r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 911d74784325663a0d95b463b0e9ae9b
21e999229be584d8e42696bce71236ad5bcb9a25
f48cbe4d605e660a45267400e0add4f7bc7cd523c450376ecd8e3a7f094abf56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F48CBE4D605E660A45267400E0ADD4F7BC7CD523C450376ECD8E3A7F094ABF56"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8717
Expires: Tue, 28 Mar 2023 09:13:28 GMT
Date: Tue, 28 Mar 2023 06:48:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6570
Expires: Tue, 28 Mar 2023 08:37:41 GMT
Date: Tue, 28 Mar 2023 06:48:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 06:15:48 GMT
content-type: application/json
age: 1943
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20541
Expires: Tue, 28 Mar 2023 12:30:32 GMT
Date: Tue, 28 Mar 2023 06:48:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MpyXk5vvXe/gpGjqqNi+vcPau5h6WoaxhN6KU1BrSKg7RgfnRdfVfkkAmBcsn2z04lNUu7ZX/RY=
x-amz-request-id: Y9WVBCJB91E1JBFZ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 06:01:56 GMT
age: 2775
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
45.194.221.44301 Moved Permanently 0 B URL HTTP/1.1 xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
IP 45.194.221.44:0
ASN #134548 DXTL Tseung Kwan O Service
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hongjietuku_hongjiecaisetuku/index_14.html HTTP/1.1
Host: xyjpzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 28 Mar 2023 06:48:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:11 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 06:14:35 GMT
age: 2017
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2516
Expires: Tue, 28 Mar 2023 07:30:08 GMT
Date: Tue, 28 Mar 2023 06:48:12 GMT
Connection: keep-alive
www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
45.194.221.44200 OK 624 B URL HTTP/1.1 www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
IP 45.194.221.44:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (734), with CRLF line terminators
Hash f6b84beca8e59a464e48155952d3a6d3
2eeaa36d45717fd91ef1583698851a4999f83d4a
9c97cc8af5f051cec9a7bbcde958eb9bc1186ac34478a1a3f0d42cfe153a7e7d
GET /hongjietuku_hongjiecaisetuku/index_14.html HTTP/1.1
Host: www.xyjpzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
52.89.63.231101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.63.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9dPXnaBoprI5IpyxZIWDvg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Lz1RHMyMPxQNlJM1DIRA3VBVFh0=
www.xyjpzz.com/common.js
45.194.221.44200 OK 779 B IP 45.194.221.44:0
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document text\012- HTML document, ASCII text, with very long lines (1232), with CRLF line terminators
Hash 32c3fe42fab97b4fce9ca5340ea0ed1c
c36579d5e88683d891dbeb61ba346ebe800453f1
7cce6ae3eb8eb44457ebf293bee55727dc4d9d6aa7f464c888b303fbca8475fc
GET /common.js HTTP/1.1
Host: www.xyjpzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:12 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.xyjpzz.com/tj.js
45.194.221.44200 OK 258 B IP 45.194.221.44:0
ASN #134548 DXTL Tseung Kwan O Service
File type ASCII text, with CRLF line terminators
Hash 7417297091161eaadc7eec67bce54fff
230f47f8981c0fbe95c7ead4330f561501e9e250
08479c004577ee01e2c1747d2839b46f39d514eae7f8c7d23bbf6f85903e24ed
GET /tj.js HTTP/1.1
Host: www.xyjpzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:12 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.xyjpzz.com/favicon.ico
45.194.221.44200 OK 1.2 kB URL HTTP/1.1 www.xyjpzz.com/favicon.ico
IP 45.194.221.44:0
ASN #134548 DXTL Tseung Kwan O Service
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.xyjpzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xyjpzz.com/hongjietuku_hongjiecaisetuku/index_14.html
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:13 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Sun, 02 Apr 2023 06:48:13 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 4e9975388cc0792b7cfe0421dfe66db3
0ea5f51b9d4ba674fce525c82f9bbc7164e18448
b4517d7cdb02d5af0fedbe4028d7eda76ccc6502dd67124697944b904c022b07
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Apr 2023 03:19:35 GMT
ETag: "0ea5f51b9d4ba674fce525c82f9bbc7164e18448"
Last-Modified: Tue, 28 Mar 2023 03:19:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3030
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aeded1eaddeb50c-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 4e9975388cc0792b7cfe0421dfe66db3
0ea5f51b9d4ba674fce525c82f9bbc7164e18448
b4517d7cdb02d5af0fedbe4028d7eda76ccc6502dd67124697944b904c022b07
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Apr 2023 03:19:35 GMT
ETag: "0ea5f51b9d4ba674fce525c82f9bbc7164e18448"
Last-Modified: Tue, 28 Mar 2023 03:19:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3030
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aeded1eaa36b500-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15094
Expires: Tue, 28 Mar 2023 10:59:47 GMT
Date: Tue, 28 Mar 2023 06:48:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15094
Expires: Tue, 28 Mar 2023 10:59:47 GMT
Date: Tue, 28 Mar 2023 06:48:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15094
Expires: Tue, 28 Mar 2023 10:59:47 GMT
Date: Tue, 28 Mar 2023 06:48:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15094
Expires: Tue, 28 Mar 2023 10:59:47 GMT
Date: Tue, 28 Mar 2023 06:48:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15094
Expires: Tue, 28 Mar 2023 10:59:47 GMT
Date: Tue, 28 Mar 2023 06:48:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:20:32 GMT
age: 30461
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e828b7227de7aa7a7b7c54c96e0cef9a
9a717142ab25dabf9123485ef51ed586662d2a71
0390f8771432de010cc11e11be2e2dfa7c303664858a5b066e66a628a1f3dd66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 05cb5115-a27b-485a-89fd-670bdb5bb06f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbofHHPIAMFkQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-774bb5d725336b35088e2527;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: OUJZjN0YFRbVlZWNMbOXCvz9Ttj5bYtGwAOuGXR_T-GtUyWkXQAxhQ==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:53:24 GMT
etag: "9a717142ab25dabf9123485ef51ed586662d2a71"
content-type: image/jpeg
age: 32089
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: wlc65ytdELa_faMSddEDHZNsbtF1_CgMOho3W3BvkaOSrFyAkKUagg==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:43:57 GMT
age: 32656
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 8e810007-5602-40d0-b103-da5421381d67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbpjHdcoAMFSuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca3-22f4671a5cd5fab36268ae3f;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:39 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -rX6JXPNzVJyz9ykqPUCTNBUK9NOK2CAwrrVNPsoVfCDIEeH3AS3bQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:30 GMT
age: 31963
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: JDa9YUJ9xo5mo8tb7poZC8XJDp6USTidZjWEwTZCrioJxR7vur6uJw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:00:12 GMT
age: 31682
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81deaf86-00e1-426d-accc-a596d32fda0a.webp
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81deaf86-00e1-426d-accc-a596d32fda0a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e7d0f129e34b7b45c5588f6e54695e65
ebfa51ed1aa57c15275774c8cb6ee825263091ed
ea1595fdc8307f0a48410e5f9bb4bea91224e1b0c91a84ec712f4e42b471a4d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81deaf86-00e1-426d-accc-a596d32fda0a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6968
x-amzn-requestid: a98beb73-8024-4858-91ab-82275b43615c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbskH5noAMFmwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cb6-2336664b3d94b2091238b51e;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:58 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NeiaVG-rhYYiS4P0hqAv_TMYOXXew8DG5TIiBkj9RfbxVoeVBrATrA==
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:25:54 GMT
age: 30140
etag: "ebfa51ed1aa57c15275774c8cb6ee825263091ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gwdomain.top/
23.224.106.203200 OK 18 kB IP 23.224.106.203:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (547)
Hash c13cd93772a4ef012c8c668cf665090e
2ef5ad9018e14a16e936f5c0624ffab1578b250f
a5a09bbd1b7eb85190e09c511f0d8ec7f7f9cf7a38b9124bb797b7dcfd26138f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xyjpzz.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
gwdomain.top/template/m1938pc/css/style.css?v=4
23.224.106.203200 OK 7.6 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/css/style.css?v=4
IP 23.224.106.203:0
File type Unicode text, UTF-8 text, with very long lines (560)
Hash 74bd8a6a206ec03a3c3fa238d58fd943
47673f30712c58c9b2bef0cf1b6cb309597404c7
2cfa41f15dd802ebd76ff7235b9df223a596797254e1578f85df9926756744cd
GET /template/m1938pc/css/style.css?v=4 HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: text/css
Last-Modified: Fri, 07 Oct 2022 11:07:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6340086a-6743"
Expires: Tue, 28 Mar 2023 18:48:14 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
gwdomain.top/template/m1938pc/js/piaofu.js
23.224.106.203200 OK 2.2 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/js/piaofu.js
IP 23.224.106.203:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (488)
Hash 75bf900303774900a3178b48e355bac0
6ddccfbe4c42f5280ca4a5a9fb4e00f31f694fb7
1ddebe9201666ed01ac9e235e580f54965784238e71e4a021d6f581a86b92581
GET /template/m1938pc/js/piaofu.js HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: application/javascript
Last-Modified: Tue, 21 Mar 2023 03:28:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64192477-1c52"
Expires: Tue, 28 Mar 2023 18:48:14 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
gwdomain.top/template/m1938pc/js/jquery.min.js
23.224.106.203200 OK 38 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/js/jquery.min.js
IP 23.224.106.203:0
File type ASCII text, with very long lines (32077)
Hash c0750a85ce0399accd8ded17e2564d6b
ba767d35271e9b39305f156814495650f269ddb6
9de8ff805e6807598c4c2987a8368ff4b2240606f6285902c844baf5a04655ac
GET /template/m1938pc/js/jquery.min.js HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: application/javascript
Last-Modified: Fri, 07 Oct 2022 11:07:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63400884-17b8b"
Expires: Tue, 28 Mar 2023 18:48:14 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
hm.baidu.com/hm.js?bc6577211c62409c080d5f7c7a451a89
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?bc6577211c62409c080d5f7c7a451a89
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (625)
Hash 469a08299fdf217c634dd3165033ccb5
93bb086c81cbed87cfb2d15a5ea491fed05ea2df
fa3caca389a1d07c3a8a4f423db13b4ccc7938d33610430f906666277166f8d7
GET /hm.js?bc6577211c62409c080d5f7c7a451a89 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xyjpzz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11263
Content-Type: application/javascript
Date: Tue, 28 Mar 2023 06:48:14 GMT
Etag: eeee50a0a6fc02995cc89333f0df7ab3
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D125DD04131C8A66; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?76609ecd60fa03f87787cae985623793
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?76609ecd60fa03f87787cae985623793
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash fd5d2a586353ad7ec65bd49447572a82
be0b7bc9911b9d3268d75120ce81f2df270d6772
b9eb83c9221280a99921a39db1d6a852bb80b41691e2eccf7146c646b30133ce
GET /hm.js?76609ecd60fa03f87787cae985623793 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xyjpzz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Tue, 28 Mar 2023 06:48:14 GMT
Etag: 3cf28f07c858e1a1ba85830f113cde3a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4557A159C578F2EE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
gwdomain.top/template/m1938pc/images/960_160ye3.gif
23.224.106.203200 OK 116 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/960_160ye3.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 960 x 160\012- data
Size 116 kB (116355 bytes)
Hash c80d5aea6b3455b84e22681f8795ed74
76e612bdb50784abb7e43e5f56f0955b25c9d7d4
408fc38a7c6120b647a92fab7aab5cfb7b1c035f1ef36accd99456b1456f16da
GET /template/m1938pc/images/960_160ye3.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: image/gif
Content-Length: 116355
Last-Modified: Sat, 11 Feb 2023 09:05:52 GMT
Connection: keep-alive
ETag: "63e75a70-1c683"
Expires: Thu, 27 Apr 2023 06:48:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/%E4%B8%80%E7%A0%81%E4%B8%AD%E7%89%B9.gif
23.224.106.203200 OK 554 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/%E4%B8%80%E7%A0%81%E4%B8%AD%E7%89%B9.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 554 kB (554169 bytes)
Hash 9624dfa4e6e39992a9c7d68bff9208bb
e5d22b897b34ca43258a98a8705b3975bd0b2e83
4e694559cfa38fb8687139df57ed8dd07e8ecb3139f6d0a671fce846b27da59c
GET /template/m1938pc/images/%E4%B8%80%E7%A0%81%E4%B8%AD%E7%89%B9.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: image/gif
Content-Length: 554169
Last-Modified: Thu, 23 Mar 2023 10:54:59 GMT
Connection: keep-alive
ETag: "641c3003-874b9"
Expires: Thu, 27 Apr 2023 06:48:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/ads/img/1.gif
23.224.106.203200 OK 254 B URL HTTP/1.1 gwdomain.top/template/m1938pc/ads/img/1.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/m1938pc/ads/img/1.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 254
Last-Modified: Sun, 10 Jul 2022 14:39:44 GMT
Connection: keep-alive
ETag: "62cae4b0-fe"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/130x130.gif
23.224.106.203200 OK 214 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/130x130.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 130 x 130\012- data
Size 214 kB (214184 bytes)
Hash 2b41e2cab02a336c64f228d7715a7ee4
d7113fb3e404a66465e41994a1bf5ce7d8611c35
bdb84c4c58734e08a874b994ef74928d9aff5ade52ce423d29f1f052a6ec10db
GET /template/m1938pc/images/130x130.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: image/gif
Content-Length: 214184
Last-Modified: Mon, 20 Mar 2023 16:45:14 GMT
Connection: keep-alive
ETag: "64188d9a-344a8"
Expires: Thu, 27 Apr 2023 06:48:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/960av.gif
23.224.106.203200 OK 25 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/960av.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 1020 x 60\012- data
Hash edb0e0745fe1ce51b71b2dcfec486c58
03e96bdda66106f9f76a721c4520af213c3c5c77
1d659201aba0c958e20c651c65627563827a97fa0d4969c8737f9d0f3e52374f
GET /template/m1938pc/images/960av.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 24836
Last-Modified: Tue, 14 Feb 2023 14:55:15 GMT
Connection: keep-alive
ETag: "63eba0d3-6104"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/caipiao01.gif
23.224.106.203200 OK 543 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/caipiao01.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 900 x 120\012- data
Size 543 kB (542975 bytes)
Hash 483cbc9f6e014560a9ff9e625df8e3fe
667962101dd8f228bdc244d1c7afdc72b8d225f1
85f52ac4e5dad2a6017218ce99c2c039eb6ee93fdf09c03e621f1ac6db7239e7
GET /template/m1938pc/images/caipiao01.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:14 GMT
Content-Type: image/gif
Content-Length: 542975
Last-Modified: Mon, 20 Mar 2023 16:45:54 GMT
Connection: keep-alive
ETag: "64188dc2-848ff"
Expires: Thu, 27 Apr 2023 06:48:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/980_1802.gif
23.224.106.203200 OK 22 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/980_1802.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 980 x 60\012- data
Hash 7cbd21e216099d5cb08c82dfeaea9c75
802cca53943c83b95eda848b0268d3d2fb618198
b88e093929fa57a307e7c20ca995c37702f1cc98ca82c425f5dc68e45bbdc2f5
GET /template/m1938pc/images/980_1802.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 21777
Last-Modified: Wed, 22 Mar 2023 15:04:18 GMT
Connection: keep-alive
ETag: "641b18f2-5511"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/images/980_1803.gif
23.224.106.203200 OK 22 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/980_1803.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 980 x 60\012- data
Hash 19a0cf78fd10be27f2b11cc8d0221444
90ae36134e426071fcc4ad30313f0c78a223d66a
8f896f0b3fd03b8184fe66540b2762324c8a899de8cc0ea3df15b58959d911c0
GET /template/m1938pc/images/980_1803.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 21639
Last-Modified: Wed, 22 Mar 2023 15:04:19 GMT
Connection: keep-alive
ETag: "641b18f3-5487"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6e18cb280874d3380df5ff2204ce727e
f1f374770cc672fa0cc2d3923e905807d9df141f
9d8c8eb5e44418adab60f8f2954145b89fc3dfdb4efed58b298a93f1a74da0fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D8C8EB5E44418ADAB60F8F2954145B89FC3DFDB4EFED58B298A93F1A74DA0FC"
Last-Modified: Sun, 26 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5343
Expires: Tue, 28 Mar 2023 08:17:18 GMT
Date: Tue, 28 Mar 2023 06:48:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dacb71a2ac5070dc13901e4b2efd8c7b
d3cf090ebd715371da7a8bbc5c93ad7e0945e17a
c006d8212c3951b516ee670e90e8586a1def353ce1f1558c35ef54563455c82d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C006D8212C3951B516EE670E90E8586A1DEF353CE1F1558C35EF54563455C82D"
Last-Modified: Sun, 26 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11376
Expires: Tue, 28 Mar 2023 09:57:51 GMT
Date: Tue, 28 Mar 2023 06:48:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dacb71a2ac5070dc13901e4b2efd8c7b
d3cf090ebd715371da7a8bbc5c93ad7e0945e17a
c006d8212c3951b516ee670e90e8586a1def353ce1f1558c35ef54563455c82d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C006D8212C3951B516EE670E90E8586A1DEF353CE1F1558C35EF54563455C82D"
Last-Modified: Sun, 26 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11376
Expires: Tue, 28 Mar 2023 09:57:51 GMT
Date: Tue, 28 Mar 2023 06:48:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dacb71a2ac5070dc13901e4b2efd8c7b
d3cf090ebd715371da7a8bbc5c93ad7e0945e17a
c006d8212c3951b516ee670e90e8586a1def353ce1f1558c35ef54563455c82d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C006D8212C3951B516EE670E90E8586A1DEF353CE1F1558C35EF54563455C82D"
Last-Modified: Sun, 26 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11376
Expires: Tue, 28 Mar 2023 09:57:51 GMT
Date: Tue, 28 Mar 2023 06:48:15 GMT
Connection: keep-alive
gwdomain.top/template/m1938pc/images/980_1801.gif
23.224.106.203200 OK 20 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/980_1801.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 980 x 60\012- data
Hash cbe5e8c4dbeb20f8e90fd6c80f14cc88
9b8708707bfb92fa5e571af021842d533924bb38
084d40e2362f42c06c10c1d63619cc16888670b2e6274efeedc8c509bc17c653
GET /template/m1938pc/images/980_1801.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 20317
Last-Modified: Wed, 22 Mar 2023 15:04:17 GMT
Connection: keep-alive
ETag: "641b18f1-4f5d"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6e18cb280874d3380df5ff2204ce727e
f1f374770cc672fa0cc2d3923e905807d9df141f
9d8c8eb5e44418adab60f8f2954145b89fc3dfdb4efed58b298a93f1a74da0fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D8C8EB5E44418ADAB60F8F2954145B89FC3DFDB4EFED58B298A93F1A74DA0FC"
Last-Modified: Sun, 26 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5343
Expires: Tue, 28 Mar 2023 08:17:18 GMT
Date: Tue, 28 Mar 2023 06:48:15 GMT
Connection: keep-alive
tukudhgg.vip/logotp/klm29.gif
188.114.97.1200 OK 707 kB URL HTTP/2 tukudhgg.vip/logotp/klm29.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 707 kB (706607 bytes)
Hash de65e95ed6ad16569325d0eb6f948afa
4cedbb4fb40fb0d35efd617b3b207e78ffe4d85a
88e67b99365a0814cbdf10fd982322516af9f2bb613f1c72e218ba32a7a31fca
GET /logotp/klm29.gif HTTP/1.1
Host: tukudhgg.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 706607
last-modified: Mon, 02 May 2022 08:41:33 GMT
etag: "626f993d-ac82f"
expires: Thu, 06 Apr 2023 01:10:23 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1834609
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LSknW7u7UTLdtHjOZbs6pt8g669MnEO2ZUABgiPiq4fYx2Wv92qhxv4t%2Bwlx%2FsuqyKlgbSnFWgYbkhTXVLDt%2F79Lra6M3J5v2wSWEdwdQgxB1LlN5v8j1cNiVOj1ZM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded2b7a9b0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gwdomain.top/template/m1938pc/images/400x400.gif
23.224.106.203200 OK 1.0 MB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/400x400.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 400 x 400\012- data
Size 1.0 MB (1037755 bytes)
Hash 40a9b30067f68d6fde6d102f7b6dc647
32a84a18036214b003f9e7bd553c150bba33ae5c
fe683b4b879df14a60b7e5eed4d7ec60013410311c90a8d6e98782d3abf6d31d
GET /template/m1938pc/images/400x400.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 1037755
Last-Modified: Mon, 20 Mar 2023 16:45:01 GMT
Connection: keep-alive
ETag: "64188d8d-fd5bb"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
595tuchuang.com/200x200.gif
23.224.27.254200 OK 1.0 kB URL HTTP/1.1 595tuchuang.com/200x200.gif
IP 23.224.27.254:0
Hash eaed17f436d516cbb45afce02b6f368e
aaba0bfc2d57c63c7401ba852122b7bfc4d24860
7f0c451b2fd22324cd2569b93423c748546eea5c52e5528cf415471d11f9ab64
GET /200x200.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1018
Pragma: no-cache
Cache-control: no-store
587tuchuang.com/200x200.gif
23.224.27.252200 OK 836 B URL HTTP/1.1 587tuchuang.com/200x200.gif
IP 23.224.27.252:0
Hash 5cb032d287e71e9191cf8095822ae174
30434800abc01f09928c4cf55be51c26accf2328
0a9d92612fd814c2c4562510eb9e62a935b9793264c614f93c937c6d597c5082
GET /200x200.gif HTTP/1.1
Host: 587tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 836
Pragma: no-cache
Cache-control: no-store
tukudhgg.vip/lm/spk320.gif
188.114.97.1200 OK 137 kB URL HTTP/2 tukudhgg.vip/lm/spk320.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 720 x 428\012- data
Size 137 kB (136930 bytes)
Hash 8ee25a766c10b2ade919dad65e1c9b37
a1d17bdfcda79dbf1ff41eed3e899db67c6c16c6
b9720e5b3ae93583e8e915eddc4c9c00d915c81be0ca0f20069443f18f37c0bb
GET /lm/spk320.gif HTTP/1.1
Host: tukudhgg.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 136930
last-modified: Thu, 15 Sep 2022 09:25:05 GMT
etag: "6322ef71-216e2"
expires: Sat, 08 Apr 2023 10:05:12 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1629715
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2B5tj273U93%2BGuB70I9yKz56MKUB6J%2Fo8rwsZMZV%2F%2Bfc%2BsINgtrHw7pHv5AVkp%2F7HRP%2F%2BMfHjw1Sb22zPIRz7CAbWx3C1aUKonv6qwyODVvRC9vjFwXjyggm50g3Y4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded2b8aab0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tgqd.tsmgsoce.com/photo_2022-06-01_20-47-37.jpg
188.114.96.1200 OK 34 kB URL HTTP/2 tgqd.tsmgsoce.com/photo_2022-06-01_20-47-37.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x227, components 3\012- data
Hash c0d604a0cfb05fb9cf577d033e7eb92c
95fcfc3d6350cfc82153efc243b04d34a3091789
f5b5991b71976196a5b0194bac5db5ed79c2d25d4a5acc78e8a43de9e60eb5d6
GET /photo_2022-06-01_20-47-37.jpg HTTP/1.1
Host: tgqd.tsmgsoce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:16 GMT
content-type: image/jpeg
content-length: 33648
last-modified: Wed, 01 Jun 2022 13:49:38 GMT
etag: "62976e72-8370"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-headers: auth_token,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Range,User-Agent,X-CustomHeader,X-Mx-ReqToken,X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 600
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQ%2FV17VbYIyB9j5zjlqRGh1RaiI6fJ5a5NKOamZkOxU%2FcU5NBcLNwyRyPvr6KeQwNFrS7nxmMYoNa%2BLPzWmEJ6yRN3wWjsKgcX%2F%2BM4Y63hINtSzXUbB%2BzDlwK%2F1qf9MG%2By0YUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded297fd01c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
595tuchuang.com/960x80.gif
23.224.27.254301 Moved Permanently 166 B URL HTTP/1.1 595tuchuang.com/960x80.gif
IP 23.224.27.254:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3ea1c8d079b38532a6e01a96216ba5e2
598d3ff91d3e252f1e13df8cf0348b270ff2da3f
87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691
GET /960x80.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 301 Moved Permanently
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
Location: https://595tuchuang.com/960x80.gif
Server: cdn
tgqd.tsmgsoce.com/pf2022.jpg
188.114.96.1200 OK 23 kB URL HTTP/2 tgqd.tsmgsoce.com/pf2022.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x576, components 3\012- data
Hash 7660372b7e830716e25deef41b32d08c
3346df51d6890cd8391c77a9ed597911c8a47323
642b78336be967e5264b8324d678d4ed106fb65c2a86d7764a3b35694787c01a
GET /pf2022.jpg HTTP/1.1
Host: tgqd.tsmgsoce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:16 GMT
content-type: image/jpeg
content-length: 23342
last-modified: Sat, 28 May 2022 08:46:59 GMT
etag: "6291e183-5b2e"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-headers: auth_token,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Range,User-Agent,X-CustomHeader,X-Mx-ReqToken,X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 600
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ga4%2F0KZB3SziU%2Bh62N51XFXt3YZs3t6NzHVF145jdNAjjE5Are6r2U0usY7CDWBk1NyOcy2dk8ted8DGi%2Fyndcdm6W9HOTD2qyrTcAiCtkO1nKyRrYm5Nk2%2F0C%2F%2BOACx6t4xJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded298fd91c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1572451741&si=bc6577211c62409c080d5f7c7a451a89&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1572451741&si=bc6577211c62409c080d5f7c7a451a89&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1572451741&si=bc6577211c62409c080d5f7c7a451a89&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xyjpzz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 28 Mar 2023 06:48:15 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F14831F3D6C55BB1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1513943695&si=76609ecd60fa03f87787cae985623793&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1513943695&si=76609ecd60fa03f87787cae985623793&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1513943695&si=76609ecd60fa03f87787cae985623793&v=1.3.0&lv=1&sn=61925&r=0&ww=1280&u=http%3A%2F%2Fwww.xyjpzz.com%2Fhongjietuku_hongjiecaisetuku%2Findex_14.html&tt=%E4%B9%89%E4%B9%8C%E6%98%A5%E5%8D%B5%E5%A8%B1%E4%B9%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xyjpzz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 28 Mar 2023 06:48:16 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=B00084443B819F8E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
683tuchuang.com/200x200.gif
14.128.34.138200 OK 26 kB URL HTTP/1.1 683tuchuang.com/200x200.gif
IP 14.128.34.138:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 200 x 200\012- data
Hash 26a1927f8c2511e3a0d092826534489c
d5f66cdfa15a72c9a64f895ddd8d077893a69403
ab9fed67d408e7cb72b8997ba8d2f4a532f10f62d0233d4f02f04e97c0ff1935
GET /200x200.gif HTTP/1.1
Host: 683tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 25898
Connection: keep-alive
Last-Modified: Wed, 21 Dec 2022 13:20:55 GMT
ETag: "63a30837-652a"
Expires: Tue, 11 Apr 2023 08:49:56 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
587tuchuang.com/960x80.gif
23.224.27.252200 OK 46 kB URL HTTP/1.1 587tuchuang.com/960x80.gif
IP 23.224.27.252:0
File type GIF image data, version 89a, 960 x 80\012- data
Hash 71f52eb6b257632ccf5f1ca592e24630
078e286ab14da4c78fd1a245b6d75a411b5dd6aa
05821b4f922a0eaa3454b7bef9da02cde5ae19ab2cc64e827eeadce056bcc670
GET /960x80.gif HTTP/1.1
Host: 587tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 45891
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 15:48:40 GMT
ETag: "63b6f158-b343"
Expires: Thu, 20 Apr 2023 21:17:39 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
n33133.com/af0ba3fe8bb715fa82a8816200452ba2.gif
172.83.155.45200 OK 231 kB URL HTTP/2 n33133.com/af0ba3fe8bb715fa82a8816200452ba2.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 231 kB (230723 bytes)
Hash 73fd9d69f781b18679efd698ea6190c1
cd427a1bd2b3632f18c6587d1445882f0ad24b43
372ebffbaf9344516cc79c536e40079c94b0484c1a10c4b32042eca770cc19f7
GET /af0ba3fe8bb715fa82a8816200452ba2.gif HTTP/1.1
Host: n33133.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 230723
last-modified: Fri, 03 Feb 2023 12:02:28 GMT
etag: "63dcf7d4-38543"
expires: Tue, 28 Mar 2023 18:48:15 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 198342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhlUf4mG1mhx73hcRF1sv94bNVrZNeTjXyC%2BOjkcQnGFbHdVk6Unh0gSj3PB%2BswAB9uH%2Fn8JLS0zYI7FqCpXUMgU1pG1E4iLHMyoGp2sny2ALWky27jsE1vst4%2B9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7a7ed37d6d42843d-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
683tuchuang.com/683x80.gif
14.128.34.138200 OK 97 kB URL HTTP/1.1 683tuchuang.com/683x80.gif
IP 14.128.34.138:0
ASN #64050 BGPNET Global ASN
File type GIF image data, version 89a, 960 x 80\012- data
Hash 7ef2a37263a1cbc9b7cf55c6f0d5ac67
c8bfc4c06c67fc0e5e9d53700d223dc8a356e771
12e406cd176aa01d744f324307d636b84de1ed6bae0d0c1a7ac9fb454768b41f
GET /683x80.gif HTTP/1.1
Host: 683tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 97435
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 18:31:22 GMT
ETag: "63e3ea7a-17c9b"
Expires: Tue, 11 Apr 2023 08:49:37 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
n33133.com/67a0474849f4ee10ccbe3b0d2cebf337.gif
172.83.155.45200 OK 296 kB URL HTTP/2 n33133.com/67a0474849f4ee10ccbe3b0d2cebf337.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 296 kB (295930 bytes)
Hash 298c2af98aa06470fcb80ad293146c0f
75be32a4c283cf249855e51c847d4f687d7436ec
e7060057157f5971d5b1031e9fe93528d70ad7bcf07d851bca10563594abae1e
GET /67a0474849f4ee10ccbe3b0d2cebf337.gif HTTP/1.1
Host: n33133.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 295930
last-modified: Mon, 30 Jan 2023 12:14:22 GMT
etag: "63d7b49e-483fa"
expires: Tue, 28 Mar 2023 18:48:15 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 55457
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rswmwxT1uZozOa7P7R27RxMWhMzuKNZ7hBzV4pNLerccXgpFgtt5WLuUXRjmSWgCchtp19HwlC%2Fn%2F8D10ojKKeUtZHvsQx%2Fj967Qqx%2Fj%2FzEAa%2FWujhBLm02lUCvA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7a7132f90b56c4f5-SEA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
gwdomain.top/template/m1938pc/images/960x120.gif
23.224.106.203200 OK 904 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/960x120.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 904 kB (904277 bytes)
Hash 32ceec3916a9078db7255bc950016987
0b7ee5e4d9ef3391402fb0eaa573ddf9672fd08f
630cd5f0295afb2fb6bff891c0f24e5629f04be395871fee631eb56178c64928
GET /template/m1938pc/images/960x120.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:15 GMT
Content-Type: image/gif
Content-Length: 904277
Last-Modified: Mon, 20 Mar 2023 16:45:11 GMT
Connection: keep-alive
ETag: "64188d97-dcc55"
Expires: Thu, 27 Apr 2023 06:48:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
aooacctp.vip/lm/se5.gif
104.21.82.179200 OK 397 kB IP 104.21.82.179:0
File type GIF image data, version 89a, 320 x 180\012- data
Size 397 kB (396964 bytes)
Hash 7b42e791e269b8425a0f380efdd8e5fd
10c09c8f711478c7aeccc988c076d299fafcbbfa
00ef96678470106e95be9f6f4dc07debbbb63a96db839adbf17e5e04e27caf60
GET /lm/se5.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:16 GMT
content-type: image/gif
content-length: 396964
last-modified: Wed, 25 May 2022 14:04:51 GMT
etag: "628e3783-60ea4"
expires: Fri, 07 Apr 2023 09:23:07 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1718643
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n0w0fJTDYe%2F%2BlNaTNm1ogIIDPvDmjg6kVXcZ%2B%2BJ6f8J1vMr32waDcOUJZZlNjFSR2Co3VQ%2FAGPaD6bXSeIWltCq%2BjjHHCIZMd5C0861idAkuHKtMVjlssIYn8pcFyDc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded2fefb0b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
n33033.com/35fe769ebaacc7280c45cf1013e5c0c2.gif
5.78.95.164200 OK 650 kB URL HTTP/2 n33033.com/35fe769ebaacc7280c45cf1013e5c0c2.gif
IP 5.78.95.164:0
File type GIF image data, version 89a, 750 x 375\012- data
Size 650 kB (650429 bytes)
Hash c92e6055db915b82d8772bcb2f518ddd
67e3030d221e506ad644710775630fd8e055f089
ffee9eecf283f23e7e599901cc0a1f6e42e6da0d5678851c73e19dc440343c06
GET /35fe769ebaacc7280c45cf1013e5c0c2.gif HTTP/1.1
Host: n33033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 650429
last-modified: Tue, 16 Aug 2022 11:19:56 GMT
etag: "62fb7d5c-9ecbd"
expires: Tue, 28 Mar 2023 18:48:15 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 667702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owRhBrDA%2BscFj2fi3lHjdiZZokGQBNR1dc2zr1F8med5lfY1IrXkBN3mTCzEtQKxX3sSsgiYnIc6w1J%2Fuhn1NrNcVzdod7wo8uN1AjmWMx%2FbV3TC01iaGLzZFVYOivRhIDgJHas8fa%2Fm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7ab40f623c74ef43-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7ce0d4fabce92a6ce1dae652edcf7718
a4db4e61a3cc86ede59fe092fd2a42c8e18d6534
9b896c2fbea4164c170069fb970e7e37e9854c89eb780bbbd42929ec62c0dbee
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 26 Mar 2023 06:14:11 GMT
Expires: Sun, 02 Apr 2023 06:14:10 GMT
Etag: "a4db4e61a3cc86ede59fe092fd2a42c8e18d6534"
Cache-Control: max-age=429353,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded318e850b39-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 08551479b24d43c90f2f8d840d472752
e7ba33c940e15f50ba969047310b5d5f27988fe0
21f17633e23bba2676984ca76c7298b157ce0c129abd4cd079c506b74ff69d38
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 26 Mar 2023 12:08:07 GMT
Expires: Sun, 02 Apr 2023 12:08:06 GMT
Etag: "e7ba33c940e15f50ba969047310b5d5f27988fe0"
Cache-Control: max-age=450589,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded318c31b51d-OSL
n33033.com/3a42b77b06a321ae0a42e47f62868fd8.gif
5.78.95.164200 OK 476 kB URL HTTP/2 n33033.com/3a42b77b06a321ae0a42e47f62868fd8.gif
IP 5.78.95.164:0
File type GIF image data, version 89a, 1000 x 80\012- data
Size 476 kB (476331 bytes)
Hash 3bb0a63f311f773d037332df59db4adf
084055c87bfae01407820232bc8069750f5da023
4cae409bb456a7e01557fb38a9e2490535d48158d0f6a5daf24fa2dd3de13646
GET /3a42b77b06a321ae0a42e47f62868fd8.gif HTTP/1.1
Host: n33033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 476331
last-modified: Fri, 19 Aug 2022 17:02:35 GMT
etag: "62ffc22b-744ab"
expires: Tue, 28 Mar 2023 18:48:15 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 590
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUEDqS5q3nT9DrgpAvcAeMh%2FM4NqvZ1%2FPah%2BAk5TUXZSh3puSJ6MwT8CelYa0e99lDmYMDKfdJsqa3xrFt8chWIrFCnLeLoqfKgQKB4f3eRoJEYKuJyPxOgDGTuV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7ab5caf1e8ffc57e-SEA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
n33033.com/7ce4902e2336768bd3809122d878c441.gif
5.78.95.164200 OK 270 kB URL HTTP/2 n33033.com/7ce4902e2336768bd3809122d878c441.gif
IP 5.78.95.164:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 270 kB (270426 bytes)
Hash d9a10cabf108ea9ca1043419576f246a
184afb0df24b743c62d4911617e9aa2df10c3bc3
2788590f2efcdd4b327c6cd877a125537caa5647f321274c793d0c5bb858c4b2
GET /7ce4902e2336768bd3809122d878c441.gif HTTP/1.1
Host: n33033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
content-length: 270426
last-modified: Tue, 13 Sep 2022 10:50:06 GMT
etag: "6320605e-4205a"
expires: Tue, 28 Mar 2023 18:48:15 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 26310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txF8oPQNOxwTyzJz1pRuU%2BfIacx5a2rq27B3K0xA7JIIsWdhuXzD%2BLaCT2uTJZFISN2MI%2BvCi0%2BZrROGRQLNObe%2FmGdW%2F0F5PuuJ3KK5GvZ%2Ffg54W1znalZSOCv%2BDwK80%2BtEobzCTIBn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7ab62bb3fc8eefce-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 320ee5ad2307ba95a62dd9e5e15f7206
f207fcf235e5fcc14f4eb909280b2ee509d60512
3213b57b6e42576c888bedafc867a62b06b705704d91dd5e19a5930d6eb003bc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 18:50:27 GMT
Expires: Sat, 01 Apr 2023 18:50:26 GMT
Etag: "f207fcf235e5fcc14f4eb909280b2ee509d60512"
Cache-Control: max-age=388328,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded3188b10b31-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6a79dcad37005184e98d6ae710cb6899
9d83d3b9584d6e2d63e600255fd6fad55dc3e6b4
cb903e343d26f685ec856f4aa73f0b37db21b7409391ee0fb7f7c6f88c6ecf49
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 23:54:17 GMT
Expires: Sat, 01 Apr 2023 23:54:16 GMT
Etag: "9d83d3b9584d6e2d63e600255fd6fad55dc3e6b4"
Cache-Control: max-age=406558,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded318efcb512-OSL
fmtu.slsltutu.com/upload/vod/20230322-1/56ba6ef6fee2f8691ee5376a533bd10c.jpg
104.22.65.239200 OK 8.1 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/56ba6ef6fee2f8691ee5376a533bd10c.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8937c74635cd8287933fae581b841183
4394284bde992c0b6c7340ddfd67c2f2ceb127e3
af243249c7a929892e445f81c49252fd1f30233c618311493b09ac26334d91a6
GET /upload/vod/20230322-1/56ba6ef6fee2f8691ee5376a533bd10c.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 8060
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9001
content-disposition: inline; filename="56ba6ef6fee2f8691ee5376a533bd10c.webp"
etag: "641acdea-2329"
last-modified: Wed, 22 Mar 2023 09:44:10 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2478
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fee798fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/05d02f19404243c825ceb124bca9e518.jpg
104.22.65.239200 OK 8.9 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/05d02f19404243c825ceb124bca9e518.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c88af30b6739550def8eeca691698f85
8697b2228b5e5cfefad2b5765e63d157c7881546
783efb90586a7b548dbb463e83b41e2f3f7a4fbc45074ba11d4ebe6602ace683
GET /upload/vod/20230322-1/05d02f19404243c825ceb124bca9e518.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 8864
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9809
content-disposition: inline; filename="05d02f19404243c825ceb124bca9e518.webp"
etag: "641ace16-2651"
last-modified: Wed, 22 Mar 2023 09:44:54 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2479
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fee498fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/d6ecaff6a14f3f845409286bf44c6aee.jpg
104.22.65.239200 OK 7.4 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/d6ecaff6a14f3f845409286bf44c6aee.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 09143ed2343100b0d89e34048e1c236f
a3b7a3590704797c64ea6b4da89b9b3147327cfc
6874b4a6eb4c294be5f763bdce8d0d9dbf394b8f4146ead4aafa59f1c2e47296
GET /upload/vod/20230323-1/d6ecaff6a14f3f845409286bf44c6aee.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 7432
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9173
content-disposition: inline; filename="d6ecaff6a14f3f845409286bf44c6aee.webp"
etag: "641bf991-23d5"
last-modified: Thu, 23 Mar 2023 07:02:41 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2704
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32feea98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/1cc83d70ecf75933ded5c2fc5f22be53.jpg
104.22.65.239200 OK 8.7 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/1cc83d70ecf75933ded5c2fc5f22be53.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a08732560cbaa320a5f3c66261bd7d99
ae38fd641410dafe781f892722276f339770e212
9eba6be99b8df5e1a755dd8db82b2dfd43ccd95848c512a31446d505ed8c3710
GET /upload/vod/20230323-1/1cc83d70ecf75933ded5c2fc5f22be53.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 8650
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9611
content-disposition: inline; filename="1cc83d70ecf75933ded5c2fc5f22be53.webp"
etag: "641bf991-258b"
last-modified: Thu, 23 Mar 2023 07:02:41 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2704
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330eee98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/aaa0405ecbcb8cdd948058c7c9158e5e.jpg
104.22.65.239200 OK 8.7 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/aaa0405ecbcb8cdd948058c7c9158e5e.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 82691a77b087bcc74e523156370c82a3
8df64193cfaf6031345fe6e1fcbcf3ad79b18a1d
bdf3dfc8da6b022a7e9b7ad90b74d9ba1b27dc41d076fe1f28d220ea8bfe02a4
GET /upload/vod/20230323-1/aaa0405ecbcb8cdd948058c7c9158e5e.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 8746
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10338
content-disposition: inline; filename="aaa0405ecbcb8cdd948058c7c9158e5e.webp"
etag: "641bf991-2862"
last-modified: Thu, 23 Mar 2023 07:02:41 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2704
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330eed98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/817890d7645c0b6b5bb1b98e00588c2b.jpg
104.22.65.239200 OK 7.4 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/817890d7645c0b6b5bb1b98e00588c2b.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 57923413a14caac0f8c2c34d210c6a4e
f97225dfad3c82d5e7f682c217a69c758924725a
adb07785376b108ef6147b4d9964f717b68347f021b54f7691cb5d206c0cbef7
GET /upload/vod/20230322-1/817890d7645c0b6b5bb1b98e00588c2b.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 7440
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8496
content-disposition: inline; filename="817890d7645c0b6b5bb1b98e00588c2b.webp"
etag: "641acde6-2130"
last-modified: Wed, 22 Mar 2023 09:44:06 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2479
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fee698fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/dec1fff2254e487b295c19e691a9c9c4.jpg
104.22.65.239200 OK 25 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/dec1fff2254e487b295c19e691a9c9c4.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a7f35f71628504bec2a80405225531b6
a0f7a851d0647bad8a78a71a86ae5f64b8e08da8
bc3d9f959e8fa92068658ae51b65a897269298b70494aea9d1debc247ba29419
GET /upload/vod/20230323-1/dec1fff2254e487b295c19e691a9c9c4.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 24584
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=46284
content-disposition: inline; filename="dec1fff2254e487b295c19e691a9c9c4.webp"
etag: "641bf9a1-b4cc"
last-modified: Thu, 23 Mar 2023 07:02:57 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 109
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fee298fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/a53241cc4127a606872bfcbb1426258f.jpg
104.22.65.239200 OK 31 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/a53241cc4127a606872bfcbb1426258f.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cd422579b9fb16b399ca20333ac658b8
3a94bd7b409f3e685aafa9ac568b0b3993ca5724
eb204e9c24261dae4050f98d78dce07f139ba755aa2fe44479e39b8bfb3db96a
GET /upload/vod/20230323-1/a53241cc4127a606872bfcbb1426258f.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 30930
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=48160
content-disposition: inline; filename="a53241cc4127a606872bfcbb1426258f.webp"
etag: "641bf9a1-bc20"
last-modified: Thu, 23 Mar 2023 07:02:57 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 109
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330f0c98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/743782703b21b150b08007ebbbd66238.jpg
104.22.65.239200 OK 68 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/743782703b21b150b08007ebbbd66238.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 850x485, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a017d24c822814eaffe5794a9693a697
b91e40f190cfd0a3812c723d24bd27ad259ada26
c27450aca3b25545f431488c3b0b5cd02bdd4e483cd04a44fb000f74c0622952
GET /upload/vod/20230321-1/743782703b21b150b08007ebbbd66238.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 68410
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=90724
content-disposition: inline; filename="743782703b21b150b08007ebbbd66238.webp"
etag: "6419a297-16264"
last-modified: Tue, 21 Mar 2023 12:27:03 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2414
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330efb98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/0022f8cec0a24cf1d73f088bd9f339e5.jpg
104.22.65.239200 OK 42 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/0022f8cec0a24cf1d73f088bd9f339e5.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4298f17978ea42df38afa72d60338d9f
e7fff5565fb40431ffe88b27a1e9229be91da482
be4f642e32933df82ea645d364b3bac5529c7ad565984f4c08e38a81aa144609
GET /upload/vod/20230323-1/0022f8cec0a24cf1d73f088bd9f339e5.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 42452
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=51865
content-disposition: inline; filename="0022f8cec0a24cf1d73f088bd9f339e5.webp"
etag: "641bf9a1-ca99"
last-modified: Thu, 23 Mar 2023 07:02:57 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 109
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330f0298fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/5d2053b445101841772e792f18dec641.jpg
104.22.65.239200 OK 33 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/5d2053b445101841772e792f18dec641.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash 808815a9dcd67cd65d3f8de21d78675a
9c3e61976c5d1bfaaf7c8751cd04ecccd985d79a
4df64f019e264665f3fe63766521f51e6e298cb3e98fd2b58fcc5ba05633d15b
GET /upload/vod/20230323-1/5d2053b445101841772e792f18dec641.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 33384
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origSize=34419, status=webp_bigger
etag: "641bf9a4-8673"
last-modified: Thu, 23 Mar 2023 07:03:00 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 108
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded330ef998fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/c9b552aadd982688d704ecab0f22c298.jpg
104.22.65.239200 OK 94 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/c9b552aadd982688d704ecab0f22c298.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x540, components 3\012- data
Hash 1a43a6f15bc6cdf5206ecbdde00589f7
4a42c8db28f40a28148b7f9a57cac7089539ce42
f785ae636ff6d16d7ce5b86cf2d4daad4fd278d3252a2600c819a31fdcf05568
GET /upload/vod/20230321-1/c9b552aadd982688d704ecab0f22c298.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 93941
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "6419a29e-16ef5"
last-modified: Tue, 21 Mar 2023 12:27:10 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2414
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded330f0198fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/6c5826a0019613056c6cea38d82007bf.jpg
104.22.65.239200 OK 6.9 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/6c5826a0019613056c6cea38d82007bf.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 89c461f40fe9ad3701736c6c5d57a020
5518c2630d9d9658baaad6439b4df7dd6696932d
ee38fc9edda841b62778d8dbf31afc18cd4b60b1643ed2ff675c632801f766fc
GET /upload/vod/20230322-1/6c5826a0019613056c6cea38d82007bf.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 6898
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7911
content-disposition: inline; filename="6c5826a0019613056c6cea38d82007bf.webp"
etag: "641acded-1ee7"
last-modified: Wed, 22 Mar 2023 09:44:13 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2478
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f3b98fc-ARN
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6ef7c4b80c86963ab81f703a65d87366
41ed77a419be9ae77f17c1d3aa429720d800417d
50dcf43d6175c96458ec3b3f69de27fe868bcc03d1bb7a11e226a6ceb715afb8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 24 Mar 2023 19:47:15 GMT
Expires: Fri, 31 Mar 2023 19:47:14 GMT
Etag: "41ed77a419be9ae77f17c1d3aa429720d800417d"
Cache-Control: max-age=305336,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded330e2eb51d-OSL
fmtu.slsltutu.com/upload/vod/20230321-1/7be2c20d183f7fdc2af50d745fa630e5.jpg
104.22.65.239200 OK 43 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/7be2c20d183f7fdc2af50d745fa630e5.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 190795df73b726dcfc603b430cbfd6e1
88579b9521cdd38ac5fea7c5e5de7aa1e62ee51e
fd1bd87cc86431efefc0a0b6006bd3e3c97298596098ef0db70150c61e839b72
GET /upload/vod/20230321-1/7be2c20d183f7fdc2af50d745fa630e5.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 42702
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=58018
content-disposition: inline; filename="7be2c20d183f7fdc2af50d745fa630e5.webp"
etag: "6419a29b-e2a2"
last-modified: Tue, 21 Mar 2023 12:27:07 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2414
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f3c98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230323-1/60f4a47adeaa6d9800aed7d39d7cad70.jpg
104.22.65.239200 OK 5.7 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230323-1/60f4a47adeaa6d9800aed7d39d7cad70.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e709c8ad58c107322a2ddd5531b64f38
316d8901b24e30e1c04623d9df882d856d0430dc
280c8aae0e0b9f5cd2d4ed7bdc29558cec37b71be97b24af175a8820fcf1814e
GET /upload/vod/20230323-1/60f4a47adeaa6d9800aed7d39d7cad70.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 5698
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7924
content-disposition: inline; filename="60f4a47adeaa6d9800aed7d39d7cad70.webp"
etag: "641bf9c9-1ef4"
last-modified: Thu, 23 Mar 2023 07:03:37 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2704
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f3f98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/33eddf64812f972665a2921087bbf215.jpg
104.22.65.239200 OK 105 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/33eddf64812f972665a2921087bbf215.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 960x540, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 105 kB (105022 bytes)
Hash ca11b7d2fb132b182a5f129ed58d2fdc
2ab17fae71cf4cde0b6a399ac7fb5a05a7f0e171
cee8bc00625321aa4ea872ef6725623c174135dd135b4b8a3f60e96d357842c9
GET /upload/vod/20230321-1/33eddf64812f972665a2921087bbf215.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 105022
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=136322
content-disposition: inline; filename="33eddf64812f972665a2921087bbf215.webp"
etag: "6419a29e-21482"
last-modified: Tue, 21 Mar 2023 12:27:10 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2414
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded332f3698fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/d4be94259bb6812914713e29d0a4dc53.jpg
104.22.65.239200 OK 34 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/d4be94259bb6812914713e29d0a4dc53.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x450, components 3\012- data
Hash b9723f0a9612f6c920605d672ba82c1b
2e25be78fe2bcac24a3a83d740eb68b6bc1ae292
9c792012a4263e48ceb2b8b5d0a8d7669b6ac300edc25ef652e2d466efeb6045
GET /upload/vod/20230321-1/d4be94259bb6812914713e29d0a4dc53.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 34385
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "6419a297-8651"
last-modified: Tue, 21 Mar 2023 12:27:03 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded333f3798fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/a18319b5483c5353d1e2d81222ffa441.jpg
104.22.65.239200 OK 90 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/a18319b5483c5353d1e2d81222ffa441.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 960x540, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 29ca8354b13c1a48050ee9f59ddc725e
482874d2530b02ca392694e7816be4031db7d643
d0c8d392af1262aa81d7557b0a8119de9f300e6086f63ac6873b5fc01a6a4eb6
GET /upload/vod/20230321-1/a18319b5483c5353d1e2d81222ffa441.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 89524
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=129609
content-disposition: inline; filename="a18319b5483c5353d1e2d81222ffa441.webp"
etag: "6419a29b-1fa49"
last-modified: Tue, 21 Mar 2023 12:27:07 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f4398fc-ARN
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 2f0cc8bd0cf55ae2bde7204428640f55
471c13ac5f3f8170d6b0d27825d92cbeb90ed0e6
8e0092d2c2f9f79f410c315f2a4c01c142c50a89a548622d95556049f4f2e558
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 08:02:56 GMT
Expires: Mon, 03 Apr 2023 08:02:55 GMT
Etag: "471c13ac5f3f8170d6b0d27825d92cbeb90ed0e6"
Cache-Control: max-age=522277,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded338a71b4f7-OSL
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash ae262490d27b9c1fcf530c5b6a0fd490
2e12da59862c2fde159010c1a9eeb0044d8f86b2
fff884e05c36e358aa7e8788bb30f4697a6535d70dc4d7485c294b075b2ef7d9
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=721
Date: Tue, 28 Mar 2023 06:48:17 GMT
Connection: keep-alive
X-N: S
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 4f58d68b3b0401346992eaa74c99713e
0a68b730afa575879c8724c35a4108438f4404e5
2edeb1e30838c62bcd94e18266260180de823d093807d08d06719fa7b25c7385
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Tue, 28 Mar 2023 06:48:17 GMT
Connection: keep-alive
X-N: S
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1693cf37665d19fe3e9c170fd485b00d
31f65ca3151620be3a676715483a7647f93d9f06
8588061b39712e0250c679d89280e6d596c0ed8ffe5586b029599b9d60916227
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 11:55:15 GMT
Expires: Sat, 01 Apr 2023 11:55:14 GMT
Etag: "31f65ca3151620be3a676715483a7647f93d9f06"
Cache-Control: max-age=363416,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded3309d60b31-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e8e23f589b600596d699bc9fc1b4299c
bd15631d10492b6ae6f9b86690ac8c8a683208ad
2dacafcff7495810c11c9571230c337f327304756489d84faf65ef477d8c3823
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 03:25:35 GMT
Expires: Sat, 01 Apr 2023 03:25:34 GMT
Etag: "bd15631d10492b6ae6f9b86690ac8c8a683208ad"
Cache-Control: max-age=332836,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded331950b512-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 65ad61b8ff95b25e1f1f7f2150446d38
f3d69ba5ad45063397ec17db7edfd53f0bd6bca6
8ae2cae3be170e3558f17efffacfd79f164781e3e9844465f008a8d4362aa87b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AE2CAE3BE170E3558F17EFFFACFD79F164781E3E9844465F008A8D4362AA87B"
Last-Modified: Mon, 27 Mar 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3462
Expires: Tue, 28 Mar 2023 07:45:59 GMT
Date: Tue, 28 Mar 2023 06:48:17 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f46f75278424a0374e7704c24142df9b
6a6130a9b14cecfa8bd2039ade48b6c6f05af5d4
ab355a5e92d6d8f45dd35c9d6ecaa5a7914a68a69b22a747451ba3f5792b8cf2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 23:18:56 GMT
Expires: Mon, 03 Apr 2023 23:18:55 GMT
Etag: "6a6130a9b14cecfa8bd2039ade48b6c6f05af5d4"
Cache-Control: max-age=577237,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded337eadb51d-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 2f0cc8bd0cf55ae2bde7204428640f55
471c13ac5f3f8170d6b0d27825d92cbeb90ed0e6
8e0092d2c2f9f79f410c315f2a4c01c142c50a89a548622d95556049f4f2e558
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 08:02:56 GMT
Expires: Mon, 03 Apr 2023 08:02:55 GMT
Etag: "471c13ac5f3f8170d6b0d27825d92cbeb90ed0e6"
Cache-Control: max-age=522277,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded338e75b524-OSL
img.1338999.com/images/641ae010443be66895983be1.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1338999.com/images/641ae010443be66895983be1.gif
IP 3.36.126.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/641ae010443be66895983be1.gif HTTP/1.1
Host: img.1338999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
referrer-policy: no-referrer
cache-control: max-age=600
location: https://files.backmoestream.xyz/store/loveimgmoe/f1/38/63e9ec277c505e8c545bf138.gif
X-Firefox-Spdy: h2
u1099.com/7383303855ec4c7e8ded5802a89bf4af.gif
103.170.15.60200 OK 329 kB URL HTTP/2 u1099.com/7383303855ec4c7e8ded5802a89bf4af.gif
IP 103.170.15.60:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 329 kB (329330 bytes)
Hash c7a0de7f0d216beea4f9359ddca1439d
6a95e989058389895421101fe173477b8f9c0034
5c30592a14e28ca2f4b4b93ed219eea5579be2772599b42592c677ff5e10a057
GET /7383303855ec4c7e8ded5802a89bf4af.gif HTTP/1.1
Host: u1099.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "641197c0-50672"
server: nginx
date: Sat, 18 Mar 2023 22:22:39 GMT
content-type: image/gif
last-modified: Wed, 15 Mar 2023 10:02:40 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-50
content-length: 329330
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 935db180a5b3aad78083b4f5ff9444de
93dea1cb430c7c5c5858244f4a2ee2731dcb55d5
9660c9aa18f63559f74cb2bae04205ab111bcb514671b638037891257e259a4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 15:52:50 GMT
Expires: Mon, 03 Apr 2023 15:52:49 GMT
Etag: "93dea1cb430c7c5c5858244f4a2ee2731dcb55d5"
Cache-Control: max-age=550471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded33d8d30b39-OSL
fmtu.slsltutu.com/upload/vod/20230321-1/357c91bf14c4132cf0fd44f7c30d0113.jpg
104.22.65.239200 OK 47 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/357c91bf14c4132cf0fd44f7c30d0113.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 309860cd780c97f04fc5b303b8904ee1
c182b9b32ce27b842ae33293c258e36dbf109566
84339e01afdfb1de75a3df7a53c383f727eb314c40ea69437bc7a786a9f46f1f
GET /upload/vod/20230321-1/357c91bf14c4132cf0fd44f7c30d0113.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 46734
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=63610
content-disposition: inline; filename="357c91bf14c4132cf0fd44f7c30d0113.webp"
etag: "6419a2bb-f87a"
last-modified: Tue, 21 Mar 2023 12:27:39 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fedf98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/082f4c192216446742dfd95788db1473.jpg
104.22.65.239200 OK 37 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/082f4c192216446742dfd95788db1473.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a74e08c7f3b474aaf8f85e1d8b557864
3ce82e7ac1b4257858c2e5e759757cb1df0b578e
ba09f5c22b3cc9cbdf6fa940134f15316d25f28f7739a11de85fa84b930076d3
GET /upload/vod/20230321-1/082f4c192216446742dfd95788db1473.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 36994
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=61183
content-disposition: inline; filename="082f4c192216446742dfd95788db1473.webp"
etag: "6419a2b2-eeff"
last-modified: Tue, 21 Mar 2023 12:27:30 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef198fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/1d95850ef274d9fada6f2fdb017428e3.jpg
104.22.65.239200 OK 30 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/1d95850ef274d9fada6f2fdb017428e3.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bf67c94305fb39005f1f93775f7af9e5
a1afcac3abfdd166b96a39e8a52fe679a04695aa
77f7ac3f26ec745e57a93f32565027d95872e58932779682318e24f7f568bdb7
GET /upload/vod/20230321-1/1d95850ef274d9fada6f2fdb017428e3.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 29692
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=45667
content-disposition: inline; filename="1d95850ef274d9fada6f2fdb017428e3.webp"
etag: "6419a2bc-b263"
last-modified: Tue, 21 Mar 2023 12:27:40 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fee098fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230324-1/71a8616fdbed8c3a08bd11ecded4c971.jpg
104.22.65.239200 OK 32 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230324-1/71a8616fdbed8c3a08bd11ecded4c971.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2e09d11da37ffa35ce12165451d1e565
c5bd4d865203bbaebe8832551cea5018480e427e
07bf2db05aee2db4690767740fcc3e9cf9455308fb13a47d4b93bb4966a64d8e
GET /upload/vod/20230324-1/71a8616fdbed8c3a08bd11ecded4c971.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 32008
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=57932
content-disposition: inline; filename="71a8616fdbed8c3a08bd11ecded4c971.webp"
etag: "641d6c3b-e24c"
last-modified: Fri, 24 Mar 2023 09:24:11 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef798fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/200f2be84c57adae40dfc718f91ae8d7.jpg
104.22.65.239200 OK 18 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/200f2be84c57adae40dfc718f91ae8d7.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash abfbf3126f3c04ab27c78c6aa81bc3e6
93d343174319cef9c1de2c5aa96c7aab65c8bfca
b2cd1c5da500051955773f6b0c50afeba3030c5e8cd65dc63377cd0348c784f2
GET /upload/vod/20230322-1/200f2be84c57adae40dfc718f91ae8d7.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 18386
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "641acde6-47d2"
last-modified: Wed, 22 Mar 2023 09:44:06 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded32fede98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/4e1fd7889a12a0da5befd4a673c1a7db.jpg
104.22.65.239200 OK 36 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/4e1fd7889a12a0da5befd4a673c1a7db.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 50f7e166b8285d910a8bcf4d00e1267e
5492986e234785fca77014fab8b043bf907dab9b
7238609b27c5c8195d5f0ffbfd27a147500ea0994128ab860edc1d7934a23b22
GET /upload/vod/20230321-1/4e1fd7889a12a0da5befd4a673c1a7db.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 36124
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=57692
content-disposition: inline; filename="4e1fd7889a12a0da5befd4a673c1a7db.webp"
etag: "6419a2b5-e15c"
last-modified: Tue, 21 Mar 2023 12:27:33 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330efa98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/c89cbcdb84fc5e859169cb75e1fc0db8.jpg
104.22.65.239200 OK 103 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/c89cbcdb84fc5e859169cb75e1fc0db8.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 103 kB (102844 bytes)
Hash 8d0ca1d1ed6473c100ed1fea7bef5c82
30f298d2cf8312e3f09299c477c56231a5ea19fe
5f2266f6e9bfdc5873f62b0184adcd7d360af008630c4e9818dc590ef5ce6e6a
GET /upload/vod/20230322-1/c89cbcdb84fc5e859169cb75e1fc0db8.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 102844
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=137503
content-disposition: inline; filename="c89cbcdb84fc5e859169cb75e1fc0db8.webp"
etag: "641ace0e-2191f"
last-modified: Wed, 22 Mar 2023 09:44:46 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef498fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/3f00a15f970260567e3b94dad8d004f0.jpg
104.22.65.239200 OK 48 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/3f00a15f970260567e3b94dad8d004f0.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1fdd0741e1c99df8baeef6541a9dd8f7
40ad5155f09124b9d3c9f2fe5667deb6c460a9e9
a01088714810400d0aa87725c95ef6b4dccbb2a5d4bc532c008759a695e8155e
GET /upload/vod/20230321-1/3f00a15f970260567e3b94dad8d004f0.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 47722
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=59443
content-disposition: inline; filename="3f00a15f970260567e3b94dad8d004f0.webp"
etag: "6419a2b5-e833"
last-modified: Tue, 21 Mar 2023 12:27:33 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef298fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/eac6102f751d0e31e1efdf09ee7593e4.jpg
104.22.65.239200 OK 31 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/eac6102f751d0e31e1efdf09ee7593e4.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 76ea1e4410cce8744c13c3941874b4c3
091eaee06994d852458adce854043116f8f1e34d
b08cd053a5f7cf230768a7b784cb9a67f96d112d3f3d22114cd96619923dba79
GET /upload/vod/20230321-1/eac6102f751d0e31e1efdf09ee7593e4.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 30552
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=44612
content-disposition: inline; filename="eac6102f751d0e31e1efdf09ee7593e4.webp"
etag: "6419a2bb-ae44"
last-modified: Tue, 21 Mar 2023 12:27:39 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330f0098fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/1a6f82591eb6541ab8d1c5df6e6170b0.jpg
104.22.65.239200 OK 44 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/1a6f82591eb6541ab8d1c5df6e6170b0.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b622cb920281f6efa34007dbee17aee1
d0a67c990d99befc8d9dcd3e39a45de621bd084c
4b84b096d0691021b3f07a3a4bc103ba0be70bdd1b71914adeb8a3ea3be88d1a
GET /upload/vod/20230321-1/1a6f82591eb6541ab8d1c5df6e6170b0.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 44508
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=54911
content-disposition: inline; filename="1a6f82591eb6541ab8d1c5df6e6170b0.webp"
etag: "6419a2bf-d67f"
last-modified: Tue, 21 Mar 2023 12:27:43 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded32fed798fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/9abba099c31aabe3eb9142e72746542d.jpg
104.22.65.239200 OK 46 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/9abba099c31aabe3eb9142e72746542d.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash f6d35c0afaf7f53c6fe1af1b98b7c395
9a3be727d4588143a6973ba5123ef2475d71c257
af3671c76d231489e62fdc2e1eaab888cc748b32abce322da3dfd4513424d8bf
GET /upload/vod/20230321-1/9abba099c31aabe3eb9142e72746542d.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 45531
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origSize=45845, status=webp_bigger
etag: "6419a2c2-b315"
last-modified: Tue, 21 Mar 2023 12:27:46 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded330eff98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/b2fd063719b0d1d1037620ef70a5232c.jpg
104.22.65.239200 OK 40 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/b2fd063719b0d1d1037620ef70a5232c.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 19897ac720c02bc1fe48946e64ad6453
4c310d65e3e01250326007c2b108de90c23f9833
b5d88b91d4ced76a8beee7c789570a64cdc28ed322caf037d32c672178a38d19
GET /upload/vod/20230321-1/b2fd063719b0d1d1037620ef70a5232c.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 40496
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=62314
content-disposition: inline; filename="b2fd063719b0d1d1037620ef70a5232c.webp"
etag: "6419a2bb-f36a"
last-modified: Tue, 21 Mar 2023 12:27:39 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef898fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/126ecb677606d895a89d3d79a4d2aaae.jpg
104.22.65.239200 OK 35 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/126ecb677606d895a89d3d79a4d2aaae.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9487a78aa36a6dfae3bc6a2088d0f19a
01dbb858af5419394130f6632572887ec0f367b1
9945cf7f4f439a0caba7a69ea212e85e15ca4a99bc2521ee33d55a5c2ebaa933
GET /upload/vod/20230321-1/126ecb677606d895a89d3d79a4d2aaae.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 35344
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=53920
content-disposition: inline; filename="126ecb677606d895a89d3d79a4d2aaae.webp"
etag: "6419a2b2-d2a0"
last-modified: Tue, 21 Mar 2023 12:27:30 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330efd98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/b154c18e1c6df6a9d2c39236bbc5cd0f.jpg
104.22.65.239200 OK 43 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/b154c18e1c6df6a9d2c39236bbc5cd0f.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c1dccb90ecbfafb9cfd51ecdb28b96a6
13579c867873bd87765d752d2c80b92bad8a1173
bb7b7fa1414b738c05bb0295466f9115f4e77f900178b37b2e1d09c9307b2efb
GET /upload/vod/20230321-1/b154c18e1c6df6a9d2c39236bbc5cd0f.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 42606
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=69555
content-disposition: inline; filename="b154c18e1c6df6a9d2c39236bbc5cd0f.webp"
etag: "6419a297-10fb3"
last-modified: Tue, 21 Mar 2023 12:27:03 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330ef098fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230322-1/1542ebaf7b573478d4819a037e8c84c3.jpg
104.22.65.239200 OK 44 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230322-1/1542ebaf7b573478d4819a037e8c84c3.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash 03dffa3a3a8aa3486d641c74565a1e3e
cd56a67f979c996c417e0125a3fbe86e8e7d3140
9c30e9360911f62baecda86072bef52be7096c1cd69fe48e71c7f74e30e0de23
GET /upload/vod/20230322-1/1542ebaf7b573478d4819a037e8c84c3.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 43565
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origSize=44705, status=webp_bigger
etag: "641ace12-aea1"
last-modified: Wed, 22 Mar 2023 09:44:50 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded330f0f98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230324-1/b963977c6dd7984e12a46c7a28dcdd9f.jpg
104.22.65.239200 OK 44 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230324-1/b963977c6dd7984e12a46c7a28dcdd9f.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bd5f0925a2c1a0205079dc57ef006d10
f53d68ced53c012f91fc13f3699456dae58e1960
7f45a4929da655f8b89911f2dad13405c54211af4b410346f65f202d21a1706f
GET /upload/vod/20230324-1/b963977c6dd7984e12a46c7a28dcdd9f.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 44238
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=50095
content-disposition: inline; filename="b963977c6dd7984e12a46c7a28dcdd9f.webp"
etag: "641d6c38-c3af"
last-modified: Fri, 24 Mar 2023 09:24:08 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded332f2898fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230324-1/f03ccaf63bd4167a45e9faa65012ff83.jpg
104.22.65.239200 OK 47 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230324-1/f03ccaf63bd4167a45e9faa65012ff83.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash 7588bb66a11ea3803ddb1d58fa5b0add
8e8342e1bdf44e564ea20e2e36e6e9c03ba2ecd7
acd4f1939ba05ea17c2919c1263c7f5e92e64b7a5f108072086bd96fe86f20a8
GET /upload/vod/20230324-1/f03ccaf63bd4167a45e9faa65012ff83.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 47227
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origSize=48016, status=webp_bigger
etag: "641d6c38-bb90"
last-modified: Fri, 24 Mar 2023 09:24:08 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded332f2a98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/e8b05ad105574af8e36e7bf4a9ac5c63.jpg
104.22.65.239200 OK 40 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/e8b05ad105574af8e36e7bf4a9ac5c63.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c0030fb9ded80d85953ce1701b2e8d62
85f498cbd13c5235a22943860658fcfed70747e9
16485cc64a983bf961513720ce698021042aebab93b586db2561a39c5e4bfda8
GET /upload/vod/20230321-1/e8b05ad105574af8e36e7bf4a9ac5c63.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 40530
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=60294
content-disposition: inline; filename="e8b05ad105574af8e36e7bf4a9ac5c63.webp"
etag: "6419a2b8-eb86"
last-modified: Tue, 21 Mar 2023 12:27:36 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f4898fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/186220435a9680135ba6fbb0f75128a2.jpg
104.22.65.239200 OK 56 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/186220435a9680135ba6fbb0f75128a2.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 06215b595d41f44cc7349567930e9963
30b24483d85b43115f58bcba391fbc5ced6e1486
41bc2615b219085acd7c1bd6ebb079ba986332e9f6fec0b757ae5b92148ad00c
GET /upload/vod/20230321-1/186220435a9680135ba6fbb0f75128a2.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 56498
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=77158
content-disposition: inline; filename="186220435a9680135ba6fbb0f75128a2.webp"
etag: "6419a2b5-12d66"
last-modified: Tue, 21 Mar 2023 12:27:33 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded330efe98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/3915cda05f2a180c53a571711384b521.jpg
104.22.65.239200 OK 37 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/3915cda05f2a180c53a571711384b521.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 168722a8568e70a2ec01095df2ebee6e
e99f9e4ca8d084785ec66096ae14af56cc650846
521b96a84c5ffb307e8e997116546f21fafc1757cbec86dbed3f6196ea624769
GET /upload/vod/20230321-1/3915cda05f2a180c53a571711384b521.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 36906
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=56510
content-disposition: inline; filename="3915cda05f2a180c53a571711384b521.webp"
etag: "6419a2bb-dcbe"
last-modified: Tue, 21 Mar 2023 12:27:39 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f4798fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230324-1/f2aebf2512db331c9f945f62ed02c274.jpg
104.22.65.239200 OK 41 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230324-1/f2aebf2512db331c9f945f62ed02c274.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f5a79a3e75503296e6bb60687ad1d286
fb7d36e9c56f49f8237237ccd2debcfce91e9fe7
aa62164be7556df946b5903460adc44c838ba0587f0b2e6dcda854cfa9caebc2
GET /upload/vod/20230324-1/f2aebf2512db331c9f945f62ed02c274.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 41082
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=45511
content-disposition: inline; filename="f2aebf2512db331c9f945f62ed02c274.webp"
etag: "641d6c32-b1c7"
last-modified: Fri, 24 Mar 2023 09:24:02 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded332f3398fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/30c8b60557ea768a8965008fdee4d977.jpg
104.22.65.239200 OK 56 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/30c8b60557ea768a8965008fdee4d977.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ae703c6c15972a35b1ccaee60bb0f7fa
e6891da3cf6add381215aa31503e34d166ca235e
2201d8e17821f36783e660648c1a12d4c0e901271390598b4c4dbff66bccf323
GET /upload/vod/20230321-1/30c8b60557ea768a8965008fdee4d977.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 56170
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=74508
content-disposition: inline; filename="30c8b60557ea768a8965008fdee4d977.webp"
etag: "6419a2c2-1230c"
last-modified: Tue, 21 Mar 2023 12:27:46 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f3e98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/ba723d00454fdc39e6f0c949b290fce8.jpg
104.22.65.239200 OK 46 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/ba723d00454fdc39e6f0c949b290fce8.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2a171b558c7ce83bd6cbcffc1176c671
83f38b7ec0878a0b05e1e5d62f95c562c16a43ff
2bf565e369b3d758c67e7e39d40c4d9765adfa2f61fb5da302e66d0d58e79683
GET /upload/vod/20230321-1/ba723d00454fdc39e6f0c949b290fce8.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 46506
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=63159
content-disposition: inline; filename="ba723d00454fdc39e6f0c949b290fce8.webp"
etag: "6419a2b5-f6b7"
last-modified: Tue, 21 Mar 2023 12:27:33 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f4998fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/98762d27f14fa589f73942dd2b575ea4.jpg
104.22.65.239200 OK 56 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/98762d27f14fa589f73942dd2b575ea4.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4c75695d716982ec88daf913aa2354e8
d5f7d9eb3c247fa1dcc00c06fe7da784f4852be2
ba868a173ec33e6f0f21b3ccf8502384c271cead4bae4fe9e6a5d0b16338aa21
GET /upload/vod/20230321-1/98762d27f14fa589f73942dd2b575ea4.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 56044
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=102941
content-disposition: inline; filename="98762d27f14fa589f73942dd2b575ea4.webp"
etag: "6419a297-1921d"
last-modified: Tue, 21 Mar 2023 12:27:03 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f3a98fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/2b039398ebcc27a1f1269bf40b48d7f5.jpg
104.22.65.239200 OK 33 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/2b039398ebcc27a1f1269bf40b48d7f5.jpg
IP 104.22.65.239:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x550, components 3\012- data
Hash df58c3691fb4dcae9f0d1a463c6c3e11
4420db1633f5fa09c9716bd9b5d64fc4a6631f6b
4721322aca46ef9d06cb39ef31d380d8b70743c5da77ddc31478bd4ea6aa5df9
GET /upload/vod/20230321-1/2b039398ebcc27a1f1269bf40b48d7f5.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 32967
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origSize=33277, status=webp_bigger
etag: "6419a2c2-81fd"
last-modified: Tue, 21 Mar 2023 12:27:46 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aeded333f4498fc-ARN
X-Firefox-Spdy: h2
fmtu.slsltutu.com/upload/vod/20230321-1/7061b11b058049599ca0c17bff36cb0a.jpg
104.22.65.239200 OK 21 kB URL HTTP/2 fmtu.slsltutu.com/upload/vod/20230321-1/7061b11b058049599ca0c17bff36cb0a.jpg
IP 104.22.65.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x550, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 18c83e1df73e8bce3f3c82de73652445
c97d1b5dd657823219d8cc72b96c39f5b912ec67
a9a9669b98786b93e388e756326ef23073e7e8f7b243a1c48cdd115da1d469b2
GET /upload/vod/20230321-1/7061b11b058049599ca0c17bff36cb0a.jpg HTTP/1.1
Host: fmtu.slsltutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/webp
content-length: 21344
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=41351
content-disposition: inline; filename="7061b11b058049599ca0c17bff36cb0a.webp"
etag: "6419a2b5-a187"
last-modified: Tue, 21 Mar 2023 12:27:33 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7aeded333f4698fc-ARN
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 04d0eaa2f90dbe067e4d3b20fc7f3e04
1b76d31020e0767f90c9162e87f95a69fa183f76
78f8116136b1802515de5ba1e241886c7bb4460313de42defdb400abf714d074
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 18:50:26 GMT
Expires: Sat, 01 Apr 2023 18:50:25 GMT
Etag: "1b76d31020e0767f90c9162e87f95a69fa183f76"
Cache-Control: max-age=388327,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aeded348af40b31-OSL
img.1138999.com/images/640967ea3666e76c94ddfbcd.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.1138999.com/images/640967ea3666e76c94ddfbcd.gif
IP 3.36.126.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/640967ea3666e76c94ddfbcd.gif HTTP/1.1
Host: img.1138999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
referrer-policy: no-referrer
cache-control: max-age=600
location: https://img.mengzhan24.com/loveimgmoe/40/f9/63e9f81625267029f45f40f9.gif
X-Firefox-Spdy: h2
u1033.com/80934381f8c545e2aa7b07a0bc21aa77.gif
103.170.15.30200 OK 21 kB URL HTTP/2 u1033.com/80934381f8c545e2aa7b07a0bc21aa77.gif
IP 103.170.15.30:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Hash 38eae85781db9995068463de8f3a1f1a
5137f18764d70da74a25fedb333fea0ffecf359b
bf9ea228576be00a31a058efb187ac154c454f2dcea7699ba2df7d843a90b3cd
GET /80934381f8c545e2aa7b07a0bc21aa77.gif HTTP/1.1
Host: u1033.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "641197cd-5366"
server: nginx
date: Wed, 15 Mar 2023 14:43:53 GMT
content-type: image/gif
last-modified: Wed, 15 Mar 2023 10:02:53 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-20
content-length: 21350
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 278264d560bd354096be50b870a3f441
adf198dd4b7a1b4de5ce8758043c1f7d49017000
834c45bc5b6d28cf18337a116bacd2c0336ba5681ab8d51527e63f04fab35ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "834C45BC5B6D28CF18337A116BACD2C0336BA5681AB8D51527E63F04FAB35EBF"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11050
Expires: Tue, 28 Mar 2023 09:52:27 GMT
Date: Tue, 28 Mar 2023 06:48:17 GMT
Connection: keep-alive
img.mengzhan24.com/loveimgmoe/40/f9/63e9f81625267029f45f40f9.gif
104.22.66.215200 OK 106 kB URL HTTP/2 img.mengzhan24.com/loveimgmoe/40/f9/63e9f81625267029f45f40f9.gif
IP 104.22.66.215:0
File type GIF image data, version 89a, 100 x 100\012- data
Size 106 kB (105932 bytes)
Hash d02336304ce0cf7f147d7657a39f8277
d977304fe6e18f0259938de754865f66987141ed
451221be872629452f11fca86fc1554d901ad31add3ebc193e6a67d57cebc485
GET /loveimgmoe/40/f9/63e9f81625267029f45f40f9.gif HTTP/1.1
Host: img.mengzhan24.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/jpeg
content-length: 105932
cache-control: max-age=2678400
last-modified: Sat, 18 Mar 2023 16:46:13 GMT
cf-cache-status: HIT
age: 826715
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 7aeded3688c20a40-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
u1044.com/e8f457ff3b804f098777bbac6cb36593.gif
103.170.15.15200 OK 33 kB URL HTTP/2 u1044.com/e8f457ff3b804f098777bbac6cb36593.gif
IP 103.170.15.15:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 300 x 174\012- data
Hash 7263b85d16d83fe01d1de591a71fbe69
d63eef37fff2b26ac238c10a6a75ecaabc00d787
9f93111552d1a26900f17f7b54da8f6f3b6f14f9bbcb84132e60de4c11288bfd
GET /e8f457ff3b804f098777bbac6cb36593.gif HTTP/1.1
Host: u1044.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "641197d7-7f36"
server: nginx
date: Mon, 27 Mar 2023 21:34:12 GMT
content-type: image/gif
last-modified: Wed, 15 Mar 2023 10:03:03 GMT
accept-ranges: bytes
x-cache: HIT from yd11_02-cdn-g01-la2-05
content-length: 32566
X-Firefox-Spdy: h2
669aaa.us/e8add8eb3f7b4987b90290a65af4d4b5.gif
45.61.212.220200 OK 21 kB URL HTTP/1.1 669aaa.us/e8add8eb3f7b4987b90290a65af4d4b5.gif
IP 45.61.212.220:0
File type GIF image data, version 89a, 150 x 150\012- data
Hash 3e6f18ee1d63fdf612d3a127a42a5112
0b75a2817b8afe0ec2c1cbed51e69fe3bc117fb8
3e63b7d30c49fd7d95a00a906401c5a0d7ae703ef6f971cbb6e552373801f983
GET /e8add8eb3f7b4987b90290a65af4d4b5.gif HTTP/1.1
Host: 669aaa.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6412adb9-5065"
Date: Tue, 28 Mar 2023 06:04:17 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 16 Mar 2023 05:48:41 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-20
Content-Length: 20581
66887aaa.com/06941b136bce4f9ea86ace6f1ef45010.gif
45.61.212.230200 OK 1.4 MB URL HTTP/1.1 66887aaa.com/06941b136bce4f9ea86ace6f1ef45010.gif
IP 45.61.212.230:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 1.4 MB (1411702 bytes)
Hash d4500d90fb9816c05ce7248bc3a87e6e
e8c4a6d4bea0093488dd9c495de2bc1eec9ae9dd
9fd38d150615bbddbfd8b77c52c4d2ec9de0b94c7e895ba99ba601bbaa602a2a
GET /06941b136bce4f9ea86ace6f1ef45010.gif HTTP/1.1
Host: 66887aaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "63c76a7e-158a76"
Date: Fri, 17 Mar 2023 08:21:51 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Wed, 18 Jan 2023 03:41:50 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-30
Content-Length: 1411702
729bbb.us/694d2d3658cd4cf3ab2769c2bf672ef9.gif
103.170.15.100200 OK 19 kB URL HTTP/1.1 729bbb.us/694d2d3658cd4cf3ab2769c2bf672ef9.gif
IP 103.170.15.100:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 150 x 150\012- data
Hash 4d02f13bcc0b0052a09177836c31b7eb
b46519125665e9de2cad2166c10e8d6aaeceb9c6
e5fd240f6896f221df590f300adf3a6ba4f500dd45724df0390c62a5ceefe216
GET /694d2d3658cd4cf3ab2769c2bf672ef9.gif HTTP/1.1
Host: 729bbb.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "641d3df3-489b"
Date: Sun, 26 Mar 2023 08:17:57 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 24 Mar 2023 06:06:43 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-30
Content-Length: 18587
js.users.51.la/21581305.js
103.143.19.103200 OK 2.5 kB URL HTTP/1.1 js.users.51.la/21581305.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type HTML document, ASCII text, with very long lines (5207)
Hash fc056d980f28c77be62507e9b5346e3d
858b46e45723325f66cefb613ea1d4635df36ce9
6ee8e4bf72d1e90b95b895ae130142b0011ead70def1f0ff3d290f510873628f
GET /21581305.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=4d3514ba90b01056730; path=/
HWWAFSESTIME=1679986093869; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
tu.jnctupian.com/jnc/jnc200200av.gif
154.83.24.122200 OK 266 kB URL HTTP/1.1 tu.jnctupian.com/jnc/jnc200200av.gif
IP 154.83.24.122:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 266 kB (266042 bytes)
Hash 310fe8a630582e551b0ad045e29b89a9
f88c20377f0b6b8853cf646145eff22f92a11a02
29391c5d70abc2b012dcf6259168783596caa846be3774f215f4e9ea21890dfc
GET /jnc/jnc200200av.gif HTTP/1.1
Host: tu.jnctupian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: image/gif
Content-Length: 266042
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 10:38:55 GMT
ETag: "63de35bf-40f3a"
Expires: Thu, 27 Apr 2023 06:28:22 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
595tuchuang.com/960x80.gif
23.224.27.254200 OK 145 kB URL HTTP/2 595tuchuang.com/960x80.gif
IP 23.224.27.254:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 145 kB (144990 bytes)
Hash 9fd5431ae14d05e144a79a04b928ad1d
43ca6652416a1403dc5a96d779d414330edbe411
f56b12228d407bfd1f7d17582733a92443a012dc7005b9b9896e9b8b3dc13c2c
GET /960x80.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gwdomain.top/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 144990
last-modified: Wed, 21 Dec 2022 13:28:21 GMT
etag: "63a309f5-2365e"
expires: Thu, 20 Apr 2023 21:17:31 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
595tuchuang.com/960x120.gif
23.224.27.254200 OK 185 kB URL HTTP/2 595tuchuang.com/960x120.gif
IP 23.224.27.254:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 185 kB (184991 bytes)
Hash f3142a120ee01ba9856a4587b419607e
0d590166dc2458fbfd077d6ac75381a7bc1203ac
31d7984bc007f48066a4fe3115ef3cd90450fa65349034eb9eaffcf7cf223e69
GET /960x120.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 184991
last-modified: Sun, 29 Jan 2023 15:25:24 GMT
etag: "63d68fe4-2d29f"
expires: Thu, 20 Apr 2023 21:17:32 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
595tuchuang.com/200x200.gif
23.224.27.254200 OK 901 B URL HTTP/1.1 595tuchuang.com/200x200.gif
IP 23.224.27.254:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (901), with no line terminators
Hash ddde31bbb34282816022e09f341b17a1
d17f25382a2aa2f03f1990f3d25d2fe66db826ff
af39fea3a15f4ace6ff1c14cb3bccb5695131219e69f9c4113fa37de322c4edb
GET /200x200.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 901
Pragma: no-cache
Cache-control: no-store
tu.jnctupian.vip/jnc/jnc60av.gif
154.83.24.122200 OK 530 kB URL HTTP/1.1 tu.jnctupian.vip/jnc/jnc60av.gif
IP 154.83.24.122:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 530 kB (529649 bytes)
Hash 2d1610f333b99cd4897019fdf65928e8
568d6059a2873c93a598642ce29c0b180f86844f
277605d0c224bbca09f57860ddcd36d65ee706ffe21c88a68c873b4f7af0c023
GET /jnc/jnc60av.gif HTTP/1.1
Host: tu.jnctupian.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: image/gif
Content-Length: 529649
Connection: keep-alive
Last-Modified: Sun, 19 Feb 2023 10:35:20 GMT
ETag: "63f1fb68-814f1"
Expires: Thu, 27 Apr 2023 06:26:53 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
656bbb.us/86adec1e4c04470fb940be69753cd001.gif
45.61.212.230200 OK 692 kB URL HTTP/1.1 656bbb.us/86adec1e4c04470fb940be69753cd001.gif
IP 45.61.212.230:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 692 kB (692533 bytes)
Hash 8e3eaf1ac1ccef120298b70e62c364fb
4d4f187c76fe6392c7ef301e717e65a302998ea4
9440b419c421d82dbbbe1696dfeaa15d0c61d44602989e11cae29cf214657d7f
GET /86adec1e4c04470fb940be69753cd001.gif HTTP/1.1
Host: 656bbb.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "641d3ddb-a9135"
Date: Mon, 27 Mar 2023 11:24:32 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Fri, 24 Mar 2023 06:06:19 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-30
Content-Length: 692533
gwdomain.top/template/m1938pc/images/caipiao02.gif
23.224.106.203200 OK 107 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/images/caipiao02.gif
IP 23.224.106.203:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 107 kB (106915 bytes)
Hash 63a765ecd322670ec2b5d3d90e3552df
46b6621ce4913ffc87458cde917803077f1915e5
133f4a1781a5149971e54eaca7fcd6567e9bfd106560d60a219a6e6b56b13b0f
GET /template/m1938pc/images/caipiao02.gif HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:18 GMT
Content-Type: image/gif
Content-Length: 106915
Last-Modified: Mon, 20 Mar 2023 16:45:56 GMT
Connection: keep-alive
ETag: "64188dc4-1a1a3"
Expires: Thu, 27 Apr 2023 06:48:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
gwdomain.top/template/m1938pc/fonts/af9a8ed1aa8f4a7282c9387f37bda60d.woff
23.224.106.203404 Not Found 146 B URL HTTP/1.1 gwdomain.top/template/m1938pc/fonts/af9a8ed1aa8f4a7282c9387f37bda60d.woff
IP 23.224.106.203:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/m1938pc/fonts/af9a8ed1aa8f4a7282c9387f37bda60d.woff HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gwdomain.top/template/m1938pc/css/style.css?v=4
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 28 Mar 2023 06:48:18 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
595tuchuang.com/325x130.gif
23.224.27.254200 OK 96 kB URL HTTP/2 595tuchuang.com/325x130.gif
IP 23.224.27.254:0
File type GIF image data, version 89a, 325 x 143\012- data
Hash 913f43c18295a923e83f052c8cf51b4f
ecd7f85322fd189f6e8dcc70f80814fc6830a049
4b25e6a3331171125fa2abfaed81bbe8fb272ce9157d10de93bbabb7f001daf9
GET /325x130.gif HTTP/1.1
Host: 595tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 96441
last-modified: Mon, 02 Jan 2023 10:46:02 GMT
etag: "63b2b5ea-178b9"
expires: Thu, 20 Apr 2023 21:17:31 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
n0522.com/44a5938c2ae5404ea824f81da52732c0.gif
67.21.86.202200 OK 70 kB URL HTTP/2 n0522.com/44a5938c2ae5404ea824f81da52732c0.gif
IP 67.21.86.202:0
Hash b764295f1e4905fee9f03aa5bd952e7e
5db1e259974560ea38fa887809f7723c0456c223
6ecc336517047c338387198c0411177616fc4cd68b4d937ae29824d2eac6033c
GET /44a5938c2ae5404ea824f81da52732c0.gif HTTP/1.1
Host: n0522.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Wed, 15 Mar 2023 10:01:38 GMT
etag: W/"64119782-23e22"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
8499136.com/8499/150x150.gif
162.209.128.175200 OK 185 kB URL HTTP/2 8499136.com/8499/150x150.gif
IP 162.209.128.175:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 185 kB (185171 bytes)
Hash 09b278a0ce767cdcdc3b9be868a94320
b69d4a2345f4d5ae6cc772a70456ea7aea74ce95
321cb2617b9399c60d8f5fe163363faab0f872f5c88646ce900d17604817a1a0
GET /8499/150x150.gif HTTP/1.1
Host: 8499136.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 185171
last-modified: Wed, 28 Dec 2022 09:29:16 GMT
etag: "2d353-5f0e00094173c"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
img.thpitnx.cn/sejie/150X150.gif
154.211.69.31200 OK 161 kB URL HTTP/2 img.thpitnx.cn/sejie/150X150.gif
IP 154.211.69.31:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 161 kB (160551 bytes)
Hash 1830e310237cb9a26e3f065eaa1ba167
1d465d736f86202ba8f3cc51fea4f0f9bedf1b3e
6a0bdaee27ba0d936d996fc6d3edf5a2eb43a16b0c4f20a6d3c769122e2ef7cf
GET /sejie/150X150.gif HTTP/1.1
Host: img.thpitnx.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: NgxFence
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 160551
last-modified: Sun, 05 Feb 2023 06:46:02 GMT
etag: "63df50aa-27327"
expires: Mon, 24 Apr 2023 08:16:36 GMT
cache-control: max-age=2592000
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
8499136.com/8499/zzxx/960x80.gif
162.209.128.175200 OK 367 kB URL HTTP/2 8499136.com/8499/zzxx/960x80.gif
IP 162.209.128.175:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 367 kB (366944 bytes)
Hash bde9cbff38e305f40a245a7cf87bd85a
4aaa627b0db260ac7f97a9223e93b1e2f35caba4
375eaceb954016306188bd02f6cc229f71c8e1ef337e99b6ec0a98fad9b3eb7e
GET /8499/zzxx/960x80.gif HTTP/1.1
Host: 8499136.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 366944
last-modified: Sat, 24 Dec 2022 13:23:32 GMT
etag: "59960-5f092cf09840f"
server: qq.com
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
587tuchuang.com/200x200.gif
23.224.27.252200 OK 28 kB URL HTTP/1.1 587tuchuang.com/200x200.gif
IP 23.224.27.252:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 522db5903163ecd827ad83b0e2fc76b8
f781736eada01ec1416bea7dfd1e0e5a19fb5c53
7c5e31f913860f6faf785df79a59f149319c62c099449129712b0b81e20653c2
GET /200x200.gif HTTP/1.1
Host: 587tuchuang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 06:48:18 GMT
Content-Type: image/gif
Content-Length: 27469
Connection: keep-alive
Last-Modified: Wed, 21 Dec 2022 13:19:01 GMT
ETag: "63a307c5-6b4d"
Expires: Thu, 20 Apr 2023 21:17:39 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0771a2609f2dddee0db27ee546dc7dc0
e6553201c770ba79ce5dd5acba73e6f586b3c7ca
74210a67aa6e4648942cd20a2773f65ce5d4e5fd5a0f15502ecc8feee2f6905b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74210A67AA6E4648942CD20A2773F65CE5D4E5FD5A0F15502ECC8FEEE2F6905B"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10544
Expires: Tue, 28 Mar 2023 09:44:02 GMT
Date: Tue, 28 Mar 2023 06:48:18 GMT
Connection: keep-alive
gwdomain.top/template/m1938pc/fonts/iconfont.woff
23.224.106.203200 OK 2.9 kB URL HTTP/1.1 gwdomain.top/template/m1938pc/fonts/iconfont.woff
IP 23.224.106.203:0
File type Web Open Font Format, TrueType, length 2924, version 1.0\012- data
Hash 1b05b2b67ca6e3fe976ed8d2d1aa31d5
c7055832382daf713a911d67501e26873db045f8
ac1718a88630db8d2fd67997ad9796acdc8a6a88361b2b7058832caeec4fb22d
GET /template/m1938pc/fonts/iconfont.woff HTTP/1.1
Host: gwdomain.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gwdomain.top/template/m1938pc/css/style.css?v=4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 06:48:18 GMT
Content-Type: font/woff
Content-Length: 2924
Last-Modified: Fri, 07 Oct 2022 11:07:26 GMT
Connection: keep-alive
ETag: "6340086e-b6c"
Accept-Ranges: bytes
kvegg.com/241ffcf0a5007067dad148a90c317e01.gif
172.83.155.45200 OK 134 kB URL HTTP/2 kvegg.com/241ffcf0a5007067dad148a90c317e01.gif
IP 172.83.155.45:0
ASN #201106 Spartan Host Ltd
File type GIF image data, version 89a, 150 x 150\012- data
Size 134 kB (133613 bytes)
Hash e57b5f97083fad6c1d7b17a59a1a2a66
d8340909630bba8ec702df6647b63ca2451c3b43
b4237c21b35605809bb572e991c599d850f2bff1ce00f9734dee99a0de56044e
GET /241ffcf0a5007067dad148a90c317e01.gif HTTP/1.1
Host: kvegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
content-length: 133613
last-modified: Sat, 04 Feb 2023 02:05:52 GMT
etag: "63ddbd80-209ed"
expires: Tue, 28 Mar 2023 18:48:17 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 11013
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFJiEUF6PBVJNEpN6HfiuaiPzzouwiMynb8q0dvbg%2B3H%2FsaiXt1%2BW%2FO7Uue8QwvfjshDYWUWi0oJFMymZHdQcLC75UEOTiJD733DXrPa0WPSpwqL8PcdMlVbKl14"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7a6cf5ed2b63843b-YVR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 086e4d8af03744461c8805f17a23385a
3e4d87c36b6a60978bb21fb206ef6843fd384ec5
416aab6841508a3293750fa38c655525416860f7ad65f2cedd423a87fc6033fe
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: STALE
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=844
Date: Tue, 28 Mar 2023 06:48:18 GMT
Connection: keep-alive
X-N: S
hm.baidu.com/hm.js?52c9ece304633edd6ce3fa340534a6d9
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?52c9ece304633edd6ce3fa340534a6d9
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (625)
Hash 55e1c3aa91b342d5c18cb625fd5418f5
b21580661906309eb7320dd8953298041328bdb1
4e068d0d8a7907fca721006cee81d31c9cf20fa6ad76df7482dc93eb62e14922
GET /hm.js?52c9ece304633edd6ce3fa340534a6d9 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11263
Content-Type: application/javascript
Date: Tue, 28 Mar 2023 06:48:18 GMT
Etag: 8983f69d35a57f49cdca684cabd9f018
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8577656B0EE04A42; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
sj.fjxozva.cn/sejie/650X350.gif
154.211.69.153200 OK 321 kB URL HTTP/1.1 sj.fjxozva.cn/sejie/650X350.gif
IP 154.211.69.153:0
File type GIF image data, version 89a, 650 x 350\012- data
Size 321 kB (321209 bytes)
Hash 5866465548e066b1b873f1f5c688006b
6764a5a9e247b7400ff773711b004a80d6a143f4
60a1419ec4c50be8ecce9f01d13fc1bc7ca528ddf82f58a1e740d905fe7f6cf4
GET /sejie/650X350.gif HTTP/1.1
Host: sj.fjxozva.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200 OK
Server: NgxFence
Date: Tue, 28 Mar 2023 06:48:17 GMT
Content-Type: image/gif
Content-Length: 321209
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 03:29:33 GMT
ETag: "63db2e1d-4e6b9"
Expires: Mon, 24 Apr 2023 08:18:05 GMT
Cache-Control: max-age=2592000
X-Cache: HIT
Accept-Ranges: bytes
89958716765.com/e18190fcd37943eab531436bf4027b82.gif
103.170.15.90200 OK 74 kB URL HTTP/1.1 89958716765.com/e18190fcd37943eab531436bf4027b82.gif
IP 103.170.15.90:0
ASN #7483 Skycloud Computing co., Ltd.
File type GIF image data, version 89a, 240 x 140\012- data
Hash 4fd1679056697fdc2ea9598529a0a00f
3603d6d1616441a8c451d3bed6edadd40227aae6
76785bd248507f6b7fef51afe898b10ee814797ed372ff2217c5db4fc64fb38a
GET /e18190fcd37943eab531436bf4027b82.gif HTTP/1.1
Host: 89958716765.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "639b57e9-11f4d"
Date: Mon, 27 Mar 2023 04:23:25 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 15 Dec 2022 17:22:49 GMT
Accept-Ranges: bytes
X-Cache: HIT from yd11_13-cdn-g01-la2-20
Content-Length: 73549
n0611.com/8b7a6adcfeaa4daa8ee7846cf04dce28.gif
67.21.86.202200 OK 165 kB URL HTTP/2 n0611.com/8b7a6adcfeaa4daa8ee7846cf04dce28.gif
IP 67.21.86.202:0
Size 165 kB (165309 bytes)
Hash 9d4ea666e7a3860e109b8c667f1647a2
fc2e8905a5b5d83566d5a5f281c45e2914d16d18
5e6a692894374be6f4755a92e176708a84bb5755af3a8b822ad2d683cbf89db3
GET /8b7a6adcfeaa4daa8ee7846cf04dce28.gif HTTP/1.1
Host: n0611.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:17 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Wed, 15 Mar 2023 10:01:26 GMT
etag: W/"64119776-2643b"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
18ximg.com/20230227/192_192.gif
172.247.80.59200 OK 51 kB URL HTTP/2 18ximg.com/20230227/192_192.gif
IP 172.247.80.59:0
File type GIF image data, version 89a, 192 x 192\012- data
Hash c5366428610a306ad2718b1a249b711c
28393c145d57d9a29cb167a0e035a8f11ca4354e
dd1cddda4b703ad57eec091b5c61e16fb3ad884ce51ad68070cb112781354cd8
GET /20230227/192_192.gif HTTP/1.1
Host: 18ximg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:18 GMT
content-type: image/gif
content-length: 51230
last-modified: Mon, 27 Feb 2023 12:44:58 GMT
etag: "63fca5ca-c81e"
expires: Wed, 26 Apr 2023 14:50:15 GMT
cache-control: max-age=2592000
server: dns1
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
files.backmoestream.xyz/store/loveimgmoe/f1/38/63e9ec277c505e8c545bf138.gif
103.166.246.24200 OK 262 kB URL HTTP/2 files.backmoestream.xyz/store/loveimgmoe/f1/38/63e9ec277c505e8c545bf138.gif
IP 103.166.246.24:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 262 kB (261503 bytes)
Hash 9490591477b224b3a7005a4db2d1aff5
1fbc95d37a9cb9b66ceee42f2a7ec5325fed8371
0fdd79fa1d8c3a5e4e549b083573e9f858c1c3ea4aa70cad7fd614ee6a1cbd61
GET /store/loveimgmoe/f1/38/63e9ec277c505e8c545bf138.gif HTTP/1.1
Host: files.backmoestream.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 06:48:18 GMT
content-type: image/gif
content-length: 261503
last-modified: Sat, 18 Mar 2023 16:45:09 GMT
etag: "6415ea95-3fd7f"
accept-ranges: bytes
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1405191385&si=52c9ece304633edd6ce3fa340534a6d9&su=http%3A%2F%2Fwww.xyjpzz.com%2F&v=1.3.0&lv=1&sn=61928&r=0&ww=1268&u=http%3A%2F%2Fgwdomain.top%2F&tt=%E8%9C%9C%E8%87%80av-%E5%9B%BD%E4%BA%A7%E6%97%A5%E9%9F%A9%E6%AC%A7%E7%BE%8E%E7%B2%BE%E5%93%81%E8%A7%86%E9%A2%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1405191385&si=52c9ece304633edd6ce3fa340534a6d9&su=http%3A%2F%2Fwww.xyjpzz.com%2F&v=1.3.0&lv=1&sn=61928&r=0&ww=1268&u=http%3A%2F%2Fgwdomain.top%2F&tt=%E8%9C%9C%E8%87%80av-%E5%9B%BD%E4%BA%A7%E6%97%A5%E9%9F%A9%E6%AC%A7%E7%BE%8E%E7%B2%BE%E5%93%81%E8%A7%86%E9%A2%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1405191385&si=52c9ece304633edd6ce3fa340534a6d9&su=http%3A%2F%2Fwww.xyjpzz.com%2F&v=1.3.0&lv=1&sn=61928&r=0&ww=1268&u=http%3A%2F%2Fgwdomain.top%2F&tt=%E8%9C%9C%E8%87%80av-%E5%9B%BD%E4%BA%A7%E6%97%A5%E9%9F%A9%E6%AC%A7%E7%BE%8E%E7%B2%BE%E5%93%81%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 28 Mar 2023 06:48:18 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=EE7E8655E3E0ACA8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
18ximg.com/20230311/1/980_1801.gif
172.247.80.59200 OK 20 kB URL HTTP/2 18ximg.com/20230311/1/980_1801.gif
IP 172.247.80.59:0
File type GIF image data, version 89a, 980 x 60\012- data
Hash cbe5e8c4dbeb20f8e90fd6c80f14cc88
9b8708707bfb92fa5e571af021842d533924bb38
084d40e2362f42c06c10c1d63619cc16888670b2e6274efeedc8c509bc17c653
GET /20230311/1/980_1801.gif HTTP/1.1
Host: 18ximg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:18 GMT
content-type: image/gif
content-length: 20317
last-modified: Sat, 11 Mar 2023 14:53:38 GMT
etag: "640c95f2-4f5d"
expires: Wed, 26 Apr 2023 14:50:14 GMT
cache-control: max-age=2592000
server: dns1
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pic123.top/20230217/980x60.gif
172.247.80.59200 OK 147 kB URL HTTP/2 pic123.top/20230217/980x60.gif
IP 172.247.80.59:0
File type GIF image data, version 89a, 980 x 60\012- data
Size 147 kB (147352 bytes)
Hash d6bea149f01bdfa813c848b0beb912b6
e78b4bdd1ebe3d98050a4fde46d4d5098df5a1d9
657b76bd6df6f96e511862566cc4e8cbba83f4e6ec326abc26bdd092bea3ddb9
GET /20230217/980x60.gif HTTP/1.1
Host: pic123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:18 GMT
content-type: image/gif
content-length: 147352
last-modified: Fri, 17 Feb 2023 14:15:25 GMT
etag: "63ef8bfd-23f98"
expires: Wed, 26 Apr 2023 14:28:11 GMT
cache-control: max-age=2592000
server: dns1
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?52c9ece304633edd6ce3fa340534a6d9
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?52c9ece304633edd6ce3fa340534a6d9
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (625)
Hash 330eaa1fb171ba1d526099ead69d21a1
29efc4710cecca226dbe74ebf321bbfeff48ce61
6eebeb206419c010963a1847f7d701e239578179b443744c3f457afa14a077b1
GET /hm.js?52c9ece304633edd6ce3fa340534a6d9 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: 8983f69d35a57f49cdca684cabd9f018
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11263
Content-Type: application/javascript
Date: Tue, 28 Mar 2023 06:48:18 GMT
Etag: 7eae4fd5e6a995621b07756497fbf9f6
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=E0FDCFFAD7F78F3C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
ia.51.la/go1?id=21581305&rt=1679986117852&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117852&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21581305&rt=1679986117852&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117852&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21581305&rt=1679986117852&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117852&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 28 Mar 2023 06:48:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=499b78cbef9ad84cf7a; path=/
HWWAFSESTIME=1679986095859; path=/
ia.51.la/go1?id=21581305&rt=1679986117930&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117930&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21581305&rt=1679986117930&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117930&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21581305&rt=1679986117930&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=0&cd=24&ds=%25E6%258F%2590%25E4%25BE%259B%25E6%259C%2580%25E6%2596%25B0%25E6%259C%2580%25E5%25BF%25AB%25E7%259A%2584%25E8%25A7%2586%25E9%25A2%2591%25E5%2588%2586%25E4%25BA%25AB%25E6%2595%25B0%25E6%258D%25AE&ing=1&ekc=&sid=1679986117930&tt=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&kw=%25E8%259C%259C%25E8%2587%2580av-%25E5%259B%25BD%25E4%25BA%25A7%25E6%2597%25A5%25E9%259F%25A9%25E6%25AC%25A7%25E7%25BE%258E%25E7%25B2%25BE%25E5%2593%2581%25E8%25A7%2586%25E9%25A2%2591&cu=http%253A%252F%252Fgwdomain.top%252F&pu=http%253A%252F%252Fwww.xyjpzz.com%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gwdomain.top/
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 28 Mar 2023 06:48:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=499b794cef9ad84cf7a; path=/
HWWAFSESTIME=1679986095859; path=/
n0600.com/0237a4e723ec40728a3556fcacc0c558.gif
67.21.86.202200 OK 0 B URL HTTP/2 n0600.com/0237a4e723ec40728a3556fcacc0c558.gif
IP 67.21.86.202:0
GET /0237a4e723ec40728a3556fcacc0c558.gif HTTP/1.1
Host: n0600.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gwdomain.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 06:48:15 GMT
content-type: image/gif
vary: Accept-Encoding
last-modified: Wed, 15 Mar 2023 10:01:11 GMT
etag: W/"64119767-5c246"
server: WAF/2.4-12.1
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2