Report - hkip.top/

Report Overview

Submitted URL
hkip.top/
IP
156.250.146.142
ASN
#132839 POWER LINE DATACENTER
Submitted
2023-02-01 15:56:59
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
10
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.pptt29.top	unknown			2.6 kB	68 kB	50.117.46.18
zerossl.ocsp.sectigo.com	4049	2020-05-09T21:05:29Z	2023-03-13T05:14:15Z	696 B	2.4 kB	104.18.32.68
8499163.com	unknown	2022-10-27T07:16:21Z	2023-03-11T16:01:58Z	382 B	48 kB	162.209.128.162
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	3.2 kB	37 kB	103.235.46.191
cdn.jsjsjs.xyz	unknown	2022-02-22T22:30:27Z	2023-03-12T16:39:44Z	404 B	407 kB	172.67.143.17
p3.douyinpic.com	23536	2020-12-18T12:20:50Z	2023-03-13T08:24:37Z	400 B	344 kB	47.246.44.226
kjimg10.360buyimg.com	unknown	2022-11-25T23:08:29Z	2023-03-13T05:55:46Z	448 B	1.2 MB	121.226.246.3
xinchacha2dv.ocsp-certum.com	unknown	2022-07-28T12:58:17Z	2023-03-13T08:17:56Z	352 B	1.8 kB	23.36.79.10
img.1151555.com	unknown	2022-11-11T15:19:32Z	2023-03-12T08:29:27Z	405 B	182 B	3.36.126.81
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.8 kB	3.6 kB	142.250.74.3
pic.picnewsss.com	unknown	2022-06-14T13:57:58Z	2023-03-13T08:30:34Z	783 B	233 kB	23.225.139.251
zz.bdustatic.com	671229	2021-10-22T20:02:58Z	2023-03-11T17:35:33Z	368 B	741 B	104.26.8.99
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.26.115.190
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	60 kB	34.120.237.76
img.1158555.com	unknown	2022-11-11T15:30:55Z	2023-03-12T22:51:48Z	405 B	118 kB	3.36.126.81
tu.jnctupian.com	unknown	2023-01-28T12:39:31Z	2023-03-12T17:26:38Z	772 B	1.1 MB	206.2.168.6
ldbbs.ldmnq.com	unknown	2022-01-01T16:20:18Z	2023-03-13T08:45:56Z	439 B	180 kB	120.52.95.234
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.7 kB	9.7 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
www.hkip.top	unknown			1.2 kB	3.6 kB	156.250.146.142
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.5 kB	93.184.220.29
ocsp.buypass.com	157566	2017-01-30T05:59:29Z	2023-03-13T05:11:40Z	340 B	2.2 kB	23.36.76.129
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	718 B	3.8 kB	104.18.21.226
dimg04.c-ctrip.com	139731	2014-05-08T18:11:10Z	2023-03-13T05:37:25Z	405 B	100 kB	104.110.17.24
fmtu.slsltutu.com	unknown	2023-01-05T04:12:47Z	2023-03-13T08:30:33Z	6.2 kB	1.7 MB	104.22.65.239
hkip.top	unknown	2022-09-05T03:28:22Z	2022-09-05T03:28:22Z	340 B	193 B	156.250.146.142
8499225.com	unknown	2022-10-25T08:24:12Z	2023-03-11T16:01:59Z	400 B	291 kB	162.209.128.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-01 15:57:09	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-02-01 15:57:09	medium	Client IP	156.250.146.142	ET INFO HTTP Request to a *.top domain
2023-02-01 15:57:13	low	162.209.128.162	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2023-02-01 15:57:13	low	162.209.128.162	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2023-02-01 15:57:16	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-02-01 15:57:16	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-02-01 15:57:17	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-02-01 15:57:17	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-02-01 15:57:18	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-02-01 15:57:18	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	www.hkip.top/common.js	1.5 kB	2023-03-13	2023-03-13
Pretty URL www.hkip.top/common.js IP 156.250.146.142 ASN #132839 POWER LINE DATACENTER Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash 19ba34d98420c95c10e48f300ec90c60 1d4b5591aae2b1fc7f82e8810ef06ef6392dc8ec dc6a61032c8d8f1d14d27e89644ee89c37be27584519ca605fd12ab05edb2cc7 Loading...

	www.hkip.top/tj.js	258 B	2023-03-13	2023-03-13
Pretty URL www.hkip.top/tj.js IP 156.250.146.142 ASN #132839 POWER LINE DATACENTER Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash d39926e55fc3b94f8b26dc89b7c3ef56 397216387e0093f2c702b1676c284c858c8b20f4 9c3aa80fc2d19981c9f6e4f62651ac18ba5ae8866d6a1c6137b3604419b6fadc Loading...

	www.pptt29.top/	254 B	2023-03-07	2023-03-26
Pretty URL www.pptt29.top/ IP 50.117.46.18 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:45 Last Seen2023-03-26 05:56:09 Times Seen4 Hash c889ebb85460466bbc2c13d0ae16977c 01e82247121a9350e971cad024ea1efd0fcb9a44 e8ae1626c3c41f98b92fad9ab62c13eef4cfb611c1d3f36d28f753e6a43a6ace Loading...

	hm.baidu.com/hm.js?5c3629ec2195e88c9bfc09e177e9cfd5	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?5c3629ec2195e88c9bfc09e177e9cfd5 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash a6d33b692af5ae84a88a6bf1dae429f1 c97f52fb45fcddea8cff672723b773a2a8b63d45 f1b005349069ff64907ccec9d45b7e9ea4c90393c0e2631548b434ec0a727b7b Loading...

	hm.baidu.com/hm.js?bfe6b26f78903861e446f74e1a2f35ef	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?bfe6b26f78903861e446f74e1a2f35ef IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash a025b26bd41064209a217b1abd6d23ca ab656e209e53d245de8d0d71148cf486196c77fe 9c75ad747f85595485a7c697360fdf58471ae2c2b09dea44ce260f68154a3388 Loading...

	www.hkip.top/index.php	40 B	2023-03-13	2023-03-13
Pretty URL www.hkip.top/index.php IP 156.250.146.142 ASN #132839 POWER LINE DATACENTER Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash 3716b849aed84d47eb7a3517d3fdae51 18ad64de7cffb06f40d08caeb00b291daaeeccb1 2f5dfb492f459b25144f0ffc44d704b6add63f53b1442e9976b5e69393fb075d Loading...

	www.pptt29.top/static/js/jquery.js	93 kB	2023-03-07	2024-04-23
Pretty URL www.pptt29.top/static/js/jquery.js IP 50.117.46.18 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:44 Last Seen2024-04-23 23:18:25 Times Seen4821 Hash 383771ef1692bfcc3f2b6917ca985778 a1ce0bfa507f23cc414a9a7634bd73b994bb3b35 20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734 Loading...

	www.pptt29.top/template/m1938pc/ads/aaa.js	406 B	2023-03-09	2023-03-14
Pretty URL www.pptt29.top/template/m1938pc/ads/aaa.js IP 50.117.46.18 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 07:34:46 Last Seen2023-03-14 10:43:39 Times Seen1 Hash 03bf095854e57d473b0cb86c2a24e27a ca4ebd30bb76eb16217459640c02adb0fc7e8519 7abdd21b9dd5bce87a11808793b86ca32359ec893b1881be7a1fa148cded4ee7 Loading...

	www.pptt29.top/	254 B	2023-03-13	2023-03-14
Pretty URL www.pptt29.top/ IP 50.117.46.18 ASN #18779 EGIHOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:22:00 Last Seen2023-03-14 10:43:39 Times Seen1 Hash 2cc33f7306a9b10adbdc1ced47f42491 eb9c5241f1c19c1a07b6dc3ac510f2ed323c1d75 4c5f75a61199ea79307e13adf883c6ea36b328b2576a03382c9459d7db60839f Loading...

	hm.baidu.com/hm.js?a10adec80785d08eef97ccd4b6e52593	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?a10adec80785d08eef97ccd4b6e52593 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash 8e025329368c2b28e6ed35a511bb46b5 1a295926c2e162dda826ad79d031c5359ac23471 c3eee14d7701ae8834e100303f5d20fc511b2d6057030053403fec448f85828e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 64bc339d31097e3dd25b3310ad56019a	461 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash 64bc339d31097e3dd25b3310ad56019a 074bfe9bb25fb56f3b8cd36173e4e228267291d2 6352fb6c8a11d7f20c0446e33339c0de1868c50fe46719523da7f575c8baf503 Loading...

		Size	First Seen	Last Seen
	#1 Write - 466a3527cba84435e107901b5900142d	442 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 14:17:40 Last Seen2023-03-13 14:17:40 Times Seen1 Hash 466a3527cba84435e107901b5900142d adf6f0e0913b021def794b8ec3be8cc3466d15e2 f2aee6b4a03340380b5418d645fdcacbbead3e92d0a7577a53b03c3a1513b846 Loading...

HTTP Transactions (82)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8371
Expires: Wed, 01 Feb 2023 18:16:18 GMT
Date: Wed, 01 Feb 2023 15:56:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10167
Expires: Wed, 01 Feb 2023 18:46:14 GMT
Date: Wed, 01 Feb 2023 15:56:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3134
Expires: Wed, 01 Feb 2023 16:49:01 GMT
Date: Wed, 01 Feb 2023 15:56:47 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 15:43:25 GMT
content-type: application/json
age: 802
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TNqTPGX4hVhSrzfpm44TLUTGvaxz6+OS1oWyvq9frcOuzYASh8QfNAs6YWNob9FiJgi8Fm/b57A=
x-amz-request-id: GD3D84V67DXQH3JF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 15:51:37 GMT
age: 310
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

hkip.top/

156.250.146.142

301 Moved Permanently

0 B

URL HTTP/1.1
hkip.top/
IP
156.250.146.142:0
ASN
#132839 POWER LINE DATACENTER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: hkip.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Feb 2023 15:56:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.hkip.top/index.php

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:56:47 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 15:41:42 GMT
age: 905
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5353
Expires: Wed, 01 Feb 2023 17:26:00 GMT
Date: Wed, 01 Feb 2023 15:56:47 GMT
Connection: keep-alive

www.hkip.top/index.php

156.250.146.142

200 OK

616 B

URL HTTP/1.1
www.hkip.top/index.php
IP
156.250.146.142:0
ASN
#132839 POWER LINE DATACENTER

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (754), with CRLF line terminators
Size
616 B (616 bytes)
Hash
941f44b5c191dcd9a2dc43c3232e127a
9d1ee5c5a53716382fa07a3cff350a45a4693ac0
88e70b4992d33e01cddb8417946bbbbf91808ca55b0bd7e2f63dfc23d62c3ca6

HTTP Headers

GET /index.php HTTP/1.1
Host: www.hkip.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:56:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

52.26.115.190

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.26.115.190:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AwpofrnaloyhTiNtfwR73A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EjvIMVP8nT74bjb0XPh1ejIo1wo=

www.hkip.top/common.js

156.250.146.142

200 OK

680 B

URL HTTP/1.1
www.hkip.top/common.js
IP
156.250.146.142:0
ASN
#132839 POWER LINE DATACENTER

File type
HTML document text\012- HTML document, ASCII text, with very long lines (440), with CRLF line terminators
Size
680 B (680 bytes)
Hash
3a6087bc5fc4bd92e8ca4423fb47a1f7
df8b5e1a27f763151a1b73a0f2fa4057cd1a925c
77b31ee8dc31851f3cf0026d50c020a75cb08eb0d44364d715f3da4cb4b82fae

HTTP Headers

GET /common.js HTTP/1.1
Host: www.hkip.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hkip.top/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:56:37 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.hkip.top/tj.js

156.250.146.142

200 OK

258 B

URL HTTP/1.1
www.hkip.top/tj.js
IP
156.250.146.142:0
ASN
#132839 POWER LINE DATACENTER

File type
ASCII text, with CRLF line terminators
Size
258 B (258 bytes)
Hash
d39926e55fc3b94f8b26dc89b7c3ef56
397216387e0093f2c702b1676c284c858c8b20f4
9c3aa80fc2d19981c9f6e4f62651ac18ba5ae8866d6a1c6137b3604419b6fadc

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.hkip.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hkip.top/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:56:37 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive

www.hkip.top/favicon.ico

156.250.146.142

200 OK

1.2 kB

URL HTTP/1.1
www.hkip.top/favicon.ico
IP
156.250.146.142:0
ASN
#132839 POWER LINE DATACENTER

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.hkip.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hkip.top/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:56:38 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Mon, 06 Feb 2023 15:56:38 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
2990101e9b0b8f69e086e0f82f553975
328241a46ca2737935370fc663563ca96b322fb7
6d625dc23ebfb31069fb86354d78174d15c5e8cc89632f84aea61b6deb85887d

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:56:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 05 Feb 2023 15:13:58 GMT
ETag: "328241a46ca2737935370fc663563ca96b322fb7"
Last-Modified: Wed, 01 Feb 2023 15:13:59 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 113
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792be1196aa60b02-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 01 Feb 2023 17:31:01 GMT
Date: Wed, 01 Feb 2023 15:56:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 01 Feb 2023 17:31:01 GMT
Date: Wed, 01 Feb 2023 15:56:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 01 Feb 2023 17:31:01 GMT
Date: Wed, 01 Feb 2023 15:56:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 01 Feb 2023 17:31:01 GMT
Date: Wed, 01 Feb 2023 15:56:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 01 Feb 2023 17:31:01 GMT
Date: Wed, 01 Feb 2023 15:56:49 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14041 bytes)
Hash
78fe9a77211d6f9a462f625af0c6f9bc
ac0b58423d7578e7a1b60a62220c0a57924dda82
e047466c3ae0a55509f4ace49d0476f94271b5a25e71caa3b06ec468a238b652

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14041
x-amzn-requestid: 2be6655d-3b0e-4e65-b44b-11682610b640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRGFpIAMFbMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-5554d18d5db235913afa77a2;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MeSOuCSjsjhK6FOS67rw6oF4rS08twjOACGbXJrNPH6vwZb8lZh9lw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
etag: "ac0b58423d7578e7a1b60a62220c0a57924dda82"
content-type: image/jpeg
age: 65131
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6819 bytes)
Hash
ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4MpUHqMYJoNA7QuRuQwbJIodNkhizq6EL5SPbIoSKFQjtoAKQgLuEg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:25 GMT
age: 65124
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hjIm9dNf6UE9rpIlKWeLwWuF7Pm6yJeAZgbwchvJcuDy-zkXEr502w==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
age: 65131
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5736 bytes)
Hash
2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64EbarGrn6AIpXOE8TIfiBeGFQinx-P9lUIvmiQ1ivZgFrxl7_W4EQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:57:42 GMT
age: 64747
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8597 bytes)
Hash
27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:53:10 GMT
age: 29019
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 22:03:43 GMT
age: 64386
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.pptt29.top/

50.117.46.18

200 OK

11 kB

URL HTTP/1.1
www.pptt29.top/
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
11 kB (10784 bytes)
Hash
0031860852a2e0521013a12ec0783e98
0080c74c6099aa75d5e0d921f807b0955e4194c9
aca4ebf94747178d8a3eec230b16ec492b4dc802e7a7997e0d725a03bc72592b

HTTP Headers

GET / HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hkip.top/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.0.33, ASP.NET
Date: Wed, 01 Feb 2023 15:56:31 GMT
Content-Length: 10784

www.pptt29.top/template/m1938pc/css/ate.css

50.117.46.18

200 OK

4.5 kB

URL HTTP/1.1
www.pptt29.top/template/m1938pc/css/ate.css
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
ASCII text, with CRLF line terminators
Size
4.5 kB (4498 bytes)
Hash
1164a38c5186eff1838f351d96dbd192
1f5c06f7969ca9602774591594b1d4170137cdc3
fec2bebf191e9c67f3ce3234909acb71fa272057962f230dce334cdfd514b3e2

HTTP Headers

GET /template/m1938pc/css/ate.css HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 07 May 2021 10:47:33 GMT
Accept-Ranges: bytes
ETag: "805073622e43d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:31 GMT
Content-Length: 4498

www.pptt29.top/template/m1938pc/ads/aaa.js

50.117.46.18

200 OK

403 B

URL HTTP/1.1
www.pptt29.top/template/m1938pc/ads/aaa.js
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
ASCII text, with very long lines (406), with no line terminators
Size
403 B (403 bytes)
Hash
02cf51a05e5c4a23b4b7d96de813806d
bc61fa729fbffe0ca9950cca126452a217aa0cd0
71428a8a4468441db64a36a03cadb865befe022001c9d930179481cac6e8ef16

HTTP Headers

GET /template/m1938pc/ads/aaa.js HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 16 Oct 2022 20:50:56 GMT
Accept-Ranges: bytes
ETag: "139d38fda0e1d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:31 GMT
Content-Length: 403

ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6b987290441b47afb6134a586245469b
945339b8598345dc39e15b81c2edf530e6280057
b815e8dbb3a7fbeae3ee457de5e75df5e9b8e33840f7235f19b4cc42e2f775a2

HTTP Headers

POST /s/gts1p5/zEa-BdGdBuM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.pptt29.top/template/m1938pc/css/zui.css

50.117.46.18

200 OK

15 kB

URL HTTP/1.1
www.pptt29.top/template/m1938pc/css/zui.css
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
15 kB (15198 bytes)
Hash
6f5aa0cf8202076c79fd657900529f6f
2e509a321310355e06c90abfd9b415ef08f6a02b
47ccaf7fd4f05353155d637f76473918470672e4c69f5d8e5df82f685a040bd4

HTTP Headers

GET /template/m1938pc/css/zui.css HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 07 May 2021 10:47:34 GMT
Accept-Ranges: bytes
ETag: "0e7b632e43d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:31 GMT
Content-Length: 15198

hm.baidu.com/hm.js?a10adec80785d08eef97ccd4b6e52593

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?a10adec80785d08eef97ccd4b6e52593
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (618)
Size
11 kB (11256 bytes)
Hash
f238aef859748967c6c63b84d8c6e75a
ac048053a5774f38c8c53dbb9a1243cec8e5aa7d
0a9adfb8d8a037dfa8104396bae935ec4e1ca42c227b49853d770c5ab9094cdb

HTTP Headers

GET /hm.js?a10adec80785d08eef97ccd4b6e52593 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hkip.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Wed, 01 Feb 2023 15:56:49 GMT
Etag: dbda3d79c2dbcdc74dde88371357e602
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=79820C4C6856D7E3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6b987290441b47afb6134a586245469b
945339b8598345dc39e15b81c2edf530e6280057
b815e8dbb3a7fbeae3ee457de5e75df5e9b8e33840f7235f19b4cc42e2f775a2

HTTP Headers

POST /s/gts1p5/zEa-BdGdBuM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.pptt29.top/static/js/jquery.js

50.117.46.18

200 OK

33 kB

URL HTTP/1.1
www.pptt29.top/static/js/jquery.js
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
ASCII text, with very long lines (32089), with CRLF line terminators
Size
33 kB (32864 bytes)
Hash
635cabcaf3cdeab18470446e80239302
9ab64e394a159396d23d246a7419fe043aa2f7a4
6063409071aa83fdff4be7c3d2134ab8b8f2c32dcd5ce08e44a2d83ab5b2bb42

HTTP Headers

GET /static/js/jquery.js HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 10 Mar 2019 13:12:51 GMT
Accept-Ranges: bytes
ETag: "80cbdbf642d7d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:31 GMT
Content-Length: 32864

ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/zEa-BdGdBuM
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6b987290441b47afb6134a586245469b
945339b8598345dc39e15b81c2edf530e6280057
b815e8dbb3a7fbeae3ee457de5e75df5e9b8e33840f7235f19b4cc42e2f775a2

HTTP Headers

POST /s/gts1p5/zEa-BdGdBuM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dimg04.c-ctrip.com/images/0102s12000abt00qfC9F4.gif

104.110.17.24

200 OK

100 kB

URL HTTP/2
dimg04.c-ctrip.com/images/0102s12000abt00qfC9F4.gif
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 960 x 60\012- data
Size
100 kB (99997 bytes)
Hash
f51695fcb79c2b9d03e55d56f544ef2f
d6c0a8ab1f6834de415f1f1d95e96e519d5903ec
031bf4112ca27cc0241e92862aeb63c50d6ca76daacb3ae2a24f4f133929bfce

HTTP Headers

GET /images/0102s12000abt00qfC9F4.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 99997
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=4650173
expires: Mon, 27 Mar 2023 11:39:43 GMT
date: Wed, 01 Feb 2023 15:56:50 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

www.pptt29.top/template/m1938pc/images/1.gif

50.117.46.18

200 OK

254 B

URL HTTP/1.1
www.pptt29.top/template/m1938pc/images/1.gif
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
GIF image data, version 89a, 16 x 17\012- data
Size
254 B (254 bytes)
Hash
b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

HTTP Headers

GET /template/m1938pc/images/1.gif HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 07 May 2021 10:47:37 GMT
Accept-Ranges: bytes
ETag: "563214652e43d71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:32 GMT
Content-Length: 254

ocsp.pki.goog/s/gts1p5/_xrTVnExDmw

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/_xrTVnExDmw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
747b1ebf0bbe436fda57d08462c5fb3d
2da3921a5111c3df026dd1dfb282c5de603b148d
ec123d282ed8c3109d4b300ff224ad6fd92215774c3fb5767bc6079b76ba3db8

HTTP Headers

POST /s/gts1p5/_xrTVnExDmw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

zerossl.ocsp.sectigo.com/

104.18.32.68

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
80fcf8dcdc6badd0c9369af5d0fb703d
51624b7e4808afe809e88bcc1be3ddab09d0294d
2174f45f6ac11be1c267220d786a534516933324e336ca5afcd8cd9543e44bc3

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:56:50 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 18:06:37 GMT
Expires: Tue, 07 Feb 2023 18:06:36 GMT
Etag: "51624b7e4808afe809e88bcc1be3ddab09d0294d"
Cache-Control: max-age=525585,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792be1218c7db51b-OSL

fmtu.slsltutu.com/upload/vod/20230131-1/5b2c9d249917e81e25b19409ac6e0949.jpg

104.22.65.239

200 OK

28 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/5b2c9d249917e81e25b19409ac6e0949.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x719, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (28124 bytes)
Hash
5181285adcd24945cc51cc6480ba6e12
15f52fce53830ab4a164e06f9ea5aba5e34b215b
88038a3faec8550559974aa3570223ad764f3d65ea9698582f1d6eb686683960

HTTP Headers

GET /upload/vod/20230131-1/5b2c9d249917e81e25b19409ac6e0949.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 28124
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=51560
content-disposition: inline; filename="5b2c9d249917e81e25b19409ac6e0949.webp"
etag: "63d894ff-c968"
last-modified: Tue, 31 Jan 2023 04:11:43 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11fbf729926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/0a3b30b01e77714b7a9fababbbfba3a5.jpg

104.22.65.239

200 OK

140 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/0a3b30b01e77714b7a9fababbbfba3a5.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
140 kB (139462 bytes)
Hash
088701c401a4784fd48988bf0d2214b0
17ec163d0bb6cff49169e12c72179ee5dd2751d6
80da8acde8eea70c44d5f7c3ccfd2eb9281da4b9d9e443d7abe79d667fa447e8

HTTP Headers

GET /upload/vod/20230131-1/0a3b30b01e77714b7a9fababbbfba3a5.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 139462
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=191459
content-disposition: inline; filename="0a3b30b01e77714b7a9fababbbfba3a5.webp"
etag: "63d894c5-2ebe3"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf679926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/14b102cf12adce122d370a44ee3b4d50.jpg

104.22.65.239

200 OK

42 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/14b102cf12adce122d370a44ee3b4d50.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x851, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (41750 bytes)
Hash
944dfb917968f00acffab059e45e62ab
52cc55a061be41370ef68ed8e1d067b894692239
d483439d16ef105a12a12d1fc0bd1653ccebd67c806b06a67f4993d681d243fd

HTTP Headers

GET /upload/vod/20230131-1/14b102cf12adce122d370a44ee3b4d50.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 41750
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=46438
content-disposition: inline; filename="14b102cf12adce122d370a44ee3b4d50.webp"
etag: "63d894b2-b566"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11fbf779926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/13a86ce9520114e93fcf94781419ea6f.jpg

104.22.65.239

200 OK

122 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/13a86ce9520114e93fcf94781419ea6f.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
122 kB (122420 bytes)
Hash
854dd5a91d6b4a430160bca875ed3801
c4fc190f9b0163487f18f573deae9fbe400aed98
69cde4f16f9f0f70c4dfac4e9959ba2f71aa9162a119a2abed744d65211602e9

HTTP Headers

GET /upload/vod/20230131-1/13a86ce9520114e93fcf94781419ea6f.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 122420
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=163444
content-disposition: inline; filename="13a86ce9520114e93fcf94781419ea6f.webp"
etag: "63d894c5-27e74"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf609926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/ed5747314c2c7c835c2ccba1e19db1c9.jpg

104.22.65.239

200 OK

120 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/ed5747314c2c7c835c2ccba1e19db1c9.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
120 kB (120290 bytes)
Hash
93edc0e3f6fc38627e130cec16b40578
f6e84e1e29bf2ed6f4fca740180a136a218dd347
9dcb840de5aa405237e043300dae775e584d9869a6fe8ecd33ac4699b23e28ae

HTTP Headers

GET /upload/vod/20230131-1/ed5747314c2c7c835c2ccba1e19db1c9.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 120290
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=158261
content-disposition: inline; filename="ed5747314c2c7c835c2ccba1e19db1c9.webp"
etag: "63d894c5-26a35"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf699926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/6cebd213a95e5597615a6000c3edd992.jpg

104.22.65.239

200 OK

135 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/6cebd213a95e5597615a6000c3edd992.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
135 kB (135422 bytes)
Hash
d66cdef7b0e4f2fd840965850f2b5a27
61ec3eb57c8def4cdaa3264fccd3f7ddf59a2088
4f0b858f9c160ffe0fd76f243bf4d1bebb705b902fc3a5f4cdb811abf4c91efe

HTTP Headers

GET /upload/vod/20230131-1/6cebd213a95e5597615a6000c3edd992.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 135422
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=175048
content-disposition: inline; filename="6cebd213a95e5597615a6000c3edd992.webp"
etag: "63d894b2-2abc8"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf639926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/b36fd610dd2c6769f0f850321c47368c.jpg

104.22.65.239

200 OK

151 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/b36fd610dd2c6769f0f850321c47368c.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
151 kB (150988 bytes)
Hash
3e9feb670ab74eb71276adae571f3c0a
334397912e56550947a30b74e2150eff108eb0fe
40144ba62af5fc0aafb7d747857d9cc0cefa610c5e606ba10e295f0772f2c19e

HTTP Headers

GET /upload/vod/20230131-1/b36fd610dd2c6769f0f850321c47368c.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 150988
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=196600
content-disposition: inline; filename="b36fd610dd2c6769f0f850321c47368c.webp"
etag: "63d894c5-2fff8"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf649926-ARN
X-Firefox-Spdy: h2

cdn.jsjsjs.xyz/happy/newyear/kongkong/960x60ns.gif

172.67.143.17

200 OK

406 kB

URL HTTP/2
cdn.jsjsjs.xyz/happy/newyear/kongkong/960x60ns.gif
IP
172.67.143.17:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
406 kB (406419 bytes)
Hash
91949a67089d61d1c111d50f6e101660
fab540d8a71b28159836bf995e398a9569314e47
35ede3c11832a2e4f6562a484535420d010601981e3b07fdc271f160b0a81507

HTTP Headers

GET /happy/newyear/kongkong/960x60ns.gif HTTP/1.1
Host: cdn.jsjsjs.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/gif
content-length: 406419
last-modified: Wed, 16 Feb 2022 13:39:39 GMT
etag: "620cfe9b-63393"
expires: Thu, 02 Feb 2023 08:50:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 2531176
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHTFKJh%2FKDwSsmGspIjdsFe4OD8Tle4qSuqdE1cWHZ20k5GAHImB5WbXLRX1I%2B2zBXmT6A%2FD4ZXruY%2FFYPalgK1Gev26yLwhhuI4yG7rR0VmRXOmiUACB8kcZrpSw0Iq1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792be1220c4eb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/8f8e37a06ab6b83aacbbea83e9e49e0e.jpg

104.22.65.239

200 OK

140 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/8f8e37a06ab6b83aacbbea83e9e49e0e.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
140 kB (139878 bytes)
Hash
edc7df123eae163adf481c5a0403833c
eab1cd54bab8ef8b92f788d24c4c04f5e82037e9
46bba4e8b1db99a5efadf298bdc5a2330b0ee486f5a7d83ffb6a8c00f2ab40d7

HTTP Headers

GET /upload/vod/20230131-1/8f8e37a06ab6b83aacbbea83e9e49e0e.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 139878
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=180689
content-disposition: inline; filename="8f8e37a06ab6b83aacbbea83e9e49e0e.webp"
etag: "63d894b2-2c1d1"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11faf6b9926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/278d266cbd59c717fc48955bf20e4200.jpg

104.22.65.239

200 OK

135 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/278d266cbd59c717fc48955bf20e4200.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
135 kB (134598 bytes)
Hash
6b0214017366faf8a7b7b9eeec481e91
cf72e1cfcdea07c49480531b164bf948afd2d5bb
29e8736cc839bcf5b5dc2671de2d4ca2f4f84bbaeea3d45f7c45a210a87d065a

HTTP Headers

GET /upload/vod/20230131-1/278d266cbd59c717fc48955bf20e4200.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 134598
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=178766
content-disposition: inline; filename="278d266cbd59c717fc48955bf20e4200.webp"
etag: "63d894b2-2ba4e"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11fbf749926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/640d27d5a05870e5301a4b0dac4a99ca.jpg

104.22.65.239

200 OK

136 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/640d27d5a05870e5301a4b0dac4a99ca.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
136 kB (135906 bytes)
Hash
40716c140458e810ca54d93cb98beae2
53279371d4eac2e24c91ce9c7298af97673ccc2f
1f9197e7a5267c191c92e342e5773f5dae0a7aaf9e5fa5c3759db9ea3e6b452a

HTTP Headers

GET /upload/vod/20230131-1/640d27d5a05870e5301a4b0dac4a99ca.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 135906
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=182463
content-disposition: inline; filename="640d27d5a05870e5301a4b0dac4a99ca.webp"
etag: "63d894fc-2c8bf"
last-modified: Tue, 31 Jan 2023 04:11:40 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11fbf759926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/b8ac6ead2af2366f95b082680d5c88ff.jpg

104.22.65.239

200 OK

142 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/b8ac6ead2af2366f95b082680d5c88ff.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x538, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
142 kB (141694 bytes)
Hash
7caded57f6d3797f001a6c75730b7545
ff6c5723d8cc7effd0f6f84e1b5386d57c285980
2d0d02a5bf73191fef854ec670bd3fd61e5c4a73181cfe5ee2ac1ef5af453795

HTTP Headers

GET /upload/vod/20230131-1/b8ac6ead2af2366f95b082680d5c88ff.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/webp
content-length: 141694
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=187778
content-disposition: inline; filename="b8ac6ead2af2366f95b082680d5c88ff.webp"
etag: "63d894c5-2dd82"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 792be11fbf789926-ARN
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1880260600&si=a10adec80785d08eef97ccd4b6e52593&v=1.3.0&lv=1&sn=61363&r=0&ww=1280&u=http%3A%2F%2Fwww.hkip.top%2Findex.php&tt=%E5%AE%9C%E6%98%A5%E5%87%AD%E4%BF%A3%E9%A4%90%E9%A5%AE%E7%AE%A1%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1880260600&si=a10adec80785d08eef97ccd4b6e52593&v=1.3.0&lv=1&sn=61363&r=0&ww=1280&u=http%3A%2F%2Fwww.hkip.top%2Findex.php&tt=%E5%AE%9C%E6%98%A5%E5%87%AD%E4%BF%A3%E9%A4%90%E9%A5%AE%E7%AE%A1%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1880260600&si=a10adec80785d08eef97ccd4b6e52593&v=1.3.0&lv=1&sn=61363&r=0&ww=1280&u=http%3A%2F%2Fwww.hkip.top%2Findex.php&tt=%E5%AE%9C%E6%98%A5%E5%87%AD%E4%BF%A3%E9%A4%90%E9%A5%AE%E7%AE%A1%E7%90%86%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hkip.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 01 Feb 2023 15:56:50 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=BB931FEAB83E5DD4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

www.pptt29.top/template/m1938pc/images/video-mask.png

50.117.46.18

200 OK

107 B

URL HTTP/1.1
www.pptt29.top/template/m1938pc/images/video-mask.png
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Size
107 B (107 bytes)
Hash
6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa

HTTP Headers

GET /template/m1938pc/images/video-mask.png HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/template/m1938pc/css/zui.css

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 07 May 2021 10:47:34 GMT
Accept-Ranges: bytes
ETag: "66c95632e43d71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:32 GMT
Content-Length: 107

www.pptt29.top/template/m1938pc/images/video-play.png

50.117.46.18

200 OK

1.6 kB

URL HTTP/1.1
www.pptt29.top/template/m1938pc/images/video-play.png
IP
50.117.46.18:0
ASN
#18779 EGIHOSTING

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1567 bytes)
Hash
be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4

HTTP Headers

GET /template/m1938pc/images/video-play.png HTTP/1.1
Host: www.pptt29.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pptt29.top/template/m1938pc/css/zui.css

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 07 May 2021 10:47:37 GMT
Accept-Ranges: bytes
ETag: "661634652e43d71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 01 Feb 2023 15:56:32 GMT
Content-Length: 1567

fmtu.slsltutu.com/upload/vod/20230131-1/5794469305d79260e52bbafd37747771.jpg

104.22.65.239

200 OK

129 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/5794469305d79260e52bbafd37747771.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x537, components 3\012- data
Size
129 kB (129180 bytes)
Hash
04b1c5aa59a4fa170388d68135ff6576
0990eabbbc8ebde374dcb1c04a99053c56dfa3d8
cb7dba8de9ee5277075bbf66bbd3eccbefb85a951df8ec7c3f4d00e269005848

HTTP Headers

GET /upload/vod/20230131-1/5794469305d79260e52bbafd37747771.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/jpeg
content-length: 129180
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=186707, status=webp_bigger
etag: "63d894b2-2d953"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 792be11faf5e9926-ARN
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
59205a97342b51909c2f9e5386a0eb2d
338f56fe43267665dde2ef1b17adeba7f985daa2
aa38d7033bfc3b72bed571253348439bcab4bd093ecb46228c012bfa04f4c197

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:50 GMT
Server: ECS (amb/6B71)
Content-Length: 279

fmtu.slsltutu.com/upload/vod/20230131-1/3241885e1653249de13a1f98fdc52a5c.jpg

104.22.65.239

200 OK

140 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/3241885e1653249de13a1f98fdc52a5c.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x538, components 3\012- data
Size
140 kB (140277 bytes)
Hash
6fa23d918543bee07bff69c9791009ce
ead8fb446e4ddfbe3aea5d6f32e8a826f68f03f3
6ed5aaf6114900297020f09e84c5de3986e730f4f7e8b2772c8ba324fcdb74df

HTTP Headers

GET /upload/vod/20230131-1/3241885e1653249de13a1f98fdc52a5c.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/jpeg
content-length: 140277
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=193355, status=webp_bigger
etag: "63d894b2-2f34b"
last-modified: Tue, 31 Jan 2023 04:10:26 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 792be11faf619926-ARN
X-Firefox-Spdy: h2

fmtu.slsltutu.com/upload/vod/20230131-1/e463c27677b830c55fbdf9f432a63520.jpg

104.22.65.239

200 OK

114 kB

URL HTTP/2
fmtu.slsltutu.com/upload/vod/20230131-1/e463c27677b830c55fbdf9f432a63520.jpg
IP
104.22.65.239:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x538, components 3\012- data
Size
114 kB (113749 bytes)
Hash
9028ec6d4211becb9eb1cb5af0b9109d
d620ee76b8183d809f66d8096b923a0bb74aaf30
c1e6476684fb8a37c0cf5ded76139b7aaa83093f2c30a831a604881b31eafbda

HTTP Headers

GET /upload/vod/20230131-1/e463c27677b830c55fbdf9f432a63520.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:50 GMT
content-type: image/jpeg
content-length: 113749
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=155182, status=webp_bigger
etag: "63d894c5-25e2e"
last-modified: Tue, 31 Jan 2023 04:10:45 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 792be11fbf739926-ARN
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fa1c543c96446e2b23461ebe10971c02
69456221cdcb23cd2b9cbf58d9c3b384d3887713
b300c3da3e95f65d5065add4694fbf3bf34a934c95c166d0e70a820183c7abef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B300C3DA3E95F65D5065ADD4694FBF3BF34A934C95C166D0E70A820183C7ABEF"
Last-Modified: Mon, 30 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17453
Expires: Wed, 01 Feb 2023 20:47:44 GMT
Date: Wed, 01 Feb 2023 15:56:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8e3a681a90816dc956b59902f2866500
c6f2da190a7f59b3b2c23076fbf5c1a33677b5f4
6fcdabe8b224a392bfe50909a417f24577a629ed110f97a8e29d10c12d3ec869

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FCDABE8B224A392BFE50909A417F24577A629ED110F97A8E29D10C12D3EC869"
Last-Modified: Mon, 30 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12477
Expires: Wed, 01 Feb 2023 19:24:48 GMT
Date: Wed, 01 Feb 2023 15:56:51 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/_xrTVnExDmw

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/_xrTVnExDmw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
747b1ebf0bbe436fda57d08462c5fb3d
2da3921a5111c3df026dd1dfb282c5de603b148d
ec123d282ed8c3109d4b300ff224ad6fd92215774c3fb5767bc6079b76ba3db8

HTTP Headers

POST /s/gts1p5/_xrTVnExDmw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.buypass.com/

23.36.76.129

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
23.36.76.129:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
a8738e22f73432241b28ce51bf609e6a
9ac1aa6c230757f21cd5769a200278c5de0c4758
71319bf36925cadea10fdf6a541ffa8339564ffbd5842d87ab1f3e8487fdf049

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: b743fad8-7f8d-4aa1-aab5-589e8669b6a2
Content-Length: 1701
Date: Wed, 01 Feb 2023 15:56:51 GMT
Connection: keep-alive

zerossl.ocsp.sectigo.com/

104.18.32.68

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
47f339a4ac4a682b810635a97078b3d4
1b0a85e0d48b47fd4ebe8c028c87fccd0cdc9f24
a085304f7c4b18a4f6a8aa14c7544b43f9144c78f47e4312353ed2c4ee8529a5

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:56:51 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 00:10:10 GMT
Expires: Mon, 06 Feb 2023 00:10:09 GMT
Etag: "1b0a85e0d48b47fd4ebe8c028c87fccd0cdc9f24"
Cache-Control: max-age=374597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792be123d8fab51b-OSL

hm.baidu.com/hm.js?5c3629ec2195e88c9bfc09e177e9cfd5

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?5c3629ec2195e88c9bfc09e177e9cfd5
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
9c43d1046865789eab2be2f4b2ad91d3
1b267643c6bcdddc662579f47f62f53c7fa1dc8b
04e905b78c3bff1a0571be82c77875d5092f6fe78f8a7164f5e13c869ff98178

HTTP Headers

GET /hm.js?5c3629ec2195e88c9bfc09e177e9cfd5 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Wed, 01 Feb 2023 15:56:50 GMT
Etag: 8c5ebb17f797ad149be46934435a39f9
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C7C6034D92BC62BC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

pic.picnewsss.com/tu-pic/se-1.jpg

23.225.139.251

200 OK

27 kB

URL HTTP/2
pic.picnewsss.com/tu-pic/se-1.jpg
IP
23.225.139.251:0
ASN
#40065 CNSERVERS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.98.100", baseline, precision 8, 638x378, components 3\012- data
Size
27 kB (26754 bytes)
Hash
d7603dc1b229c08999abed67adb502ac
54c441cd973289db604c2ee8a9b7121616c1a871
b284bcf5f87ce6f498d8e3bc39b3fbd1300597553be3a0bd0414c78a6e2d835e

HTTP Headers

GET /tu-pic/se-1.jpg HTTP/1.1
Host: pic.picnewsss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=2592000
content-type: image/jpeg
date: Tue, 31 Jan 2023 21:24:56 GMT
etag: "1675264014"
expires: Thu, 02 Mar 2023 21:24:56 GMT
last-modified: Wed, 01 Feb 2023 15:06:54 GMT
server: nginx
x-cache: HIT, policy, memory
content-length: 26754
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?bfe6b26f78903861e446f74e1a2f35ef

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?bfe6b26f78903861e446f74e1a2f35ef
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (618)
Size
11 kB (11256 bytes)
Hash
7d81e6092ee21688bc2665fd428d3d50
32efbc4417aecd8a31692dafc317ae0f99f55fa0
867437f6209d50db21c986f5c0cd80dc637673f821ee15aebd1558da296ef1c7

HTTP Headers

GET /hm.js?bfe6b26f78903861e446f74e1a2f35ef HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Wed, 01 Feb 2023 15:56:51 GMT
Etag: db89acc0f8221a67698eb216ca8f81cb
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8D222C2012DA9C41; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

8499163.com/8499/350x200.gif

162.209.128.162

200 OK

48 kB

URL HTTP/2
8499163.com/8499/350x200.gif
IP
162.209.128.162:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 350 x 200\012- data
Size
48 kB (47506 bytes)
Hash
f8d2572df8f01504aaa76b378a40c823
b3e5e0036106f39fb413670d4e3b67f09bf2622e
e3d959fddba34077a49f68eb33c9f1d081848ea25f6d41ce1fea31c306bd60a9

HTTP Headers

GET /8499/350x200.gif HTTP/1.1
Host: 8499163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:51 GMT
content-type: image/gif
content-length: 47506
last-modified: Sat, 17 Dec 2022 10:40:27 GMT
etag: "b992-5f003b6de4338"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=1755880346&si=5c3629ec2195e88c9bfc09e177e9cfd5&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61363&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=1755880346&si=5c3629ec2195e88c9bfc09e177e9cfd5&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61363&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=1755880346&si=5c3629ec2195e88c9bfc09e177e9cfd5&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61363&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 01 Feb 2023 15:56:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=71A2700C65BFEDA9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

8499225.com/8499/zzxx/960x60.gif

162.209.128.162

200 OK

291 kB

URL HTTP/2
8499225.com/8499/zzxx/960x60.gif
IP
162.209.128.162:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 960 x 60\012- data
Size
291 kB (290572 bytes)
Hash
57aeaeed8e55b2a1e23b348d9d73f9d5
381bc182c18210ba33ebe13cbf8f20f297d33c16
e10903ca99193ba8ffd6c5f74753461cf070e75026e73fda3c040496f8dcfdb6

HTTP Headers

GET /8499/zzxx/960x60.gif HTTP/1.1
Host: 8499225.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:56:51 GMT
content-type: image/gif
content-length: 290572
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "46f0c-5f092cf097c3f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=799841179&si=bfe6b26f78903861e446f74e1a2f35ef&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61364&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=799841179&si=bfe6b26f78903861e446f74e1a2f35ef&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61364&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=923&et=0&ja=0&ln=en-us&lo=0&rnd=799841179&si=bfe6b26f78903861e446f74e1a2f35ef&su=http%3A%2F%2Fwww.hkip.top%2F&v=1.3.0&lv=1&sn=61364&r=0&ww=1264&u=http%3A%2F%2Fwww.pptt29.top%2F&tt=%E7%94%9C%E7%94%9C%E5%BD%B1%E8%A7%86-%E5%85%8D%E8%B4%B9%E7%9F%AD%E8%A7%86%E9%A2%91%E5%88%86%E4%BA%AB%E5%A4%A7%E5%85%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 01 Feb 2023 15:56:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F1D4CA0C473D4F44; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
51ccc2ef0a545174cce95a1204756b16
6c62784a6f6429b82163ae5f26bdd5f39a361cd5
b191b154ac179a5a1a1f31b94c3c6beeaabbdeb7e69f340192a01c4b6cb704a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3874
Cache-Control: max-age=111779
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:56:51 GMT
Etag: "63d98e45-2d7"
Expires: Thu, 02 Feb 2023 22:59:50 GMT
Last-Modified: Tue, 31 Jan 2023 21:55:17 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 727

img.1158555.com/images/639db58a1e6435355291fe26.gif

3.36.126.81

302 Found

118 kB

URL HTTP/2
img.1158555.com/images/639db58a1e6435355291fe26.gif
IP
3.36.126.81:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 480 x 360\012- data
Size
118 kB (117533 bytes)
Hash
64d1f2a505dd712e4727497f8c33b39d
34847c19f1a17a4b7f9b34ec6df2ee192c40e393
3c2b88b02d502347dabc4a9f2b90e085ba09eec344ebf57b46b78af7964c3ad1

HTTP Headers

GET /images/639db58a1e6435355291fe26.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/0086950a42db42e184566ce7ec55daa1
X-Firefox-Spdy: h2

p3.douyinpic.com/obj/tos-cn-i-dy/70c57cabb92242258bbf034be8584f7f

47.246.44.226

200 OK

343 kB

URL HTTP/2
p3.douyinpic.com/obj/tos-cn-i-dy/70c57cabb92242258bbf034be8584f7f
IP
47.246.44.226:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
GIF image data, version 89a, 960 x 60\012- data
Size
343 kB (343002 bytes)
Hash
ce862703bd3a6fd9e7acc3c32453fe84
c27754e24547e935314ba986477cd326628af7e4
eb9f779660b2713488854f27a211239724bb29b842e939424ec882b51520350b

HTTP Headers

GET /obj/tos-cn-i-dy/70c57cabb92242258bbf034be8584f7f HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 343002
date: Sat, 17 Dec 2022 10:28:23 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 17 Dec 2022 10:00:43 GMT
nw-session-id: 2022121718004301013113605215982497p5k6801dy
nw-session-trace: 2022-12-17T18:00:43.827293149+08:00 42
x-bdcdn-cache-status: TCP_HIT
x-length: 343002
x-powered-by: ImageX
x-response-date: Sat, 17 Dec 2022 18:00:43 GMT
x-tt-logid: 2022121718004301013113605215982497
via: n128-134-083, cache14.l2de2[0,0,206-0,H], cache5.l2de2[2,0], cache5.l2de2[3,0], cache3.se1[0,0,200-0,H], cache8.se1[2,0]
x-request-ip: fdbd:dc03:15:482::74
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 010ec35d8338a3c1341674e3d2464ee09a429c9c5af2fc930930b9ec60625c05f3b71a3d79f906afd2479681df4ec15d8b01af344e24d3e5df5584a5196f7e0400dfccab4c7d44dab881b7b096fd4eb23fa223bfc14da29e326a459a9a6aa15d8b
x-response-lb: image
ali-swift-global-savetime: 1671272903
age: 3994109
x-cache: HIT TCP_MEM_HIT dirn:9:164853675
x-swift-savetime: Sat, 17 Dec 2022 11:36:55 GMT
x-swift-cachetime: 31531888
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9c16752670120638241e
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
e2e0d67d7ab26d03634e88ae97fef43f
2a85879648da5cd7577cabd96ab1f599300b1ca7
7d1003a0df767ddb779a8d8b68654d6230d8d3eb653511b1b0f0a0998234e0f0

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:56:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 05 Feb 2023 15:03:00 GMT
ETag: "2a85879648da5cd7577cabd96ab1f599300b1ca7"
Last-Modified: Wed, 01 Feb 2023 15:03:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1684
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792be12a0d8d0b02-OSL

tu.jnctupian.com/jnc/jnc60.gif

206.2.168.6

200 OK

588 kB

URL HTTP/1.1
tu.jnctupian.com/jnc/jnc60.gif
IP
206.2.168.6:0
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

File type
GIF image data, version 89a, 960 x 80\012- data
Size
588 kB (588208 bytes)
Hash
dd3cba4292fdf286ea918af37467821b
8ce19953bb82a0cbeda589a6b249faea5484fc64
0b2450e440026a2abc0c6637dab790a67468754eaa0e0a3d5a90c00c3811abe5

HTTP Headers

GET /jnc/jnc60.gif HTTP/1.1
Host: tu.jnctupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/onex
Date: Wed, 01 Feb 2023 15:56:51 GMT
Content-Type: image/gif
Content-Length: 588208
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 11:43:48 GMT
ETag: "63d50a74-8f9b0"
Expires: Fri, 03 Mar 2023 08:22:17 GMT
X-One-Cache: HIT
Accept-Ranges: bytes

tu.jnctupian.com/jnc/jnc750350.gif

206.2.168.6

200 OK

474 kB

URL HTTP/1.1
tu.jnctupian.com/jnc/jnc750350.gif
IP
206.2.168.6:0
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

File type
GIF image data, version 89a, 750 x 350\012- data
Size
474 kB (474399 bytes)
Hash
571a8ffada89af9d2219f868a6148dba
e37dba54faa9934debb5b3ca6419dad59cfe1ca2
fadd49c4a6dc3da31e219e0b820c70c617913ffdd6bdbe4150290156603e1193

HTTP Headers

GET /jnc/jnc750350.gif HTTP/1.1
Host: tu.jnctupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/onex
Date: Wed, 01 Feb 2023 15:56:51 GMT
Content-Type: image/gif
Content-Length: 474399
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 12:03:59 GMT
ETag: "63d50f2f-73d1f"
Expires: Fri, 03 Mar 2023 08:22:46 GMT
X-One-Cache: HIT
Accept-Ranges: bytes

xinchacha2dv.ocsp-certum.com/

23.36.79.10

200 OK

1.5 kB

URL HTTP/1.1
xinchacha2dv.ocsp-certum.com/
IP
23.36.79.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.5 kB (1538 bytes)
Hash
b0e56ae994534ae24ede05db81c53ad9
47a1900002febb9d00b345f463a5043767deb574
afbb06004abf50f19611c3d01fa705b2200225449732d93c9edb324b056241ca

HTTP Headers

POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=887
Date: Wed, 01 Feb 2023 15:56:52 GMT
Connection: keep-alive
X-N: S

pic.picnewsss.com/tu-2022290039/960-60.gif

23.225.139.251

200 OK

206 kB

URL HTTP/2
pic.picnewsss.com/tu-2022290039/960-60.gif
IP
23.225.139.251:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 960 x 60\012- data
Size
206 kB (205622 bytes)
Hash
8a22a6888c325aa3acf83e7cedfe35e7
37da1ea976724d35c1c32ae18d7924192184ba32
2e90b20d4c2067ff68444790955d65d2745365cf025c486c8c2b685696faeeaa

HTTP Headers

GET /tu-2022290039/960-60.gif HTTP/1.1
Host: pic.picnewsss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=2592000
content-type: image/gif
date: Wed, 01 Feb 2023 15:04:54 GMT
etag: "1675264254"
expires: Fri, 03 Mar 2023 15:04:54 GMT
last-modified: Wed, 01 Feb 2023 15:10:54 GMT
server: nginx
x-cache: HIT, policy, memory
content-length: 205622
X-Firefox-Spdy: h2

kjimg10.360buyimg.com/ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif

121.226.246.3

200 OK

1.2 MB

URL HTTP/2
kjimg10.360buyimg.com/ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif
IP
121.226.246.3:0
ASN
#4134 Chinanet

File type
GIF image data, version 89a, 960 x 80\012- data
Size
1.2 MB (1197751 bytes)
Hash
6938343bc2a842c4d2c9c96f4dde0298
00e2b1b902b196b3c005facb934c10e2a2ca1961
5ccc1726994dfc6d2667e13bf946785f79bb01401fedb59db1cbdf6942dbaee6

HTTP Headers

GET /ott/jfs/t1/189066/1/30475/1197751/6380d2d3E76f8142d/68bdb767b760041f.gif HTTP/1.1
Host: kjimg10.360buyimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:56:52 GMT
content-type: image/gif
content-length: 1197751
cache-control: max-age=15552000
expires: Fri, 28 Jul 2023 09:49:13 GMT
last-modified: Fri, 25 Nov 2022 14:36:03 GMT
age: 281259
via: http/1.1 ORI-CLOUD-HUZ-MIX-22 (jcs [cMsSfW]), http/1.1 SQ-CT-1-MIX-16 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1674985753775-0-0-14-82-82;200;200-1674985753770-0-0-0-196-196;200-1675267012330-0-0-0-0-0
X-Firefox-Spdy: h2

ldbbs.ldmnq.com/bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif

120.52.95.234

200 OK

179 kB

URL HTTP/1.1
ldbbs.ldmnq.com/bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif
IP
120.52.95.234:0
ASN
#133119 China Unicom IP network

File type
GIF image data, version 89a, 960 x 80\012- data
Size
179 kB (179376 bytes)
Hash
060c3528e46d78f1519c8314b721db7d
a2e5c760f9d8f8b66876a1154d77d0ac1a8dc770
9ccd4e99244acbbe80618b207371077823185542b94eca43101f24ae722a04f2

HTTP Headers

GET /bbs/topic/attachment/2022-11/8fbc235b-eea9-49bd-9239-fc4d8ba02c01.gif HTTP/1.1
Host: ldbbs.ldmnq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:56:53 GMT
Content-Type: image/gif
Content-Length: 179376
Connection: keep-alive
Server: openresty
Age: 6425680
CloudServiceDiscount: CDN
Content-Encoding: utf-8
ETag: "060c3528e46d78f1519c8314b721db7d"
Last-Modified: Sat, 19 Nov 2022 07:01:58 GMT
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
via: CHN-HElangfang-AREACUCC1-CACHE28[3],CHN-HElangfang-AREACUCC1-CACHE45[0,TCP_HIT,2],CHN-TJ-GLOBAL1-CACHE58[129],CHN-TJ-GLOBAL1-CACHE23[125,TCP_MISS,127]
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSG9Bpph4FDxmsTGREY5Xdhy2p4yRQpt
x-amz-request-id: 000001848EB1E3C49814366B09A03735
x-amz-storage-class: STANDARD_IA
x-hcs-proxy-type: 1
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Accept-Ranges: bytes

img.1151555.com/images/639d9f411e6435355291fd61.gif

3.36.126.81

302 Found

0 B

URL HTTP/2
img.1151555.com/images/639d9f411e6435355291fd61.gif
IP
3.36.126.81:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/639d9f411e6435355291fd61.gif HTTP/1.1
Host: img.1151555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/70c57cabb92242258bbf034be8584f7f
X-Firefox-Spdy: h2

zz.bdustatic.com/linksubmit/push.js

104.26.8.99

403 Forbidden

0 B

URL HTTP/2
zz.bdustatic.com/linksubmit/push.js
IP
104.26.8.99:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /linksubmit/push.js HTTP/1.1
Host: zz.bdustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pptt29.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Wed, 01 Feb 2023 15:56:51 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LpB2Fykjq9owoPMYPO7QKV8N%2Fxx%2BmB6bLAwYj7FmVvpvQtKTQwUGzdRg0J74LMpcMWSVweX5%2FfsrXtlJ%2BomROGwnf37qeEkIXd%2BAQikDC5z6FvrdLidEuAU6E5b9hFSFVOk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792be1232f6e1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML