0b5-94a7f2967f4b.gif
IP 218.12.76.164:0
ASN #4837 CHINA UNICOM China169 Backbone
File type GIF image data, version 89a, 960 x 120\012- data
Hash 1b0debb707f7274e95ae467969832663
7787ea12e377677eccfcbba7f7fc14b18602ddad
688c201ad0040278d8431382eeeb71ea318699cc7d4ccf167132e5818473d55f
GET /bbs/topic/images/2022-12/62559a62-7d96-4f90-a0b5-94a7f2967f4b.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Content-Length: 53701
Connection: keep-alive
Server: openresty
Age: 376221
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "1b0debb707f7274e95ae467969832663"
Last-Modified: Wed, 21 Dec 2022 06:44:18 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HEshijiazhuang-AREACUCC1-CACHE32[4],CHN-HEshijiazhuang-AREACUCC1-CACHE37[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE33[31],CHN-TJ-GLOBAL1-CACHE17[0,TCP_HIT,30]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCShyI/M24SysM7QVQmHyPorxbprtw58m
x-amz-request-id: 00000185336CFEF1981BF818017B32F6
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes
pic.rmb.bdstatic.com/bjh/17244f3a8b60a0f7b291f5621c873713.gif
185.10.104.115200 OK 1.6 MB URL HTTP/2 pic.rmb.bdstatic.com/bjh/17244f3a8b60a0f7b291f5621c873713.gif
IP 185.10.104.115:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /bjh/17244f3a8b60a0f7b291f5621c873713.gif HTTP/1.1
Host: pic.rmb.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sun, 25 Dec 2022 15:15:35 GMT
content-type: image/gif
content-length: 1626999
expires: Sun, 25 Dec 2022 12:05:50 GMT
last-modified: Fri, 05 Aug 2022 12:05:01 GMT
etag: "17244f3a8b60a0f7b291f5621c873713"
age: 270246
accept-ranges: bytes
content-md5: FyRPOotgoPeykfViHIc3Ew==
x-bce-content-crc32: 2236402188
x-bce-debug-id: To5Ii6e5ruq3XhnFvxFfNKk+aTuEv1Rs9BFz/CFUbJxN1IWDo5QCbV+8zPWS73WsgW1/9vgMJSUBunO3575huA==
x-bce-request-id: 8b1d7270-ba6a-4bb6-adc0-e264be29d524
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
timing-allow-origin: *
ohc-global-saved-time: Thu, 22 Dec 2022 12:05:49 GMT
ohc-cache-hit: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache107 [2], czix231 [1]
ohc-file-size: 1626999
x-cache-status: HIT
X-Firefox-Spdy: h2
pic.rmb.bdstatic.com/bjh/705f88af07a7042fda2254a6426d7ec6.gif
185.10.104.115200 OK 164 kB URL HTTP/2 pic.rmb.bdstatic.com/bjh/705f88af07a7042fda2254a6426d7ec6.gif
IP 185.10.104.115:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 160 x 160\012- data
Size 164 kB (163707 bytes)
Hash 705f88af07a7042fda2254a6426d7ec6
e8098e593ebbaee3370bc63cfced4d4eae9cfafc
d9cc8d94dacb652181d48272239677cd8ceb3808dbd11c1f8b9360de504fa5cd
GET /bjh/705f88af07a7042fda2254a6426d7ec6.gif HTTP/1.1
Host: pic.rmb.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sun, 25 Dec 2022 15:15:35 GMT
content-type: image/gif
content-length: 163707
expires: Tue, 06 Dec 2022 16:44:14 GMT
last-modified: Thu, 07 Apr 2022 16:41:26 GMT
etag: "705f88af07a7042fda2254a6426d7ec6"
age: 558899
accept-ranges: bytes
content-md5: cF+IrwenBC/aIlSmQm1+xg==
x-bce-content-crc32: 862815224
x-bce-debug-id: P80SW36utD91LjTa2B+3pDXlJnL1cPgjEyeLVYTSpN4OroXEdZR0bPcR0gIZZbt1YR4HVxqgOvdJv8l1qyTieA==
x-bce-request-id: b83df733-b0ed-47e2-896e-04b30ab0c852
x-bce-storage-class: STANDARD
timing-allow-origin: *
ohc-global-saved-time: Sat, 03 Dec 2022 16:44:14 GMT
ohc-cache-hit: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache66 [4], suzix66 [1]
ohc-file-size: 163707
x-cache-status: HIT
X-Firefox-Spdy: h2
8499226.com/8499/320x185.gif
172.247.109.215200 OK 63 kB URL HTTP/2 8499226.com/8499/320x185.gif
IP 172.247.109.215:0
File type GIF image data, version 89a, 320 x 185\012- data
Hash c0e7e535013b8e21493d7b0825aba6c1
489b299a3fd196f8c85119093bb4f4e9e437d734
70e8c4007e22243d06d89e80e67a82aa143cdf3ea4a60b13c01ea953c1c76e9a
GET /8499/320x185.gif HTTP/1.1
Host: 8499226.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 63081
last-modified: Sun, 18 Dec 2022 06:27:12 GMT
etag: "f669-5f0144b103408"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash b1d709e94eb0099f200a69e7b445754b
1a3219b1ac0aea0f92bbbcd86713f6fdac84de4f
155a0aeb3f9df7b0eac98931b4d232a69f6df9d91bb569c668809f513c008724
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 25 Dec 2022 13:14:19 GMT
Expires: Sun, 01 Jan 2023 13:14:18 GMT
Etag: "1a3219b1ac0aea0f92bbbcd86713f6fdac84de4f"
Cache-Control: max-age=596921,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28878fcedb518-OSL
nvhaaa.top/0faf263b1025a51efcea7acd844cc402.gif
104.21.234.41200 OK 1.1 MB URL HTTP/2 nvhaaa.top/0faf263b1025a51efcea7acd844cc402.gif
IP 104.21.234.41:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.1 MB (1082384 bytes)
Hash a2513b4510f6797c4cbe4012fc79c64c
41f15aa49c66eed88a541224dedda5d215f9e7ef
16e775f7ac1e0368c216cdcf70bc3d56d7d952d7653898dbb8093efcd712cc71
GET /0faf263b1025a51efcea7acd844cc402.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 1082384
last-modified: Sat, 27 Aug 2022 07:44:24 GMT
etag: "6309cb58-108410"
expires: Tue, 24 Jan 2023 15:15:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hfuStRFiHoXlg8IS3lKL%2BoulzMZiyVUMr2Wkrplrw7U%2FgIi7WRyXzrfy65t6YewuoQ9unHw16lQGI4xbER%2BToftcxECqGei2yc9sKIjEr0zBbV1ZggI0CGzKl0mG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f28878fd5575c6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash b1d709e94eb0099f200a69e7b445754b
1a3219b1ac0aea0f92bbbcd86713f6fdac84de4f
155a0aeb3f9df7b0eac98931b4d232a69f6df9d91bb569c668809f513c008724
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 25 Dec 2022 13:14:19 GMT
Expires: Sun, 01 Jan 2023 13:14:18 GMT
Etag: "1a3219b1ac0aea0f92bbbcd86713f6fdac84de4f"
Cache-Control: max-age=596921,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28878ddcb0b3d-OSL
n0499.com/04b90dd111a647fba9095c0172f88d52.gif
20.222.36.191200 OK 206 kB URL HTTP/1.1 n0499.com/04b90dd111a647fba9095c0172f88d52.gif
IP 20.222.36.191:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 960 x 100\012- data
Size 206 kB (206481 bytes)
Hash db73ec03627030bd09b0d06241d16b8f
814810ba141676acc47591bea04a793206c6a342
bedc95532f2d7584b2d8ae36c482bba52bda15c305681a40a6af78f3a7e4a5df
GET /04b90dd111a647fba9095c0172f88d52.gif HTTP/1.1
Host: n0499.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 11:35:39 GMT
ETag: W/"63849d0b-5d77a"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
tpkj3333.com/img/k80m/obGVgwik5.gif
66.203.157.56200 OK 94 kB URL HTTP/1.1 tpkj3333.com/img/k80m/obGVgwik5.gif
IP 66.203.157.56:0
ASN #59371 Dimension Network & Communication Limited
File type GIF image data, version 89a, 960 x 80\012- data
Hash db6cbc295f77db52b525875384867503
e693f8a3cad89acf39afc42ef20db1e347b8ea66
a90792768722fc64366ca017ec210b53cae229393c9a9209d18f8d322a7dc727
GET /img/k80m/obGVgwik5.gif HTTP/1.1
Host: tpkj3333.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"321131-1671636520000"
Last-Modified: Wed, 21 Dec 2022 15:28:40 GMT
Expires: Mon, 09 Jan 2023 15:15:35 GMT
Cache-Control: max-age=1296000
Content-Encoding: gzip
Nginx-Cache: HIT, HIT
328858prw.com/0467d30fd0a445a797816eac07a7737c.gif
45.61.212.46200 OK 962 kB URL HTTP/1.1 328858prw.com/0467d30fd0a445a797816eac07a7737c.gif
IP 45.61.212.46:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 962 kB (962064 bytes)
Hash c2c5c872b027d01c2bf9baadabfa6422
35b599e1c682a64e2b349f8b0a4e9992125a368b
73bced0007d1e2c60a91e620877a0dfbba2bd421c0ada5082ab0752d14797bea
Analyzer Verdict Alert quad9 Sinkholed
GET /0467d30fd0a445a797816eac07a7737c.gif HTTP/1.1
Host: 328858prw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63725545-eae10"
Date: Thu, 15 Dec 2022 17:39:48 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 14 Nov 2022 14:48:37 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-16
Content-Length: 962064
ldbbs.ldmnq.com/bbs/topic/images/2022-12/30a0ef74-0fc1-440c-800c-69907935ab6e.gif
218.12.76.164200 OK 224 kB URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/30a0ef74-0fc1-440c-800c-69907935ab6e.gif
IP 218.12.76.164:0
ASN #4837 CHINA UNICOM China169 Backbone
File type GIF image data, version 89a, 960 x 120\012- data
Size 224 kB (223983 bytes)
Hash 7954e8c77b425e4e872c267c1428cb59
9a107ff658a34cc89f84bdda9e52b831d8f377b1
9522a5366e80b1acc16d442bcc96ccdcd265603fe7fb6a8b58217c7c4386c0cc
GET /bbs/topic/images/2022-12/30a0ef74-0fc1-440c-800c-69907935ab6e.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Content-Length: 223983
Connection: keep-alive
Server: openresty
Age: 374135
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "7954e8c77b425e4e872c267c1428cb59"
Last-Modified: Wed, 21 Dec 2022 07:19:59 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HEshijiazhuang-AREACUCC1-CACHE25[7],CHN-HEshijiazhuang-AREACUCC1-CACHE46[0,TCP_HIT,3],CHN-TJ-GLOBAL1-CACHE48[135],CHN-TJ-GLOBAL1-CACHE74[129,TCP_MISS,133]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS5UCCPl7x/CqTQmm9CLikueyASM2nme
x-amz-request-id: 00000185338DAAA0900CC5904A27B48E
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 4e311367609101cc2619ff22a38b0aa9
9d32e39ed6d051a77e8d1e30ef127e0302f21613
e81eedbde4aa153e1c1312d236850da5f7dbc1606b0788e1d1e015793a148703
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 16:52:23 GMT
Expires: Thu, 29 Dec 2022 16:52:22 GMT
Etag: "9d32e39ed6d051a77e8d1e30ef127e0302f21613"
Cache-Control: max-age=350805,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f2887a8d45b50b-OSL
8499226.com/8499/150x150.gif
172.247.109.215200 OK 133 kB URL HTTP/2 8499226.com/8499/150x150.gif
IP 172.247.109.215:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 133 kB (133000 bytes)
Hash 4d50d14fce2dc7bcc0681a80d4a6c92a
75e992e0e03b8fa0f0e1637cbd641e212cd84483
227ef81afa2bf9c11be0ee0c041f7317cbea44bfdc71dca55f408746c9367a79
GET /8499/150x150.gif HTTP/1.1
Host: 8499226.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 133000
last-modified: Sat, 17 Dec 2022 15:33:39 GMT
etag: "20788-5f007cf721b86"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash b12e1d99015239b38309afced86b4615
69a0056d7be893aca84b24d235a6de920ae3e2cd
efc586861d9375774f12d9030a0330a1a9dc39c7ee8354cad8c48410fafb8596
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:36 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 20:16:01 GMT
Expires: Fri, 30 Dec 2022 20:16:00 GMT
Etag: "69a0056d7be893aca84b24d235a6de920ae3e2cd"
Cache-Control: max-age=449423,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f28877fff8b523-OSL
538936vxn.com/9081dc4acf454782ba4a66b61162b915.gif
103.170.15.89200 OK 115 kB URL HTTP/1.1 538936vxn.com/9081dc4acf454782ba4a66b61162b915.gif
IP 103.170.15.89:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 180 x 180\012- data
Size 115 kB (114978 bytes)
Hash 3c9e95a9db732ac71d81286b1c192754
565e4379ef9377f2d17abfdfaa774de9d4a3004c
167e29a1512c3e710bdbb8121d3926ec8205b0b51ad9874a23c300a937d5c810
Analyzer Verdict Alert quad9 Sinkholed
GET /9081dc4acf454782ba4a66b61162b915.gif HTTP/1.1
Host: 538936vxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "635b8ff1-1c122"
Date: Thu, 15 Dec 2022 05:24:13 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 28 Oct 2022 08:16:49 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-19
Content-Length: 114978
ldbbs.ldmnq.com/bbs/topic/images/2022-12/199501a0-6757-4859-8df7-11819c588002.gif
218.12.76.164200 OK 280 kB URL HTTP/1.1 ldbbs.ldmnq.com/bbs/topic/images/2022-12/199501a0-6757-4859-8df7-11819c588002.gif
IP 218.12.76.164:0
ASN #4837 CHINA UNICOM China169 Backbone
File type GIF image data, version 89a, 960 x 120\012- data
Size 280 kB (280130 bytes)
Hash 507928f630ae07fe219282ac06203fee
b32d52b58d3d7e5276ca2fbf89c6ab09768a8ff2
f2998e0309a3e549492f111131f1601764f716c67f841b0c3b941a051c07728b
GET /bbs/topic/images/2022-12/199501a0-6757-4859-8df7-11819c588002.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Content-Length: 280130
Connection: keep-alive
Server: openresty
Age: 378551
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "507928f630ae07fe219282ac06203fee"
Last-Modified: Wed, 21 Dec 2022 06:06:23 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HEshijiazhuang-AREACUCC1-CACHE24[2],CHN-HEshijiazhuang-AREACUCC1-CACHE33[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE29[129],CHN-TJ-GLOBAL1-CACHE33[125,TCP_MISS,128]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSAtnqLk4LlYOCjti88537IQ+1a/55Uk
x-amz-request-id: 00000185334A4808981077A29E3DE464
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 2f2308b11e359dc22d2210590bd8e8ac
e46e438672332185a580af501c99c2aee4facf4c
2cb4b466dbdbe7c9b95b283e103896b2673d5a4300cf353d601d39786aedc836
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 17:15:39 GMT
Expires: Fri, 30 Dec 2022 17:15:38 GMT
Etag: "e46e438672332185a580af501c99c2aee4facf4c"
Cache-Control: max-age=438601,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77f2887ab9870b65-OSL
ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky200200a.gif
47.110.23.69200 OK 528 kB URL HTTP/1.1 ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky200200a.gif
IP 47.110.23.69:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Size 528 kB (527725 bytes)
Hash c33793f28d72f2d4d43546976e6a6f4a
e664901eefac559b4b2ce8b7d3468320d323e55f
c100b258a678ee56bf43b5722cf12b305333e6f89d7f3ecbcf0d2ab0febbbd60
GET /ky/ky200200a.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sun, 25 Dec 2022 15:15:35 GMT
Content-Type: image/gif
Content-Length: 527725
Connection: keep-alive
x-oss-request-id: 63A8691729A53C343274F8B0
Accept-Ranges: bytes
ETag: "C33793F28D72F2D4D43546976E6A6F4A"
Last-Modified: Sat, 05 Nov 2022 11:59:34 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12682853532486451350
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: wzeT8o1y8tTUNUaXbmpvSg==
x-oss-server-time: 4
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 15c2b222c7d014a484974a057f0e4dbd
8a050d4cffeaa7f07bf31cfc2c4f019a0c36f49f
0806e5d53688926c9f6e15f493b3d0ae8620481e4e57d5c927743b17b87435d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0806E5D53688926C9F6E15F493B3D0AE8620481E4E57D5C927743B17B87435D3"
Last-Modified: Sun, 25 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21494
Expires: Sun, 25 Dec 2022 21:13:51 GMT
Date: Sun, 25 Dec 2022 15:15:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4d9a5c651777661f1479be7d1dbfbb38
aed6e2d823a781a80142154fd64633fd9cac975d
f3c90f37f38ef36688da66402176786f6e3b0a058d140ee1680512a4335d60e6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3C90F37F38EF36688DA66402176786F6E3B0A058D140EE1680512A4335D60E6"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21533
Expires: Sun, 25 Dec 2022 21:14:30 GMT
Date: Sun, 25 Dec 2022 15:15:37 GMT
Connection: keep-alive
u1077.com/457e3f4ba08647348f74a16eb7e17d33.gif
45.61.212.144200 OK 7.6 kB URL HTTP/2 u1077.com/457e3f4ba08647348f74a16eb7e17d33.gif
IP 45.61.212.144:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 8f74f619ba647be0f7155abab01fb1e8
1a140e3cb91a1110292fb8db96488bea78cee3e4
16b598687195c0a239ad86e19bb4b9e498d4518fc91ed008279b8e0666c42973
GET /457e3f4ba08647348f74a16eb7e17d33.gif HTTP/1.1
Host: u1077.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "63849d41-1d8d"
server: nginx
date: Wed, 21 Dec 2022 07:45:40 GMT
content-type: image/gif
last-modified: Mon, 28 Nov 2022 11:36:33 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us4-cdnb-14
content-length: 7565
X-Firefox-Spdy: h2
8644aaw.com/aa.gif
60.244.96.178200 OK 76 kB IP 60.244.96.178:0
ASN #24154 Asia Pacific Broadband Fixed Lines Co., Ltd.
File type GIF image data, version 89a, 980 x 80\012- data
Hash d68a350273a6f5f4f92df23b6a28edcd
ef6be873c3e68405af0d721f86368d0bef121c8d
1b5ad5fb5ec52bbe6c88355fe5926b8e286d1d5a4bffdc805cecf3e86955e59b
GET /aa.gif HTTP/1.1
Host: 8644aaw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: image/gif
content-length: 76525
last-modified: Wed, 05 Oct 2022 10:35:14 GMT
etag: "633d5de2-12aed"
expires: Tue, 24 Jan 2023 15:15:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
8499132.com/8499/yb150X150.gif
23.224.101.34200 OK 172 kB URL HTTP/2 8499132.com/8499/yb150X150.gif
IP 23.224.101.34:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 172 kB (171916 bytes)
Hash a0c8602be33e9ee8e539c095dd060e74
c1e775b710cb7e59527b5638552a912ec9b68efd
987e2ce42d672d16270eb36654e33cbb112e8f9631a7cde7b8e10db8cb5ecdc3
GET /8499/yb150X150.gif HTTP/1.1
Host: 8499132.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 171916
last-modified: Sun, 18 Dec 2022 07:40:57 GMT
etag: "29f8c-5f01552c48972"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
8644aaw.com/a.gif
60.244.96.178200 OK 397 kB IP 60.244.96.178:0
ASN #24154 Asia Pacific Broadband Fixed Lines Co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Size 397 kB (397051 bytes)
Hash 5869cbd58ab3c66fb06e236b6b5dc421
e9d3274a485604f1077dff7b47968036e25b3ae3
62e972b383e9d0b0e5f7288e58935588610d0453b1b9fde60228328b1e2860d0
GET /a.gif HTTP/1.1
Host: 8644aaw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 15:15:34 GMT
content-type: image/gif
content-length: 397051
last-modified: Wed, 05 Oct 2022 08:47:42 GMT
etag: "633d44ae-60efb"
expires: Tue, 24 Jan 2023 15:15:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
8499132.com/8499/150x150.gif
23.224.101.34200 OK 133 kB URL HTTP/2 8499132.com/8499/150x150.gif
IP 23.224.101.34:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 133 kB (133000 bytes)
Hash 4d50d14fce2dc7bcc0681a80d4a6c92a
75e992e0e03b8fa0f0e1637cbd641e212cd84483
227ef81afa2bf9c11be0ee0c041f7317cbea44bfdc71dca55f408746c9367a79
GET /8499/150x150.gif HTTP/1.1
Host: 8499132.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:36 GMT
content-type: image/gif
content-length: 133000
last-modified: Sat, 17 Dec 2022 15:33:39 GMT
etag: "20788-5f007cf721b86"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky96080c.gif
47.110.23.69200 OK 432 kB URL HTTP/1.1 ggt999.oss-cn-hangzhou.aliyuncs.com/ky/ky96080c.gif
IP 47.110.23.69:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 432 kB (432195 bytes)
Hash 66560dc1fbaeb67885a45dd7dc5831e1
38584ed6146b3cd7f220a7cf5db732f462cf1474
5586b90e8f142c31b3b89a89cd2630ed0bd5a2560074f7a58dda96bbc4abae32
GET /ky/ky96080c.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sun, 25 Dec 2022 15:15:34 GMT
Content-Type: image/gif
Content-Length: 432195
Connection: keep-alive
x-oss-request-id: 63A869166E537B313093A91E
Accept-Ranges: bytes
ETag: "66560DC1FBAEB67885A45DD7DC5831E1"
Last-Modified: Sun, 06 Nov 2022 07:48:54 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15586424114477953781
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: ZlYNwfuutniFpF3X3Fgx4Q==
x-oss-server-time: 3
oss-zuixin11y17.xdullk.com/banben-imgss-03/db96ba95f9a2c0fea474c8790e5263f2.gif
58.218.208.95403 Forbidden 234 B URL HTTP/1.1 oss-zuixin11y17.xdullk.com/banben-imgss-03/db96ba95f9a2c0fea474c8790e5263f2.gif
IP 58.218.208.95:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash c037d38eeb98197c4e7a4765f6ad390d
95cc26aff7a86d7c6a89f28abdcefa1fa9624002
cea2c1c83527b2599ecef3b28185bce85fd79110c012e28be05380ec9db5a6f0
GET /banben-imgss-03/db96ba95f9a2c0fea474c8790e5263f2.gif HTTP/1.1
Host: oss-zuixin11y17.xdullk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: Tengine
Content-Type: application/xml
Content-Length: 234
Connection: keep-alive
Date: Sun, 25 Dec 2022 15:15:37 GMT
x-oss-request-id: 63A86919449B5432330AAD89
x-oss-cdn-auth: success
x-oss-server-time: 1
Ali-Swift-Global-Savetime: 1671981337
Via: cache34.l2cn2647[28,28,403-1280,M], cache54.l2cn2647[29,0], kunlun9.cn192[38,38,403-1280,M], kunlun8.cn192[40,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 25 Dec 2022 15:15:37 GMT
X-Swift-CacheTime: 1
X-Swift-Error: orig response 4XX error
Timing-Allow-Origin: *
EagleId: 3adad01c16719813374234686e
oss-zuixin11y17.xdullk.com/banben-imgss-03/ac52d4d2bfaf6e6382fbc5212da6e322.gif
58.218.208.95403 Forbidden 234 B URL HTTP/1.1 oss-zuixin11y17.xdullk.com/banben-imgss-03/ac52d4d2bfaf6e6382fbc5212da6e322.gif
IP 58.218.208.95:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 0483cc0e045bfcb91e18381df296833d
9ea633ea65920f3216f4ec3133d96206309983e3
5c5ef30e39d054554f044e74f29bb235e91024814afeda7ff85147bdd07788ab
GET /banben-imgss-03/ac52d4d2bfaf6e6382fbc5212da6e322.gif HTTP/1.1
Host: oss-zuixin11y17.xdullk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: Tengine
Content-Type: application/xml
Content-Length: 234
Connection: keep-alive
Date: Sun, 25 Dec 2022 15:15:37 GMT
x-oss-request-id: 63A86919449B5431360EAD89
x-oss-cdn-auth: success
x-oss-server-time: 1
Ali-Swift-Global-Savetime: 1671981337
Via: cache46.l2cn2647[32,31,403-1280,M], cache59.l2cn2647[33,0], kunlun2.cn192[42,41,403-1280,M], kunlun10.cn192[44,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 25 Dec 2022 15:15:37 GMT
X-Swift-CacheTime: 1
X-Swift-Error: orig response 4XX error
Timing-Allow-Origin: *
EagleId: 3adad01e16719813374237971e
8499136.com/8499/zzxx/960x60.gif
172.247.109.212200 OK 291 kB URL HTTP/2 8499136.com/8499/zzxx/960x60.gif
IP 172.247.109.212:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 291 kB (290572 bytes)
Hash 57aeaeed8e55b2a1e23b348d9d73f9d5
381bc182c18210ba33ebe13cbf8f20f297d33c16
e10903ca99193ba8ffd6c5f74753461cf070e75026e73fda3c040496f8dcfdb6
GET /8499/zzxx/960x60.gif HTTP/1.1
Host: 8499136.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 15:15:37 GMT
content-type: image/gif
content-length: 290572
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "46f0c-5f092cf097c3f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash d4c6aa76fdbfc570bfc20f2a28925e29
719ce6dcc3aab35b3c42d99a1891239023639d3f
90803fd5ec5aa4340608c595b90c130151b6b7601d0e5556ad83003856a59ee9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:56:28 GMT
ETag: "719ce6dcc3aab35b3c42d99a1891239023639d3f"
Last-Modified: Sun, 25 Dec 2022 11:56:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2558
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f28882ffa21bfe-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash d4c6aa76fdbfc570bfc20f2a28925e29
719ce6dcc3aab35b3c42d99a1891239023639d3f
90803fd5ec5aa4340608c595b90c130151b6b7601d0e5556ad83003856a59ee9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:56:28 GMT
ETag: "719ce6dcc3aab35b3c42d99a1891239023639d3f"
Last-Modified: Sun, 25 Dec 2022 11:56:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2558
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f28882fc4ab521-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash d4c6aa76fdbfc570bfc20f2a28925e29
719ce6dcc3aab35b3c42d99a1891239023639d3f
90803fd5ec5aa4340608c595b90c130151b6b7601d0e5556ad83003856a59ee9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 15:15:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Dec 2022 11:56:28 GMT
ETag: "719ce6dcc3aab35b3c42d99a1891239023639d3f"
Last-Modified: Sun, 25 Dec 2022 11:56:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2558
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77f288830991b512-OSL
767753tje.com/5cd51db86d704cdb8db461a7c334e9af.gif
103.170.15.85200 OK 998 kB URL HTTP/1.1 767753tje.com/5cd51db86d704cdb8db461a7c334e9af.gif
IP 103.170.15.85:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 998 kB (998247 bytes)
Hash 9fea4f8f0e7a55c6c6f0979280b49151
57fd9b647eb704e6a09e7cc3552a9d5fd654d3b4
8898543cc7e3c5578317155444c2ceaaf7aef4989b47a4aac5776c328d437d70
GET /5cd51db86d704cdb8db461a7c334e9af.gif HTTP/1.1
Host: 767753tje.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6372558b-f3b67"
Date: Mon, 05 Dec 2022 11:50:19 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 14 Nov 2022 14:49:47 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-15
Content-Length: 998247
img.1170555.com/images/63a7d333fdf312d626fa469c.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1170555.com/images/63a7d333fdf312d626fa469c.gif
IP 3.36.126.81:0
GET /images/63a7d333fdf312d626fa469c.gif HTTP/1.1
Host: img.1170555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/49dac90644c340f592fd293b1984c9a6
X-Firefox-Spdy: h2
kjimg10.360buyimg.com/ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif
112.13.110.3200 OK 0 B URL HTTP/2 kjimg10.360buyimg.com/ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif
IP 112.13.110.3:0
ASN #56041 China Mobile communications corporation
GET /ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif HTTP/1.1
Host: kjimg10.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 15:15:38 GMT
content-type: image/gif
content-length: 1197751
cache-control: max-age=15552000
expires: Mon, 19 Jun 2023 04:20:29 GMT
last-modified: Fri, 25 Nov 2022 14:36:03 GMT
age: 384909
via: http/1.1 ORI-CLOUD-HUZ-MIX-22 (jcs [cHs f ]), http/1.1 HAZ-CM-2-MIX-24 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1671596429005-0-0-2-110-110;200;200-1671972803978-0-0-0-7-7;200-1671981338319-0-0-0-3-3
X-Firefox-Spdy: h2
img.1129555.com/images/63a7d37efdf312d626fa469d.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1129555.com/images/63a7d37efdf312d626fa469d.gif
IP 3.36.126.81:0
GET /images/63a7d37efdf312d626fa469d.gif HTTP/1.1
Host: img.1129555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ldtqh.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/ef7549267ad04e16af055b00d3b86435
X-Firefox-Spdy: h2