r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2905
Expires: Wed, 07 Dec 2022 00:09:41 GMT
Date: Tue, 06 Dec 2022 23:21:16 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5949
Cache-Control: max-age=132551
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:16 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 12:10:27 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4628
Expires: Wed, 07 Dec 2022 00:38:24 GMT
Date: Tue, 06 Dec 2022 23:21:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 23:18:42 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 154
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hypBygwbX6fWvzviNL3hzfftyRUQ/8ia2qiFmUqO8yybJeoVzxUpuMhbm3wRt+tMxmzitAPNnJk=
x-amz-request-id: P9PCS9C871VZZMJ7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 22:49:08 GMT
age: 1928
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.ristoranti-cr.com/index.php
200 OK 554 B URL HTTP/1.1 www.ristoranti-cr.com/index.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (745), with CRLF line terminators
Hash 7e87d235f3c85b3948471c729d903b61
a87caae41ec647f8b179dbdfb20808333a638561
88cded7fbc5aaaa6f5f5440250297b4800c59f7f1b899eb59edd95f797b61b62
GET /index.php HTTP/1.1
Host: www.ristoranti-cr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 23:20:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.ristoranti-cr.com/common.js
200 OK 675 B URL HTTP/1.1 www.ristoranti-cr.com/common.js
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (1295), with no line terminators
Hash c4468d295a1d3238c2027545ae9e0eb5
67f72e9a83bc89c6535fe1f6738ddcda957c9b15
1f4228c735498bc33d130a08f893d8a5f53df6759b1e46dffb589d7e30432385
GET /common.js HTTP/1.1
Host: www.ristoranti-cr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 23:20:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.ristoranti-cr.com/tj.js
200 OK 258 B URL HTTP/1.1 www.ristoranti-cr.com/tj.js
IP
File type ASCII text, with CRLF line terminators
Hash ecd2a954c7ad9e69b49f13b7c5838aee
8418a2b59680f94b68d45cb371a831f52bd15773
a6a4491d6889128778c9eb164f9ddd71924c8d858271e1d590e05dd933445e13
GET /tj.js HTTP/1.1
Host: www.ristoranti-cr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 23:20:55 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 23:08:58 GMT
cache-control: public,max-age=3600
age: 739
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.ristoranti-cr.com/favicon.ico
200 OK 1.2 kB URL HTTP/1.1 www.ristoranti-cr.com/favicon.ico
IP
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.ristoranti-cr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 23:20:55 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Sun, 11 Dec 2022 23:20:55 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 471 B IP
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5940
Cache-Control: max-age=127473
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:17 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:45:50 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nSkMuWVljnt4Kgzr3CkpvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q3Nw5YMNkznjC4uXvctguk5hCKQ=
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 4d8979b580f9a6c9b4660e41f0bef4c5
97acb985f7e150bc5077979a18d1c443d7df22f0
08a2342e767e94a269b479e389d8415f55e8a1722ed74549e675297516951ae6
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 23:21:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 10 Dec 2022 21:36:42 GMT
ETag: "97acb985f7e150bc5077979a18d1c443d7df22f0"
Last-Modified: Tue, 06 Dec 2022 21:36:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3037
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7758c1ce3dfab505-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cd840952f8c2885ff41439a1a212dcfb
72bdb07b1def07047a8b00a5c43e2046177ed3a1
57adf0cc99c767ba0be52a331eef0a1f0f0064633a4d69090044633f6e652afb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57ADF0CC99C767BA0BE52A331EEF0A1F0F0064633A4D69090044633F6E652AFB"
Last-Modified: Tue, 06 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21549
Expires: Wed, 07 Dec 2022 05:20:26 GMT
Date: Tue, 06 Dec 2022 23:21:17 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 94ae1a8fe20e3f15df9092dcd0c32e4d
e3f9d2c9c375c8d86d8f1e744705cbfbdbe9f5f3
3dbf340fab3fdce703f7a069b65f38725e87f64a367bab909035d02d275fcc1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3DBF340FAB3FDCE703F7A069B65F38725E87F64A367BAB909035D02D275FCC1D"
Last-Modified: Tue, 06 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10091
Expires: Wed, 07 Dec 2022 02:09:29 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 94ae1a8fe20e3f15df9092dcd0c32e4d
e3f9d2c9c375c8d86d8f1e744705cbfbdbe9f5f3
3dbf340fab3fdce703f7a069b65f38725e87f64a367bab909035d02d275fcc1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3DBF340FAB3FDCE703F7A069B65F38725E87F64A367BAB909035D02D275FCC1D"
Last-Modified: Tue, 06 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10091
Expires: Wed, 07 Dec 2022 02:09:29 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 94ae1a8fe20e3f15df9092dcd0c32e4d
e3f9d2c9c375c8d86d8f1e744705cbfbdbe9f5f3
3dbf340fab3fdce703f7a069b65f38725e87f64a367bab909035d02d275fcc1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3DBF340FAB3FDCE703F7A069B65F38725E87F64A367BAB909035D02D275FCC1D"
Last-Modified: Tue, 06 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10091
Expires: Wed, 07 Dec 2022 02:09:29 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
ddcdn.pic-726-baidu.com/upload/vod/2020-10-07/16020091976.jpg
200 OK 12 kB URL HTTP/2 ddcdn.pic-726-baidu.com/upload/vod/2020-10-07/16020091976.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 31a8d321998d9774c52241d433d5e6e2
104d4885b26b086b08dc2b267a641037a462636b
926b03821075437a788f94a7cbdd471c1ce18d4f828988458c2fa86b063f976a
GET /upload/vod/2020-10-07/16020091976.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: image/jpeg
content-length: 12476
access-control-allow-origin: *
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: origSize=13200, status=webp_bigger
etag: "5f7cb86d-3390"
expires: Thu, 05 Jan 2023 12:37:12 GMT
last-modified: Tue, 06 Oct 2020 18:33:17 GMT
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 38646
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1d49e94b4eb-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 94ae1a8fe20e3f15df9092dcd0c32e4d
e3f9d2c9c375c8d86d8f1e744705cbfbdbe9f5f3
3dbf340fab3fdce703f7a069b65f38725e87f64a367bab909035d02d275fcc1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3DBF340FAB3FDCE703F7A069B65F38725E87F64A367BAB909035D02D275FCC1D"
Last-Modified: Tue, 06 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10091
Expires: Wed, 07 Dec 2022 02:09:29 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
ddcdn.pic-726-baidu.com/upload/vod/2020-10-06/160191734811.jpg
200 OK 8.2 kB URL HTTP/2 ddcdn.pic-726-baidu.com/upload/vod/2020-10-06/160191734811.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash efd872d891dcdd181959df5359bd575f
855a4afbf682de2cab5cb3e34484fbec0633a41c
96bc1108228a22a1c40be786ccdb8aae0438359d8c7a16568af5b3006d5ae075
GET /upload/vod/2020-10-06/160191734811.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: image/webp
content-length: 8238
access-control-allow-origin: *
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10258
content-disposition: inline; filename="160191734811.webp"
etag: "5f7b51a4-2812"
expires: Thu, 05 Jan 2023 12:37:12 GMT
last-modified: Mon, 05 Oct 2020 17:02:28 GMT
vary: Accept
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 38646
accept-ranges: bytes
server: cloudflare
cf-ray: 7758c1d4be9fb4eb-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/upload/vod/2020-10-14/160263920614.jpg
200 OK 4.8 kB URL HTTP/2 ddcdn.pic-726-baidu.com/upload/vod/2020-10-14/160263920614.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 96a5abb2e501b5f11229b52de21678dd
50d27d435814928c04c239e9e0ee4f5992274152
8c84fd47babb93b43dc542b0a88d5697296d25a1a35021dea03f1a95314734f5
GET /upload/vod/2020-10-14/160263920614.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: image/webp
content-length: 4760
access-control-allow-origin: *
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6921
content-disposition: inline; filename="160263920614.webp"
etag: "5f865566-1b09"
expires: Thu, 05 Jan 2023 12:37:12 GMT
last-modified: Wed, 14 Oct 2020 01:33:26 GMT
vary: Accept
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 38646
accept-ranges: bytes
server: cloudflare
cf-ray: 7758c1d4cea7b4eb-OSL
X-Firefox-Spdy: h2
ddcdn.pic-726-baidu.com/upload/vod/2020-10-06/16019173488.jpg
200 OK 8.6 kB URL HTTP/2 ddcdn.pic-726-baidu.com/upload/vod/2020-10-06/16019173488.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11b7de194071c2cbd0491b8ded490dae
60273e24cd5756a5afc7077b251e5ee3dd7f8a23
ff35081213630bb345a07c6569ed494eceba15d5e3b81350a931be8289530153
GET /upload/vod/2020-10-06/16019173488.jpg HTTP/1.1
Host: ddcdn.pic-726-baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: image/webp
content-length: 8576
access-control-allow-origin: *
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=9301
content-disposition: inline; filename="16019173488.webp"
etag: "5f7b51a4-2455"
expires: Thu, 05 Jan 2023 12:37:12 GMT
last-modified: Mon, 05 Oct 2020 17:02:28 GMT
vary: Accept
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 38646
accept-ranges: bytes
server: cloudflare
cf-ray: 7758c1d4debab4eb-OSL
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?cf2924db4c940add05202cd8e338731f
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?cf2924db4c940add05202cd8e338731f
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (619)
Hash 7da1998d6b81813cd7aed7429fd74120
2d2fa20b0fb22ad3b6d72942e0cd49a0593518b1
20a4f6f36cfc3ad11f5cfd5652080ac7a7e23ce254a1d2960f68fc370db3bcf3
GET /hm.js?cf2924db4c940add05202cd8e338731f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Tue, 06 Dec 2022 23:21:18 GMT
Etag: 4b24b00eaf45303e78f9d99a1d4a1902
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=11BF2972EEF142C6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4404
Expires: Wed, 07 Dec 2022 00:34:42 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b079607b368263e3517dd30250f5f2af
a1b7863c70f1d501560a5b2fb4442f4835f94341
e7ed3ed2aca312d82fb017e06c6493fafffff9a603d1498c9c05355c08b444e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5913
x-amzn-requestid: 355ca338-7d8e-4a60-a491-0509d0ff32d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlirF3DIAMF-vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb610-5bff7b5b3984102e1ef0e737;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RlnA4SSUIbIVtGBxqBtabKw58aXWE-jGIKLZ4DnoTiGzvH5bzBOUbA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:54:15 GMT
age: 5223
etag: "a1b7863c70f1d501560a5b2fb4442f4835f94341"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7ee62c5e846e8ad4808f4724f15146d
6d55b299f906908309f91eaf0a720ad65866db04
0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Znjnq24wuXoi43Bfc9aPdcUHhMh-a00hSCXUHFpHq3sTtQQoUYe6Uw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:29:49 GMT
age: 57089
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 34ed941ce8db9682d441aab5540316db
555c1f5b0792a1fea3dfec1142d8883a79a0a387
990490649b47e58d909f7cac73880165cd5f10746a0adf80a326436982a6f429
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "990490649B47E58D909F7CAC73880165CD5F10746A0ADF80A326436982A6F429"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19708
Expires: Wed, 07 Dec 2022 04:49:46 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b89a7fe1080499e4f7171f962b57fec4
62ef59be034071e667e3476ea0740077c86778c1
e17432ce6af0006ba36fd43e13c56c1bd1dd9b1d1bc250309bc2731ac8f52abb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8906
x-amzn-requestid: 453c8d4f-205d-46ac-8d24-1c9849d71419
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvmAyEMnoAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb6d1-7b5051335073a5d2339e02e1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:40:33 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2LpJmaGp8UzaZHqa9WtCTvFq0oQYOVNAdKBdYHURf2d2v5fh7j44uQ==
via: 1.1 e124ba8d7ba1d81e2fdc59ac89f11b70.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:55:06 GMT
age: 5172
etag: "62ef59be034071e667e3476ea0740077c86778c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b6f4dd03deb6114fec01808b034a711c
c74d29bba44dbb09158da4b9e1b490112c7db915
ddc6721d8a42821c458cf6d5c64ebd10ca0002c95a275be1732cd9ade7bf1b6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10567
x-amzn-requestid: b9b16cdf-bfa2-4e3c-b00f-1704dd3473d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgIC6EgLoAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638986df-3945eea57676d3f91f8f2b3c;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 05:02:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: u9h1d9n-qSPVu7VuzNsUYljKkP7Q1gT6tHrF7DVJIxwyvFcbD2Dg1g==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 03:29:29 GMT
age: 71509
etag: "c74d29bba44dbb09158da4b9e1b490112c7db915"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe44b6ac-66fe-4013-a696-460f9692e93e.jpeg
200 OK 3.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe44b6ac-66fe-4013-a696-460f9692e93e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cefc5a863db79a7a8acd7366322ea34d
ec084f21bd0bcf5c101366e5732421835b3230d3
ee5a022da888181060a9d4ac8ab18fb8e35143b5f046f905d38553b9552f0bbb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe44b6ac-66fe-4013-a696-460f9692e93e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3175
x-amzn-requestid: 3b5ffd5c-a8a5-40d8-b370-c13b0da5f543
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csXJEF0hIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6bd3-40d73fc5702a607c4ef71574;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 22:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ltw2ovrQ4bRR1LL2qVEls_GK9w7PmSjA44rasHU5PfqroV2-WRWx_w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 17:22:47 GMT
age: 21511
etag: "ec084f21bd0bcf5c101366e5732421835b3230d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4404
Expires: Wed, 07 Dec 2022 00:34:42 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
xb3.hadhd.com/template/meizhuama/css/ate.css
200 OK 13 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/css/ate.css
IP
Hash 74e14be057c7d669ab020eaad9330c8e
6b4ee49a47ac4be88ad06504387c8ffb06b472b9
f420438f9c13ee6a39e6a6bb96af2e85f95e1ae2758cc9d31b0338c2d3a58c25
GET /template/meizhuama/css/ate.css HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: text/css
last-modified: Wed, 30 Nov 2022 16:01:32 GMT
vary: Accept-Encoding
etag: W/"63877e5c-11e0a"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4404
Expires: Wed, 07 Dec 2022 00:34:42 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4404
Expires: Wed, 07 Dec 2022 00:34:42 GMT
Date: Tue, 06 Dec 2022 23:21:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4403
Expires: Wed, 07 Dec 2022 00:34:42 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
xb3.hadhd.com/template/web/app1.js
200 OK 955 B URL HTTP/2 xb3.hadhd.com/template/web/app1.js
IP
File type HTML document, Unicode text, UTF-8 text
Hash ab4ae5013d917be298ff9c06067533c1
0dad4c068ee0573ba1dccc5005a780ece8c6a7ab
297d8b5f5326b6f946d1468a3518071fda7ec87410d99d2559b2df73d0a4fdad
GET /template/web/app1.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
content-length: 955
last-modified: Tue, 06 Dec 2022 16:48:28 GMT
etag: "638f725c-3bb"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/app3.js
200 OK 975 B URL HTTP/2 xb3.hadhd.com/template/web/app3.js
IP
File type HTML document, Unicode text, UTF-8 text
Hash c0d3b18c7c8e6c9f72e5602cb7c647f2
58c592d56e080a0e1e6cc7db1bd481f10dd7b549
cc416713ce78ba78e1e94131b203431087a66641c49bd7c6da526135b76006ac
GET /template/web/app3.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
content-length: 975
last-modified: Tue, 06 Dec 2022 16:48:43 GMT
etag: "638f726b-3cf"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash df3dc0366d181cbc0a4272733322cfac
ae7a50019ff1d5e7b98130e1be80a07a58ba7281
9a81b6beb55751c12c41f4007b02532e02cfbe389a5e2ba505cb2f47a76c125e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A81B6BEB55751C12C41F4007B02532E02CFBE389A5E2BA505CB2F47A76C125E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=417
Expires: Tue, 06 Dec 2022 23:28:16 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bb29109f7508847c6c0b0c32a006fdfb
b5c3482007150802a516cd76f5d023fb9c4633e2
35f4d3dff210e267e25207444e8be97d5a8968637f1d457c1490046a625f96df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35F4D3DFF210E267E25207444E8BE97D5A8968637F1D457C1490046A625F96DF"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5502
Expires: Wed, 07 Dec 2022 00:53:01 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bb29109f7508847c6c0b0c32a006fdfb
b5c3482007150802a516cd76f5d023fb9c4633e2
35f4d3dff210e267e25207444e8be97d5a8968637f1d457c1490046a625f96df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35F4D3DFF210E267E25207444E8BE97D5A8968637F1D457C1490046A625F96DF"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5502
Expires: Wed, 07 Dec 2022 00:53:01 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bb29109f7508847c6c0b0c32a006fdfb
b5c3482007150802a516cd76f5d023fb9c4633e2
35f4d3dff210e267e25207444e8be97d5a8968637f1d457c1490046a625f96df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35F4D3DFF210E267E25207444E8BE97D5A8968637F1D457C1490046A625F96DF"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5502
Expires: Wed, 07 Dec 2022 00:53:01 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bb29109f7508847c6c0b0c32a006fdfb
b5c3482007150802a516cd76f5d023fb9c4633e2
35f4d3dff210e267e25207444e8be97d5a8968637f1d457c1490046a625f96df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35F4D3DFF210E267E25207444E8BE97D5A8968637F1D457C1490046A625F96DF"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5502
Expires: Wed, 07 Dec 2022 00:53:01 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
pic1.semaobf1.com/20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg
200 OK 8.6 kB URL HTTP/1.1 pic1.semaobf1.com/20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 480x331, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 2c3e1fe9d1cf7bb86c8f05afb083e5a0
c2456c681d42ae0a2cd540d7cdc9716ad62da541
c1468065679186706809c84875114163cfb9f59cdcdc563eea7acf97bb5e34b7
GET /20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 8641
Last-Modified: Wed, 16 Nov 2022 04:20:05 GMT
Connection: keep-alive
ETag: "637464f5-21c1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221107/B953184976498753/B953184976498753.jpg
200 OK 12 kB URL HTTP/1.1 pic1.semaobf1.com/20221107/B953184976498753/B953184976498753.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 6a9e93ebfdbaa499e379742e48805b74
081bbf14cd0a8e07352df2054b2bb247a156d2e7
ac6ab1fd755ee5914e1b3e59829fc57c931fded4304333644f41a47254ead193
GET /20221107/B953184976498753/B953184976498753.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 12211
Last-Modified: Tue, 15 Nov 2022 04:30:16 GMT
Connection: keep-alive
ETag: "637315d8-2fb3"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
xb3.hadhd.com/
200 OK 24 kB IP
Hash 363791c5d0368abeac257a6e70a1e3aa
753498fee3483f90e3ad7b1604455835ef3d2fbf
b9cbec2554afdb910a293f8b1a15c16f7ac203419e16e18e0bc662af56f69ca1
GET / HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
pic1.semaobf1.com/20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg
200 OK 9.7 kB URL HTTP/1.1 pic1.semaobf1.com/20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash dfaa7f3b897f22e3c766cb9e55b8293d
175bd2fd56bb5bb451231c8b54bead1068233d58
d0e9b9575044f14dfb9fd50c4b70bd4a0e4a835f9b0e2e74e34f4dd469be6c98
GET /20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 9654
Last-Modified: Thu, 17 Nov 2022 04:20:36 GMT
Connection: keep-alive
ETag: "6375b694-25b6"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221109/CE9255B9862726F9/CE9255B9862726F9.jpg
200 OK 7.3 kB URL HTTP/1.1 pic1.semaobf1.com/20221109/CE9255B9862726F9/CE9255B9862726F9.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash a97d2d99e90d06c5a618362f592d9a00
d9b1f720f95adf9f5599d92fc97ac66dc7e0f926
4aefa43bdf03c874c6f97cace323012c086fd59705e21d58d2db7844deee37ba
GET /20221109/CE9255B9862726F9/CE9255B9862726F9.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 7339
Last-Modified: Thu, 17 Nov 2022 04:20:36 GMT
Connection: keep-alive
ETag: "6375b694-1cab"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221107/1846E8B201CAB214/1846E8B201CAB214.jpg
200 OK 13 kB URL HTTP/1.1 pic1.semaobf1.com/20221107/1846E8B201CAB214/1846E8B201CAB214.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 8a25f25a235e9067394057fec2b6f009
3b5ef9001bc0df81dcdc3f8424a71674c1a4b865
c369b554b7fdf7c07846ceef2e9e411a93a0caa83b27b84bb853bf5343cd4502
GET /20221107/1846E8B201CAB214/1846E8B201CAB214.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 12631
Last-Modified: Tue, 15 Nov 2022 04:30:15 GMT
Connection: keep-alive
ETag: "637315d7-3157"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg
200 OK 22 kB URL HTTP/1.1 pic1.semaobf1.com/20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 2efe545cedfe5d5651f61b7f9f7af668
197a72e40a5016b5bb65988530812c2334363338
c469365aab6840fbf67b51d1300b6279e6ac29b795366e3a20c2f48d0c0b3b4e
GET /20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 22168
Last-Modified: Wed, 16 Nov 2022 04:20:05 GMT
Connection: keep-alive
ETag: "637464f5-5698"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
xb3.hadhd.com/template/web/GG/rem.gif
200 OK 254 B URL HTTP/2 xb3.hadhd.com/template/web/GG/rem.gif
IP
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /template/web/GG/rem.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 254
last-modified: Tue, 19 Jul 2022 11:08:30 GMT
etag: "62d690ae-fe"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
pic1.semaobf1.com/20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg
200 OK 15 kB URL HTTP/1.1 pic1.semaobf1.com/20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 435f29693fe11b165bdba845e584f02c
bd447f2cbc5e876adeb64da6fca571beb9290203
1e22835f13014b24ab5cc80f4229ee2119270b5fe909efb48f18cee3b30484bf
GET /20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 14700
Last-Modified: Mon, 14 Nov 2022 08:30:15 GMT
Connection: keep-alive
ETag: "6371fc97-396c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg
200 OK 12 kB URL HTTP/1.1 pic1.semaobf1.com/20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash df1cb4568f34c6573bde72c8528d212f
ea7ceab4de5d2959ef6c3996dde5b2ea49e97a73
0d4800b81acdb1487f633f7ca690ae23ffd86d1aede4a690cf17d1104d181d50
GET /20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 11902
Last-Modified: Mon, 14 Nov 2022 08:30:15 GMT
Connection: keep-alive
ETag: "6371fc97-2e7e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2085
Cache-Control: max-age=91973
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:54:12 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
pic1.semaobf1.com/20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg
200 OK 7.4 kB URL HTTP/1.1 pic1.semaobf1.com/20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash fd5b97445180679fb83eebae2659b311
ac42603208314138243b5e0ac05a01d3fe171b2d
c2de15a414701cb5ff6c76d5f22c2e7621603b9d1c4dcb16af5b3a627ef26add
GET /20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 7378
Last-Modified: Fri, 18 Nov 2022 04:56:22 GMT
Connection: keep-alive
ETag: "63771076-1cd2"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg
200 OK 7.8 kB URL HTTP/1.1 pic1.semaobf1.com/20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg
IP
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 0faf389aa26e00b50ba31236d7aa757c
0331ae9c7ae00212ba595b36d920d2b25d018cf9
0334ee949db00220fe6b879038dea459cec5f8dbadb3abd373ece4d41f5ec866
GET /20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 7827
Last-Modified: Sat, 19 Nov 2022 05:56:52 GMT
Connection: keep-alive
ETag: "63787024-1e93"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221205-1/21f6fb9548349b67e41b6de8228927ce.jpg
200 OK 39 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221205-1/21f6fb9548349b67e41b6de8228927ce.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Software: Snipaste", baseline, precision 8, 806x423, components 3\012- data
Hash 9fcefcdf566001d72c006537155d7f2e
a786c9246412cf49f9319a962865b1c453730a49
48f81b361dc8680eab140cdce080adcc0105312b040388cd13e06644d8a83f5d
GET /upload/vod/20221205-1/21f6fb9548349b67e41b6de8228927ce.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 38728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:12:58 GMT
ETag: "638dd23a-9748"
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=659345857&si=cf2924db4c940add05202cd8e338731f&v=1.3.0&lv=1&sn=12799&r=0&ww=1280&u=http%3A%2F%2Fwww.ristoranti-cr.com%2Findex.php&tt=%E5%91%BC%E5%92%8C%E6%B5%A9%E7%89%B9%E5%99%B6%E5%B7%A2%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=659345857&si=cf2924db4c940add05202cd8e338731f&v=1.3.0&lv=1&sn=12799&r=0&ww=1280&u=http%3A%2F%2Fwww.ristoranti-cr.com%2Findex.php&tt=%E5%91%BC%E5%92%8C%E6%B5%A9%E7%89%B9%E5%99%B6%E5%B7%A2%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=659345857&si=cf2924db4c940add05202cd8e338731f&v=1.3.0&lv=1&sn=12799&r=0&ww=1280&u=http%3A%2F%2Fwww.ristoranti-cr.com%2Findex.php&tt=%E5%91%BC%E5%92%8C%E6%B5%A9%E7%89%B9%E5%99%B6%E5%B7%A2%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ristoranti-cr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Dec 2022 23:21:19 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0031C7E5AE9819B1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2085
Cache-Control: max-age=91973
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:54:12 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public
200 OK 96 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 053613ae3a2a211b79d2b4894275add4
54b82daa9cf29085ed88b303aca50b601893f39d
92a46fbd82ab22e9ce57f7759be78dcb1d09a0b0c22fbdfd5c20bf52063a2c55
GET /PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 95610
cf-ray: 7758c1d80971b503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfVzg5_s7MyEj1XjB5P1mATv4D8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-images: internal=ok/- q=0 n=497 c=2+96 v=2022.11.1 l=95610
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2085
Cache-Control: max-age=91973
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:54:12 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
xb3.hadhd.com/template/meizhuama/css/zui.css
200 OK 36 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/css/zui.css
IP
Hash c593b60f726537d694080c59e2fd459a
2dd16449c269c3e8695a15d58b74fe1e3de63a02
dacb9f5261ec7f0ca94aff01b4bb54ddae5020f5d0f96827bf699f7ba2aee06f
GET /template/meizhuama/css/zui.css HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: text/css
last-modified: Tue, 03 May 2022 06:22:50 GMT
vary: Accept-Encoding
etag: W/"6270ca3a-18ca0"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/db56bf41-b5ba-4312-1f3b-02600da4df00/public
200 OK 28 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/db56bf41-b5ba-4312-1f3b-02600da4df00/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 563b5167050b00aa961020f1b36f6a13
935f5843f264f461ae1ad8f20c20693acfa07328
01f7a644e8c3fa1d81c221f70e58589d109a6cff40ec0573d386b9c218eaa976
GET /PZ5Nnb5z4TfMFnFORJSOeg/db56bf41-b5ba-4312-1f3b-02600da4df00/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 27598
cf-ray: 7758c1d81976b503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfHl48yvK3nZNVpjAE2CG2ukWr8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=493 c=1+27 v=2022.11.1 l=27598
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/0561da70-f3e1-46c1-1771-6dd535d1e000/public
200 OK 178 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/0561da70-f3e1-46c1-1771-6dd535d1e000/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 178 kB (177728 bytes)
Hash 928001e29add77bdcd05244dfe5f0d0e
161b5ef95b91edf079e26c4e17a867fcb110f787
de875a5189049e80856a8ad9965f7f2af29fda5e4b9bca3086b28332cf15eb77
GET /PZ5Nnb5z4TfMFnFORJSOeg/0561da70-f3e1-46c1-1771-6dd535d1e000/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 177728
cf-ray: 7758c1d8096cb503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cf3zZRKKZdfy_wvhk7owcTZUbs8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=34 c=13+176 v=2022.11.1 l=177728
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/dh2.js
200 OK 505 kB URL HTTP/2 xb3.hadhd.com/template/web/dh2.js
IP
Size 505 kB (504889 bytes)
Hash f0cb3a929da69358e893cd0234e5d3fe
490ec792a8c1478e32ea21bc9567b27b0363f1d3
26a3fed219b832bb0dba18361865c184eb959e2b01d1d4809f45889b13e9b68e
GET /template/web/dh2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:48:59 GMT
vary: Accept-Encoding
etag: W/"638f727b-15e8"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/xx1.js
200 OK 668 kB URL HTTP/2 xb3.hadhd.com/template/web/xx1.js
IP
Size 668 kB (668069 bytes)
Hash ddbf588c4d8d146d54422c7dd268a4e9
99ed8d5019e55a4c73c1497746f415259d2f07b0
78b5496d9536e42118b31f37b7ed4fe3451ba9d8b94eeeab850f57ab0b0a2e87
GET /template/web/xx1.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 17:13:49 GMT
vary: Accept-Encoding
etag: W/"638f784d-9ec"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2085
Cache-Control: max-age=91973
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:54:12 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/a3ba936d-6129-462c-4def-2918ff4fa400/public
200 OK 322 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/a3ba936d-6129-462c-4def-2918ff4fa400/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 322 kB (322258 bytes)
Hash 5480c7fb7119c3a7338594817d14ac7c
ff1dd9717282f255b89e3d36c929f9ad0624b3e8
6e70cf679430dec757558d145628e0f98f35a0245746b328342c46464837c8c9
GET /PZ5Nnb5z4TfMFnFORJSOeg/a3ba936d-6129-462c-4def-2918ff4fa400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 322258
cf-ray: 7758c1d8499fb503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfLnot9Fn1uTmBSEoy0Kna27d58dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=31 c=32+364 v=2022.11.7 l=322258
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public
200 OK 7.4 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11160886e51f2998d748e78a37a7345d
8593db2f6150aa1452b17895f63e581bc5c756d0
f419bc635485ddea94a7328ad68eb1ea0fd85fc0945d1c06dd03376a4ffcbf57
GET /PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 7368
cf-ray: 7758c1d889e9b503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cf_h4xif-eJHbyMHpkLNIY5i538dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:86,h2pri
cf-images: internal=ok/- q=0 n=478 c=0+9 v=2022.11.1 l=7368
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public
200 OK 804 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 804 kB (803788 bytes)
Hash 87d94a746164e73df553f2d1a92ebb40
8a04cb8f923367453b77415f3a31d640d9e4128f
2b70b6312d229b98ba9b7d3b35a3d68619e3247694deeb313f33fe525f9579a0
GET /PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 803788
cf-ray: 7758c1d8096fb503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfODn44PiZEjmlREkSsNcP6IgH8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=1 n=692 c=54+1015 v=2022.11.7 l=803788
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2085
Cache-Control: max-age=91973
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:54:12 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash 95c99d9315f42646d902fdb762011db3
60ee48f76b40fac032a60be54471f8ac0a4eea55
065370073a44ce709693772cabe0210c94d2ff33f4f055f0c3544a6a92eeeda2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2433
Cache-Control: max-age=92320
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638e8a8f-118"
Expires: Thu, 08 Dec 2022 00:59:59 GMT
Last-Modified: Tue, 06 Dec 2022 00:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
xb3.hadhd.com/template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff
404 Not Found 146 B URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
xb3.hadhd.com/template/meizhuama/images/video-play.png
200 OK 1.6 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/images/video-play.png
IP
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/meizhuama/images/video-play.png HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 06 Mar 2022 14:17:50 GMT
etag: "6224c28e-61f"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/k4.gif
200 OK 114 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k4.gif
IP
File type GIF image data, version 89a, 120 x 120\012- data
Size 114 kB (114030 bytes)
Hash 79cf722c45cb4e5b3e7da0cfff829c98
71558743109d39b3163e3e873111641615c6f80c
37336e1d469f511d19c69cd7e3576ef2665204c7304e0b8dd2ec051dd78309e3
GET /template/web/GG/k4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 114030
last-modified: Fri, 27 May 2022 05:30:56 GMT
etag: "62906210-1bd6e"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public
200 OK 424 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 424 kB (423700 bytes)
Hash bce797c959a9c7498cdb65db29db36a9
3beba5200b69203f09f935df3f09dd93da2688a1
28b80b6297b3fe959ea06bea745a887b61ad06c471d194fa056ba4d68b17a3ad
GET /PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/webp
content-length: 423700
cf-ray: 7758c1d96aceb503-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfGhStahWYAid_xbNfQZFffhHH8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=25 c=26+500 v=2022.11.7 l=423700
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
Hash 4e81874bf6de9ef18a1aa653607befad
ce61218495fa7be957135411e658fb1ba1a91d7a
fe692e6ed7bfbd8e99409e7fd27a5776d169ed71373f4f0a0cd00eef173bd288
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 10 Dec 2022 21:55:37 GMT
ETag: "ce61218495fa7be957135411e658fb1ba1a91d7a"
Last-Modified: Tue, 06 Dec 2022 21:55:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1915
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7758c1d9ee781bfe-OSL
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ccbd2458a16e4175af30286d1c39462b
2e4896a22a0cd59b6d397a53acc20b1f3ab205dc
7ecef890fd3b16f53d6ca8686aadcad791f2214e5b7ae08588590714ecf29da2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=156118
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: "638f8d45-1d7"
Expires: Thu, 08 Dec 2022 18:43:17 GMT
Last-Modified: Tue, 06 Dec 2022 18:43:17 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QHUv14vqKQULRU1OriOwnmBPAdScTj60RRknI6hOtxgG8uszx_DjmA==
ttzytp3.com/upload/vod/20221205-1/4ce151fd2da4f7695944ef5c328fc2e1.jpg
200 OK 96 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221205-1/4ce151fd2da4f7695944ef5c328fc2e1.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=960, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=540], baseline, precision 8, 1077x718, components 3\012- data
Hash f12f3259d7829325cf1c7cd4963ecda2
75177a481e09d0b12e4ffef3fbaabfa8880a3798
37e094175268b1fa016504d4e913c4c82224dcc97a68ca0fd4edc9ded5173ee1
GET /upload/vod/20221205-1/4ce151fd2da4f7695944ef5c328fc2e1.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 95676
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:12:58 GMT
ETag: "638dd23a-175bc"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/15270081c3db5449cb84e2df7629875a.jpg
200 OK 145 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/15270081c3db5449cb84e2df7629875a.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", progressive, precision 8, 709x477, components 3\012- data
Size 145 kB (144976 bytes)
Hash 5a23490f263edd80985b59db25fe7b32
1f7c38ef0b654657b6467e5b436f5208be051b18
864dafb8ec9c2538583c0e8af7ffa98a04ef76aa58f77cf359eee2fa92be80a6
GET /upload/vod/20221206-1/15270081c3db5449cb84e2df7629875a.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 144976
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:43 GMT
ETag: "638f474b-23650"
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b86b0789d91ae5978755d889cfaf0374
905e12b2c24f20ad72a054c20738c546a6a2f19b
f621391b79c5c9498a1931b2f970d47934aef19b27d52f93b59a10b2af794822
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F621391B79C5C9498A1931B2F970D47934AEF19B27D52F93B59A10B2AF794822"
Last-Modified: Mon, 05 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5030
Expires: Wed, 07 Dec 2022 00:45:09 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eead4113bce1fc0e87dff2c2c3d0a1ee
0a094ae7c6e04690e99a4428bfff0446f6c357db
481d5bcf81397dc4972091e6941696c4eacc78f4ad6510f04f9081f31d3e1dbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "481D5BCF81397DC4972091E6941696C4EACC78F4AD6510F04F9081F31D3E1DBC"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7463
Expires: Wed, 07 Dec 2022 01:25:42 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221205-1/c50b8e983f05c6b677fd2ceeca1adf5a.jpg
200 OK 102 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221205-1/c50b8e983f05c6b677fd2ceeca1adf5a.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x496, components 3\012- data
Size 102 kB (101518 bytes)
Hash e631c257e89fb3323c17230910bb8a94
48b3c3cfd4554117f73e099d7f7e1f5ac1db9893
d9ca34feaf19674e6611448246f0a128df13df9ab04fc76ea066ebabeed2a884
GET /upload/vod/20221205-1/c50b8e983f05c6b677fd2ceeca1adf5a.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 101518
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:12:58 GMT
ETag: "638dd23a-18c8e"
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b1d1023adf27e0ee99002b48728cbcab
0b0775af1dbf156faf17a96711c2230f2fc8998f
c7f9cfe59996a74386a2c97216916fdd537155d292790ce167ff99e75cf58fa0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7F9CFE59996A74386A2C97216916FDD537155D292790CE167FF99E75CF58FA0"
Last-Modified: Mon, 05 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6250
Expires: Wed, 07 Dec 2022 01:05:29 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6b01eae18a5eb17fd2d1f9961686fdcf
97130a353c64d619be3680dd85cb80dcc0edd437
b5e27355918c3598ea4cc487b1c4be795dd92e422d57a38ee8a8c2517a169e44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5E27355918C3598EA4CC487B1C4BE795DD92E422D57A38EE8A8C2517A169E44"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4886
Expires: Wed, 07 Dec 2022 00:42:45 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7534c98b14abebf840f986a87d02bd42
76d21f3449c88f60c7f06f818c9630d8a95c479e
271403270c25927649ced9034ea986e2d91f5de7802772bc1dd9d9c57b11d67f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "271403270C25927649CED9034EA986E2D91F5DE7802772BC1DD9D9C57B11D67F"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19189
Expires: Wed, 07 Dec 2022 04:41:08 GMT
Date: Tue, 06 Dec 2022 23:21:19 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221206-1/7f100fe22e556a813126d95f63a8ee37.jpg
200 OK 169 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/7f100fe22e556a813126d95f63a8ee37.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3\012- data
Size 169 kB (169067 bytes)
Hash 70820c7b074eab51c22697f111facf21
775fc66a69c5d9c735a19eb6c1034cf865ab02eb
1f2ce78882e8a87442fe1d9a6215cdaf00bd10864bae634f3229936c7a34639c
GET /upload/vod/20221206-1/7f100fe22e556a813126d95f63a8ee37.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 169067
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:46:32 GMT
ETag: "638f47b8-2946b"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/2a6d94eabc826949caa382ab4bb51cb5.jpg
200 OK 196 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/2a6d94eabc826949caa382ab4bb51cb5.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x536, components 3\012- data
Size 196 kB (196233 bytes)
Hash aec2414746a45df85d89a22dc4077a06
27582b25b8f66ad84643cdaa2aa834081c8cda31
051fcb43321a44c7c8c9d1c9d2f02dcf27fb5300763864e8f439619bf03a35b9
GET /upload/vod/20221206-1/2a6d94eabc826949caa382ab4bb51cb5.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 196233
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:45 GMT
ETag: "638f474d-2fe89"
Accept-Ranges: bytes
kveff.com/68a7807de3933bf7079116fa9df99e6f.gif
301 Moved Permanently 162 B URL HTTP/2 kveff.com/68a7807de3933bf7079116fa9df99e6f.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kveff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: text/html
content-length: 162
location: https://max002.top/68a7807de3933bf7079116fa9df99e6f.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kzeww.com/4f5ca562874d2b77c6c37263e48db5c6.gif
301 Moved Permanently 162 B URL HTTP/2 kzeww.com/4f5ca562874d2b77c6c37263e48db5c6.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /4f5ca562874d2b77c6c37263e48db5c6.gif HTTP/1.1
Host: kzeww.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: text/html
content-length: 162
location: https://kvhxxx.top/4f5ca562874d2b77c6c37263e48db5c6.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
301 Moved Permanently 162 B URL HTTP/2 kvemm.com/ec9fcd758df74f805f29f72e8545d13b.gif
IP
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvemm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: text/html
content-length: 162
location: https://kvhjjj.top/ec9fcd758df74f805f29f72e8545d13b.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/dipiao.js
200 OK 1.4 kB URL HTTP/2 xb3.hadhd.com/template/web/dipiao.js
IP
Hash fa2ea15ddad6492504806ce4e2cccbf6
15e0465d23591952ea806ffcd5a23ab5c0289345
0d2788ec28984467ca3969d39e1225bba8a62041abf968692f6764a4542d8d55
GET /template/web/dipiao.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 14:24:29 GMT
vary: Accept-Encoding
etag: W/"62810d1d-81a"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
kvexx.com/d766f59de772a56dbe1bc6cf1d0027ad.gif
301 Moved Permanently 162 B URL HTTP/2 kvexx.com/d766f59de772a56dbe1bc6cf1d0027ad.gif
IP
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d766f59de772a56dbe1bc6cf1d0027ad.gif HTTP/1.1
Host: kvexx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: text/html
content-length: 162
location: https://kvhttt.top/d766f59de772a56dbe1bc6cf1d0027ad.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221206-1/56aded898ef77940a62aca1b8ceabda4.jpg
200 OK 6.3 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/56aded898ef77940a62aca1b8ceabda4.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash debe611e4d9aeec9f0feb6356152346d
8d9bb2cbdfa5e34d62963c2fa8cb996ec21be389
c957aebc1703580c8b0c8e4211e9b2a9c38df66e87ddb85adec9c2312f17c07e
GET /upload/vod/20221206-1/56aded898ef77940a62aca1b8ceabda4.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 6295
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:42 GMT
ETag: "638f474a-1897"
Accept-Ranges: bytes
ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
IP
Hash 494aaaf4b850e21c93f05fd18de163c8
65651bfdb5feac6f09fd5fdcc0a92e13f10c9b52
fbff6623f1743a6ba9387ad1bb719492678d0d3bfb043f64a47e105d13c24845
POST /s/gts1p5/6NFsAw0VKxk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kvhttt.top/d766f59de772a56dbe1bc6cf1d0027ad.gif
200 OK 328 kB URL HTTP/2 kvhttt.top/d766f59de772a56dbe1bc6cf1d0027ad.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 328 kB (328164 bytes)
Hash 27b3d7f9fb788c290c5025ee779a7a86
549f03a050418ee932de6ac04508c6a49668341a
8e40d3a5d0773e3f69da3851dc6adfd4920b109a0d349a6d97da76cdc00f4717
GET /d766f59de772a56dbe1bc6cf1d0027ad.gif HTTP/1.1
Host: kvhttt.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:20 GMT
content-type: image/gif
content-length: 328164
last-modified: Wed, 30 Nov 2022 09:05:08 GMT
etag: "63871cc4-501e4"
expires: Fri, 30 Dec 2022 12:17:32 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 558228
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtF7Jf3IoOi1Qn52dndjJd%2FHnF7qUXLtd10whr7XnqdAsCHCnk4KA3ULfAe1MxJv%2FCPI3e6qR%2BvZLh03EKpYiIOvg91XMddJO5%2BqCDPEbsKZljBJf9fuxaebvCA3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1dc3b6d0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?1f1fc0976934b3c98a8d2495b7812387
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?1f1fc0976934b3c98a8d2495b7812387
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 593612fd9867df91f58e4fab7aa5bcac
12d5aa0d09ad3935191248319441807286ba5dc3
3be69a5f43071fafa0bae38d79426b1ab0379f05f9eccdf192b170f43346e8f8
GET /hm.js?1f1fc0976934b3c98a8d2495b7812387 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: 007b5b269048d0cb816426a1f4ab6dff
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=AD5AF2067D448EF7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 502bc6fd9a66647c9dd6f7fec575023e
eca87d9eeab43b6fa6f77aeef6ed807a955368c8
3efcc24f78178d526a922750930b61e86f42556077a73098d560dec9d78f6c85
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3EFCC24F78178D526A922750930B61E86F42556077A73098D560DEC9D78F6C85"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10096
Expires: Wed, 07 Dec 2022 02:09:36 GMT
Date: Tue, 06 Dec 2022 23:21:20 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221206-1/03bbe17ec327f1e69dd60092b8d63d80.jpg
200 OK 225 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/03bbe17ec327f1e69dd60092b8d63d80.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x537, components 3\012- data
Size 225 kB (224886 bytes)
Hash 731e8e32a7c9d3e52688dc49dacb505b
cf76e2b209aad3e1b772741ff653fe64a32a9961
cc49b05209f158d03abef1d662d58c1c395f4b7fdb64b247ba5d9acb26b4d8aa
GET /upload/vod/20221206-1/03bbe17ec327f1e69dd60092b8d63d80.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 224886
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:42 GMT
ETag: "638f474a-36e76"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/9a3dc0a11f02a4858eaebc53fb995551.jpg
200 OK 190 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/9a3dc0a11f02a4858eaebc53fb995551.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x539, components 3\012- data
Size 190 kB (189852 bytes)
Hash 1141d1e80f4980b00cb304bc3e0851ca
542235aa604a4e8d60a31916602960531e9f083c
986f6f3306362f5ac3a69a713d9225528977aface3715bd7c9e5718738dada1a
GET /upload/vod/20221206-1/9a3dc0a11f02a4858eaebc53fb995551.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 189852
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:42 GMT
ETag: "638f474a-2e59c"
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2dc947233160ef84bdb6fa9a87aeab08
3980083890ea21061261c3de77d4c85dda87d9f1
986dbb8f402a305733803b6211c70f1c7cfaba95713b19be4378a41649496a3d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "986DBB8F402A305733803B6211C70F1C7CFABA95713B19BE4378A41649496A3D"
Last-Modified: Tue, 06 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21552
Expires: Wed, 07 Dec 2022 05:20:32 GMT
Date: Tue, 06 Dec 2022 23:21:20 GMT
Connection: keep-alive
kvkccc.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
200 OK 919 kB URL HTTP/2 kvkccc.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 919 kB (918679 bytes)
Hash 956582dd3aa22ca9b19bdd1d5e091e24
c2d80e05f59981f6ed58a8231f502bd990894d6b
88e686882e64a0e199c79bd83b7102885b67242b5d0b49a1f37674c0bb3ddd8e
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kvkccc.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:20 GMT
content-type: image/gif
content-length: 918679
last-modified: Thu, 01 Dec 2022 15:44:20 GMT
etag: "6388cbd4-e0497"
expires: Sat, 31 Dec 2022 16:43:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 455870
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z22Y1nxU26m%2FLJCoKaLqfQBNN88WPLSdK8MJh2uTDfr1E%2Fcgd3EJ1ZXUuW1c4EUxtwLafLc2t6hO2F9ntCDPxfg8SeMIBK%2FmdDdKbWYVA0QSISXdNw7DC0hc0fuv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1dcbd0b1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
max002.top/68a7807de3933bf7079116fa9df99e6f.gif
200 OK 366 kB URL HTTP/2 max002.top/68a7807de3933bf7079116fa9df99e6f.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 366 kB (366444 bytes)
Hash 86371c51bf2086f3a40f0e438246b662
9da793de9c620485ee91b88413b256c69dc774c5
8155b44efd09301dca9ec4bdab8e3e6445d1564fe580edd5f7575c9289843ccf
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: max002.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:20 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Thu, 05 Jan 2023 08:28:46 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 53554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JP%2FLptGchdo47mLwOQ%2F2TfAam1VDmPUFErMhBlxzMTc4jsLB7DROze6TaRjoINhEHWQjGRlbMfpX8nx3o%2F%2Buq6N6S9gdhHvLBNd0Hh%2Fk005PMCDQCKWVyxSwWZC2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1dc6cb5892a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221206-1/1a0a698e76b05b48ef3ef658c98db9b4.jpg
200 OK 174 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/1a0a698e76b05b48ef3ef658c98db9b4.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3\012- data
Size 174 kB (173527 bytes)
Hash 877701c5fdd60256ecf9bd7b4d1fcb45
5baac695fb03b94059f77732bd305c9f82f356d5
952178f7c199f6ebf83c4156cb78ef6b6a4755b638f3ddbdcd672d0136951a54
GET /upload/vod/20221206-1/1a0a698e76b05b48ef3ef658c98db9b4.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:19 GMT
Content-Type: image/jpeg
Content-Length: 173527
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:42 GMT
ETag: "638f474a-2a5d7"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/8fda736edf118df17c9869f0fd28dafc.jpg
200 OK 188 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/8fda736edf118df17c9869f0fd28dafc.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x534, components 3\012- data
Size 188 kB (187543 bytes)
Hash 6b184654d61ffab98da3883311dc49e7
0d978377aff4730da67affb88959b3ff6a62273a
96853b932bc4e19771702385925c72ad51faa96830ec670ff12bb9dc8c394c05
GET /upload/vod/20221206-1/8fda736edf118df17c9869f0fd28dafc.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 187543
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:41 GMT
ETag: "638f4749-2dc97"
Accept-Ranges: bytes
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 502bc6fd9a66647c9dd6f7fec575023e
eca87d9eeab43b6fa6f77aeef6ed807a955368c8
3efcc24f78178d526a922750930b61e86f42556077a73098d560dec9d78f6c85
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3EFCC24F78178D526A922750930B61E86F42556077A73098D560DEC9D78F6C85"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10096
Expires: Wed, 07 Dec 2022 02:09:36 GMT
Date: Tue, 06 Dec 2022 23:21:20 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
IP
Hash 494aaaf4b850e21c93f05fd18de163c8
65651bfdb5feac6f09fd5fdcc0a92e13f10c9b52
fbff6623f1743a6ba9387ad1bb719492678d0d3bfb043f64a47e105d13c24845
POST /s/gts1p5/6NFsAw0VKxk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
200 OK 65 kB URL HTTP/1.1 kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Hash 514c48163ce5b65fb6bf16d8578b478b
6c21c2f7fd18259458573225fbfdf80cd27b6bac
045b14c655e54a2b1c3bef56f95352d2bb6b794889c746985ec51ef03578cb52
GET /47fc3dfa6dab926d04bc8c0e76b89995.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 65414
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:07:51 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Tue, 06 Dec 2022 10:42:49 GMT
ETag: "514c48163ce5b65fb6bf16d8578b478b"
X-Cache: Hit from cloudfront
Via: 1.1 c32320ec66084fc36ce5afbb4359a2c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SIN52-P1
X-Amz-Cf-Id: eTb-yNt8iCvS2QXqE8Mx2hT7-b_QvCcE5vfwag1LZxLzhjKT9vpjlA==
Age: 45511
ttzytp3.com/upload/vod/20221206-1/3aadfd5645bd5472b2b6a3d91a3d1ebe.jpg
200 OK 186 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/3aadfd5645bd5472b2b6a3d91a3d1ebe.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3\012- data
Size 186 kB (186034 bytes)
Hash 07c0a0cf3fbd4280924574e615290d12
a083d7d102485f5ec6d654fe4f297f10f2d3962f
5cc46917a397c81352c3ead1f245dc525feeeacc2560ae495086f822793ec6a3
GET /upload/vod/20221206-1/3aadfd5645bd5472b2b6a3d91a3d1ebe.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 186034
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:42 GMT
ETag: "638f474a-2d6b2"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/be01be30def19335cafe9161347894ee.jpg
200 OK 131 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/be01be30def19335cafe9161347894ee.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", progressive, precision 8, 709x477, components 3\012- data
Size 131 kB (130922 bytes)
Hash e196d2d0535745a3371bb5f5dc7f5665
ba3af4d8f4faf3693b5b7b10ffbc6789c22d7007
104d1eec41f14e726596a75c030ec3ceb0cd269ecee458e96698c507c326ddf6
GET /upload/vod/20221206-1/be01be30def19335cafe9161347894ee.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 130922
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:41 GMT
ETag: "638f4749-1ff6a"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/43aa3ea6d47d487c2c5ed9566472cc1d.jpg
200 OK 225 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/43aa3ea6d47d487c2c5ed9566472cc1d.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x539, components 3\012- data
Size 225 kB (224923 bytes)
Hash f50713533562eb2bf5508fabb0a21b11
542fe24dc91b7f51dcc27d52c3ca072b4dd56eb1
247053d5c2209c2fa5a7155d449f19a268c3e412925ca3bd9b1b00f017490108
GET /upload/vod/20221206-1/43aa3ea6d47d487c2c5ed9566472cc1d.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 224923
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:51 GMT
ETag: "638f4753-36e9b"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/3c1921e102aca72cbb062da9f54452bb.jpg
200 OK 199 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/3c1921e102aca72cbb062da9f54452bb.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x536, components 3\012- data
Size 199 kB (199076 bytes)
Hash 2dc3c6eab50baaf8396ba8fb216ac4ed
945b8a36688ea4b295a856184746d2c1c5f555a1
0de81eb0505c53f0a94eccf20d8f78d8f34491fba90be71d50e66b66fd7e0c41
GET /upload/vod/20221206-1/3c1921e102aca72cbb062da9f54452bb.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 199076
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:41 GMT
ETag: "638f4749-309a4"
Accept-Ranges: bytes
hm.baidu.com/hm.js?35d04a7d0ada2b49f1c51725fde2aae6
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?35d04a7d0ada2b49f1c51725fde2aae6
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 1ce4f9382081ee4d7ec2fe9bc8532e69
55ea404069d910a07382b0afd89da804327b429f
64ab889532e073c16aace8081c297e68235cedc53c8bc130ee53848dc8bfae03
GET /hm.js?35d04a7d0ada2b49f1c51725fde2aae6 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Tue, 06 Dec 2022 23:21:19 GMT
Etag: 25c8e81e6be030183ace7595d04d7fa6
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0DB88E7DAA9F27ED; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
xb3.hadhd.com/template/web/GG/k14.gif
200 OK 73 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k14.gif
IP
File type GIF image data, version 89a, 100 x 100\012- data
Hash 6ce732040d4d9750ef120f2a4221f362
f3114f09ed27718c62d54d6fbe08847421429a00
bf4e102a698f9d805b4d4209c8ca62ca20565344a8949d0efeedc6a720026c5b
GET /template/web/GG/k14.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 73223
last-modified: Sat, 28 May 2022 04:43:32 GMT
etag: "6291a874-11e07"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/d10.gif
200 OK 119 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/d10.gif
IP
File type GIF image data, version 89a, 150 x 150\012- data
Size 119 kB (119145 bytes)
Hash 03611dd134898d951bd6479076eee32b
4aef7215e5d6206ededff3fff78d735064e6fbb5
9c3ea4fa33413bfe2175b5e9eac750617538bafe475a84367d0c6d693c75c076
GET /template/web/GG/d10.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 119145
last-modified: Sat, 23 Apr 2022 04:49:11 GMT
etag: "62638547-1d169"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 39408f50f1f7b43e255e3326ee9dccda
305bb8278e81cc486d8a160bcd067336cb473403
3b700679c41062314eb2b901c7a15149a7c4ed177a08556376022d31ddb5fe20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:20 GMT
Etag: "638f5921-117"
Server: ECS (amb/6B81)
Content-Length: 279
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=302073155&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=302073155&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=302073155&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Dec 2022 23:21:20 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=9F4CBAA370CF8D52; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ttzytp3.com/upload/vod/20221206-1/ae3f128b4ffbbcb2a8564a88f382b231.jpg
200 OK 186 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/ae3f128b4ffbbcb2a8564a88f382b231.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3\012- data
Size 186 kB (185628 bytes)
Hash fa8c2b91e334a77908b5dcecb0f2c20c
46a8fbfade44564e610e8437f6e2fce584d27260
7aa35ad4c692cb9f9919d308d3639f62558b3ebde640835b0c430581d2fd09a7
GET /upload/vod/20221206-1/ae3f128b4ffbbcb2a8564a88f382b231.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 185628
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:51 GMT
ETag: "638f4753-2d51c"
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 278 B IP
Hash 55e5a7d9114d36a5db11fc2051a70f2b
c0612d9ba27a567b0bfab674333d99de3a02b29d
975b837f6de81034d4827ab2d5945de78c66a9b1c299623813afcb0558db6805
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161863
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:20 GMT
Etag: "638fa3b7-116"
Expires: Thu, 08 Dec 2022 20:19:03 GMT
Last-Modified: Tue, 06 Dec 2022 20:19:03 GMT
Server: nginx
Content-Length: 278
ttzytp3.com/upload/vod/20221206-1/54f8c0c786897036482d5ba6c252634d.jpg
200 OK 179 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/54f8c0c786897036482d5ba6c252634d.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x534, components 3\012- data
Size 179 kB (178787 bytes)
Hash 85fa21aa908ef766c80282c5a3b34abe
a6bc4e8cc09574e6904bba90dcfb54ed70ce8a91
3bb9dd0021df1638a355e7cbaecda4388e4e0f5246738e8257c0456beb5e8592
GET /upload/vod/20221206-1/54f8c0c786897036482d5ba6c252634d.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 178787
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:51 GMT
ETag: "638f4753-2ba63"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221206-1/2d480be55c821f6e69f367867030eea6.jpg
200 OK 187 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/2d480be55c821f6e69f367867030eea6.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x537, components 3\012- data
Size 187 kB (187051 bytes)
Hash d013c8f9dc99e542e302cc60e4dc0529
a158de342391bd8c54639dcbf023678714004522
ceda8bc169e6856dbc90552daff1c02b2da4b968d7cd93cce9b96fcf0c3cee0c
GET /upload/vod/20221206-1/2d480be55c821f6e69f367867030eea6.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 187051
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:51 GMT
ETag: "638f4753-2daab"
Accept-Ranges: bytes
xb3.hadhd.com/template/meizhuama/fonts/iconfont.woff
200 OK 525 B URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/iconfont.woff
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash f66ed8f90ffb0fc831098b7701d3ba8a
1bc63ccb714f1272c80b224aa8fd9da94914825d
6ccac1f3560824c5e11e27d1798e447cfc5a930e5824009d6b1cf8eb98e248de
GET /template/meizhuama/fonts/iconfont.woff HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: font/woff
content-length: 525
last-modified: Sun, 06 Mar 2022 14:12:36 GMT
etag: "6224c154-20d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/k1.gif
200 OK 167 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k1.gif
IP
File type GIF image data, version 89a, 120 x 120\012- data
Size 167 kB (167104 bytes)
Hash 9387415ad469299bf6e3bb5c1bbc77e2
cc52974b6ed2239afbbd4088c675fceb0d75cd22
912ce0aceb7de66266542ec85454be033b0a285c975dd7fc8f0d43eecb8716ce
GET /template/web/GG/k1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 167104
last-modified: Fri, 27 May 2022 05:30:54 GMT
etag: "6290620e-28cc0"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
kvhjjj.top/ec9fcd758df74f805f29f72e8545d13b.gif
200 OK 902 kB URL HTTP/2 kvhjjj.top/ec9fcd758df74f805f29f72e8545d13b.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvhjjj.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:20 GMT
content-type: image/gif
content-length: 902313
last-modified: Sat, 12 Mar 2022 15:17:28 GMT
etag: "622cb988-dc4a9"
expires: Sat, 24 Dec 2022 17:43:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1057076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiNjgin0q5TYem4O9bcXvS3EbUox2I8OW3Pvbaz5go9zIs3YfkV%2FGd9kjsdQu0cikLc0BR0oYd596qJS0Ed6YCDBcag5X51T0yQYhHH7TRfnkCiJDYh6nGi%2Ftkzh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1df68f07505-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221206-1/f5c1960b5f974af108ee9b81c7c83633.jpg
200 OK 199 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221206-1/f5c1960b5f974af108ee9b81c7c83633.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x534, components 3\012- data
Size 199 kB (199352 bytes)
Hash b2ef3b975e2a99faa7574abb7038e24b
18de9edf289676f7a9e8265892382cee01f74f30
f3a591437cc2e03943ef7d34f83a4088c6ccfe00d5492378691ce8d6d21346be
GET /upload/vod/20221206-1/f5c1960b5f974af108ee9b81c7c83633.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 06 Dec 2022 23:21:20 GMT
Content-Type: image/jpeg
Content-Length: 199352
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:44:50 GMT
ETag: "638f4752-30ab8"
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2145595213&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2145595213&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=2145595213&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.ristoranti-cr.com%2F&v=1.3.0&lv=1&sn=12800&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Dec 2022 23:21:20 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=6FE78D7F7440E431; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.digicert.com/
200 OK 278 B IP
Hash 55e5a7d9114d36a5db11fc2051a70f2b
c0612d9ba27a567b0bfab674333d99de3a02b29d
975b837f6de81034d4827ab2d5945de78c66a9b1c299623813afcb0558db6805
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161863
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:20 GMT
Etag: "638fa3b7-116"
Expires: Thu, 08 Dec 2022 20:19:03 GMT
Last-Modified: Tue, 06 Dec 2022 20:19:03 GMT
Server: nginx
Content-Length: 278
xb3.hadhd.com/template/web/GG/dp1.gif
200 OK 141 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp1.gif
IP
File type GIF image data, version 89a, 640 x 200\012- data
Size 141 kB (141174 bytes)
Hash 2846430b1663c942a9d2a92c559667cd
2b7d07a004fa13af572b8d5d6317594c1eee9eec
b1357936607e4478fa840a29b58e6714f0063f4a90e28571bd8c8be4e175d74e
GET /template/web/GG/dp1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 141174
last-modified: Mon, 25 Apr 2022 12:29:49 GMT
etag: "6266943d-22776"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
fls003.com/upload/uploads-images/default/other/2022-10-17/8cdc88ee844c3c65adc3555c66696f42.gif?_v=20220701
200 OK 110 kB URL HTTP/2 fls003.com/upload/uploads-images/default/other/2022-10-17/8cdc88ee844c3c65adc3555c66696f42.gif?_v=20220701
IP
File type GIF image data, version 89a, 200 x 200\012- data
Size 110 kB (110506 bytes)
Hash 8da7cb8f2784403c85084b571e4e40ca
e40eb9d426029b12a9fb15f61c415d0042a888c0
8ae55a9cf08f85570d390d8176cb306c39516287e487ac01a537f15fe3d01fac
GET /upload/uploads-images/default/other/2022-10-17/8cdc88ee844c3c65adc3555c66696f42.gif?_v=20220701 HTTP/1.1
Host: fls003.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 110506
server: nginx
date: Tue, 06 Dec 2022 23:21:20 GMT
last-modified: Mon, 17 Oct 2022 13:40:31 GMT
etag: "634d5b4f-1afaa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 9b9ff06545217fe747384bd8b8509aa4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 1p1OdvXutAPULiS3SCyk_TuckV9T4tmRSTc2AzqzGkvA294yf2s3pQ==
X-Firefox-Spdy: h2
kvevv.com/4b6dde2b3f39cee4956a18a192534906.gif
200 OK 325 kB URL HTTP/1.1 kvevv.com/4b6dde2b3f39cee4956a18a192534906.gif
IP
File type GIF image data, version 89a, 960 x 60\012- data
Size 325 kB (325185 bytes)
Hash f6abc830b4c6c36a82db7bc9c87d79db
deda6d00011a2f90e666ce239ce43139f8e8b2ef
eca7c8dc365cd60e9fc4076bce5e618d6cf1ed7176d2da027be2b23f065109a9
GET /4b6dde2b3f39cee4956a18a192534906.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 325185
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:06:14 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Tue, 06 Dec 2022 10:42:50 GMT
ETag: "f6abc830b4c6c36a82db7bc9c87d79db"
X-Cache: Hit from cloudfront
Via: 1.1 bf928fe3a859cf8cab4cd81be24e61de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SIN52-P1
X-Amz-Cf-Id: iTbnAJ5EEWKV-mzR87bbINyK1DK5l_ITGr91vUHkmSsV4G-3yBFn-Q==
Age: 45510
xb3.hadhd.com/template/web/app2.js
200 OK 103 kB URL HTTP/2 xb3.hadhd.com/template/web/app2.js
IP
Size 103 kB (103152 bytes)
Hash 6f57fee029c87e1e936218f55a2c12bd
074830a4813e60da8cf39019424c5112e2147294
102cd130be033046ff51251c15f62bded373c0d1ef73e4f75eef8c8c250edfdb
GET /template/web/app2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:48:35 GMT
vary: Accept-Encoding
etag: W/"638f7263-42f"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/t2.gif
200 OK 254 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/t2.gif
IP
File type GIF image data, version 89a, 120 x 120\012- data
Size 254 kB (253670 bytes)
Hash bace60a0adc9bdd54f7c83058456a847
4867fd68497b7db5c4e5bbdde781cf098dbabd22
17a4f7b3d5caf413211515976326969951cc1bb9a3e32a9caa885fd6e3109368
GET /template/web/GG/t2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 253670
last-modified: Tue, 10 May 2022 09:20:01 GMT
etag: "627a2e41-3dee6"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/dp4.gif
200 OK 747 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp4.gif
IP
File type GIF image data, version 89a, 640 x 200\012- data
Size 747 kB (746571 bytes)
Hash 84e8edecf6c28c8218e0a7b1ad9ea414
3897e6bf1a2292c59b45e44d2b9c38e45f8f9a6f
356abb92d87698d59a4af16304d13e760b032739634c495fba68568e82d5c1ce
GET /template/web/GG/dp4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 746571
last-modified: Mon, 25 Apr 2022 12:29:52 GMT
etag: "62669440-b644b"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/xx3.js
200 OK 699 kB URL HTTP/2 xb3.hadhd.com/template/web/xx3.js
IP
Size 699 kB (698622 bytes)
Hash 6fb4566c3cd2bd0217076ed906b7d156
3e52bd688064cd6b336babcdf941b5ed4e6b6a42
e80fac8cec24958f4f262b06c3e93f40d02b45d8c6e10c60cac9dfc672783c27
GET /template/web/xx3.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 17:13:47 GMT
vary: Accept-Encoding
etag: W/"638f784b-9fe"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/zxbf.js
200 OK 302 kB URL HTTP/2 xb3.hadhd.com/template/web/zxbf.js
IP
Size 302 kB (301720 bytes)
Hash 7d30e2705504170fc57a287d10408959
fce9478c5ef78ec3109713bf85cef254501e6d5e
09816c74ee0d8e61699675102afba63d20a91d90ed90e27161bd6534afae6744
GET /template/web/zxbf.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:49:35 GMT
vary: Accept-Encoding
etag: W/"638f729f-12c9"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/4.gif
200 OK 279 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/4.gif
IP
File type GIF image data, version 89a, 200 x 113\012- data
Size 279 kB (279026 bytes)
Hash 42809e0a73309f01de7651ab3b712cb4
19a1658a10d4e8ca6831a824d4bccbb35dcbf113
da7e1e1332d196cde6cc3a7b9c758abb4493e9708799e7836551823dd399b13d
GET /template/web/GG/4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 279026
last-modified: Wed, 11 May 2022 08:12:44 GMT
etag: "627b6ffc-441f2"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash 0f16558350cdc0791ab380ce4cd55636
7a1654c58ed6498272e499839d14aa99909199e8
6162272254439de90561c9a5529ea309b8d2dbd2522299ec26ca6fed6afe4532
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3046
Cache-Control: max-age=170672
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:21 GMT
Etag: "638fba3b-2d7"
Expires: Thu, 08 Dec 2022 22:45:53 GMT
Last-Modified: Tue, 06 Dec 2022 21:55:07 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 727
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8adbfe5f74ca7a301df04dda468dc2e4
4528f3f14121d4ccbbf1d9fbc30aabae0a08e71c
cb8434dba323656c9c0542672c83732215ec9040f5c2e4a95ccd61bdadee7306
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 23:21:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 06:28:36 GMT
Expires: Sun, 11 Dec 2022 06:28:35 GMT
Etag: "4528f3f14121d4ccbbf1d9fbc30aabae0a08e71c"
Cache-Control: max-age=370633,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7758c1e80a940b3d-OSL
rootnetworksdv.ocsp-certum.com/
200 OK 1.5 kB URL HTTP/1.1 rootnetworksdv.ocsp-certum.com/
IP
ASN #20940 Akamai International B.V.
Hash 03f43d46b54852e5a867ee2de0006aff
1477b0d8993cfe7ea58df793edeafa79311cfa48
b4e27eb3191cfbfa2252c2de4ea543a439e2ab79529e6d9051931f8ba8f3db11
POST / HTTP/1.1
Host: rootnetworksdv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1490
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=705
Date: Tue, 06 Dec 2022 23:21:21 GMT
Connection: keep-alive
X-N: S
xb3.hadhd.com/template/web/GG/xxx1.gif
200 OK 553 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/xxx1.gif
IP
File type GIF image data, version 89a, 200 x 252\012- data
Size 553 kB (552798 bytes)
Hash 91d07389688e8efa64691b2e60121992
7e0bb709dd99efb0076fd5ce62a6b244acdc30d1
a95c5eaa76c0863eb4bf0a11d77f203f3a691ba3254da27820ab7c561186b34a
GET /template/web/GG/xxx1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 552798
last-modified: Sat, 19 Nov 2022 15:51:37 GMT
etag: "6378fb89-86f5e"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash 0f16558350cdc0791ab380ce4cd55636
7a1654c58ed6498272e499839d14aa99909199e8
6162272254439de90561c9a5529ea309b8d2dbd2522299ec26ca6fed6afe4532
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1667
Cache-Control: max-age=169293
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:21 GMT
Etag: "638fba3b-2d7"
Expires: Thu, 08 Dec 2022 22:22:53 GMT
Last-Modified: Tue, 06 Dec 2022 21:55:07 GMT
Server: ECS (amb/6B76)
X-Cache: HIT
Content-Length: 727
xb3.hadhd.com/template/web/GG/dp2.gif
200 OK 767 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp2.gif
IP
File type GIF image data, version 89a, 640 x 200\012- data
Size 767 kB (766938 bytes)
Hash 06f924cdbba4e6c4765765139a404682
7eaadc65f26a4fe45240e14f96c29aa53e721775
514dc1d00a06bed8dbb2a891aa73b6ff70cd32772f582df1c2c959c856d45a5d
GET /template/web/GG/dp2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 766938
last-modified: Mon, 25 Apr 2022 12:29:50 GMT
etag: "6266943e-bb3da"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
200 OK 460 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 460 kB (459882 bytes)
Hash 9755d798f1df0ff90ff281daf889c27e
6684c546dc5b1e65c84786cf929562e4bf5a4854
86943358042194179070f2e3fa41e8296cd53999c5d025fdcaf6ddff98714f87
GET /obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 459882
date: Mon, 05 Dec 2022 11:57:37 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 11:29:24 GMT
nw-session-id: 202212051929240102090950660FC6D0DCgkhk903dy
nw-session-trace: 2022-12-05T19:29:24.652328753+08:00 35
x-bdcdn-cache-status: TCP_HIT
x-length: 459882
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 19:29:24 GMT
x-tt-logid: 202212051929240102090950660FC6D0DC
via: n132-078-099, cache9.l2de2[0,0,206-0,H], cache3.l2de2[1,0], cache3.l2de2[1,0], cache4.se1[0,0,200-0,H], cache2.se1[2,0]
x-request-ip: fdbd:dc03:4:481::12
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-tt-trace-host: 01e53d331f021ee346a4a71cd251f620c397b4785e133000e4fcc6a1414827e76105afaf9318ee148ff06afa2468c0c77cf2a1905b0e38acce52cf9db0363cd74a65d3a109f76bc5c653c18372cd8b87f98cdbbed705c989cbdb2708cf3e5eac60
x-response-lb: image
ali-swift-global-savetime: 1670241457
age: 127424
x-cache: HIT TCP_MEM_HIT dirn:2:442320201
x-swift-savetime: Mon, 05 Dec 2022 12:00:14 GMT
x-swift-cachetime: 31535843
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9616703688819414117e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
200 OK 180 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 130 x 130\012- data
Size 180 kB (179559 bytes)
Hash 12bddb3d218b1092cafee407bf7a769a
9df85c0c5e60970e9cd10f06aa586155730d4a8b
08cffaa5b2b7e8c8205ee009f1c813ef36d2ebaa83667ff4078d8242f9f959ac
GET /obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 179559
date: Mon, 05 Dec 2022 13:26:09 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 12:45:39 GMT
nw-session-id: 2022120520453801020402415421C55112msshl01dy
nw-session-trace: 2022-12-05T20:45:39.019875998+08:00 38
x-bdcdn-cache-status: TCP_HIT
x-length: 179559
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 20:45:39 GMT
x-tt-logid: 2022120520453801020402415421C55112
via: n132-082-090, cache1.l2de2[0,0,206-0,H], cache21.l2de2[0,0], cache21.l2de2[1,0], cache1.se1[0,0,200-0,H], cache2.se1[3,0]
x-request-ip: fdbd:dc03:8:579::167
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=3
x-tt-trace-host: 01fd379e806552472691cc785c4d3ee565d551db217bf2923320eb014dc36052a94fa95496fa3683998372ab46e94b1970a6ecb8807ef77d2d3045545758b6d7f63fb29df3755e279e363a53c9de7fa241d0ab5810c8deb447d876fdfaf427042f
x-response-lb: image
ali-swift-global-savetime: 1670246770
age: 122112
x-cache: HIT TCP_HIT dirn:4:55130599
x-swift-savetime: Mon, 05 Dec 2022 14:21:20 GMT
x-swift-cachetime: 31532690
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9616703688820194168e
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/55.gif
200 OK 834 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/55.gif
IP
File type GIF image data, version 89a, 140 x 206\012- data
Size 834 kB (834244 bytes)
Hash 3965598665b057b276ed86263c36f334
f8374496c56ad6cd140a9bd009b0637c8ce91a35
5efcea93fd0c2cb8059ea79144c6bfb6b094b5810e21cf6e2168ef51ac2fd36a
GET /template/web/GG/55.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 834244
last-modified: Wed, 11 May 2022 08:28:17 GMT
etag: "627b73a1-cbac4"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/dh1.js
200 OK 361 kB URL HTTP/2 xb3.hadhd.com/template/web/dh1.js
IP
Size 361 kB (360656 bytes)
Hash 732c25353d68a31a88b6fbc2c1aa6213
7ad8823b1e58fabd86fc1dbad131e73336b2b4be
94960276f95b7b5370e353902c0292c9c647efda6a5e7b5dfb44c676ad677fcd
GET /template/web/dh1.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:48:51 GMT
vary: Accept-Encoding
etag: W/"638f7273-11b5"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/meizhuama/fonts/iconfont.ttf
200 OK 1.2 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/iconfont.ttf
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 8363acaeab9cbb099b59b78a44127ca6
aef448ce5500e3734059ec285cf6ec0b547075f2
9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
GET /template/meizhuama/fonts/iconfont.ttf HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:20 GMT
content-type: application/octet-stream
content-length: 1163
last-modified: Sun, 06 Mar 2022 14:17:48 GMT
etag: "6224c28c-48b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ntvxbf7.com/7a4bba1f2d494d268e4e3d01f7b02f09.gif
200 OK 73 kB URL HTTP/1.1 ntvxbf7.com/7a4bba1f2d494d268e4e3d01f7b02f09.gif
IP
File type GIF image data, version 89a, 120 x 120\012- data
Hash 68b499187d4013f220129a499602b1f9
80f5fbd2ff84d9e55159bbb5d7871415391cf382
e5bc92b24d0ecf1febf05f08c0787be05413a6bf82bb950505e6a34c492af6ae
Analyzer Verdict Alert quad9 Sinkholed
GET /7a4bba1f2d494d268e4e3d01f7b02f09.gif HTTP/1.1
Host: ntvxbf7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6294b7c2-11daf"
Date: Mon, 28 Nov 2022 05:46:10 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 30 May 2022 12:25:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-29
Content-Length: 73135
xb3.hadhd.com/template/web/xx2.js
200 OK 674 kB URL HTTP/2 xb3.hadhd.com/template/web/xx2.js
IP
Size 674 kB (674444 bytes)
Hash af033abedd404737ddb321b44dfac932
32551094b5b536020ad7010462d8ca8b35682269
99b200343f40e22deb5b44254a9015716bb6b450292132635fc96b3503f0bf25
GET /template/web/xx2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:49:16 GMT
vary: Accept-Encoding
etag: W/"638f728c-683"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/2.gif
200 OK 620 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/2.gif
IP
File type GIF image data, version 89a, 300 x 200\012- data
Size 620 kB (620010 bytes)
Hash 8171edd386b6abd105c0ff0e740330d9
7914e2b95f29d65b0ffb8e6daf7f54dc14da0ae0
5044971fcc4e0c4837e7e586b858fba8257feeed88812253aa9ee2396915c40a
GET /template/web/GG/2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:19 GMT
content-type: image/gif
content-length: 620010
last-modified: Wed, 11 May 2022 08:12:37 GMT
etag: "627b6ff5-975ea"
expires: Thu, 05 Jan 2023 23:21:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 39408f50f1f7b43e255e3326ee9dccda
305bb8278e81cc486d8a160bcd067336cb473403
3b700679c41062314eb2b901c7a15149a7c4ed177a08556376022d31ddb5fe20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 23:21:22 GMT
Etag: "638f5921-117"
Last-Modified: Tue, 06 Dec 2022 23:21:20 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
xb3.hadhd.com/template/web/app.js
200 OK 376 kB URL HTTP/2 xb3.hadhd.com/template/web/app.js
IP
Size 376 kB (375934 bytes)
Hash 8249e0c738a68e0658270d12c58d0aac
4a47cf2fad94ebf7bce3ac294742c836d95dc552
0068bed47e9ed9d0a48cc54928bf8338859093afc215058e72f18c1a9397146d
GET /template/web/app.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 23:21:18 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 16:53:57 GMT
vary: Accept-Encoding
etag: W/"638f73a5-2433"
expires: Wed, 07 Dec 2022 11:21:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.1158555.com/images/638f5e4d93f8ec5e6b5c07f8.gif
302 Found 0 B URL HTTP/2 img.1158555.com/images/638f5e4d93f8ec5e6b5c07f8.gif
IP
ASN #134835 Starry Network Limited
GET /images/638f5e4d93f8ec5e6b5c07f8.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
X-Firefox-Spdy: h2
img.1158555.com/images/638f407c93f8ec5e6b5c07b4.gif
302 Found 0 B URL HTTP/2 img.1158555.com/images/638f407c93f8ec5e6b5c07b4.gif
IP
ASN #134835 Starry Network Limited
GET /images/638f407c93f8ec5e6b5c07b4.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
X-Firefox-Spdy: h2
kvhxxx.top/4f5ca562874d2b77c6c37263e48db5c6.gif
200 OK 0 B URL HTTP/2 kvhxxx.top/4f5ca562874d2b77c6c37263e48db5c6.gif
IP
GET /4f5ca562874d2b77c6c37263e48db5c6.gif HTTP/1.1
Host: kvhxxx.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 23:21:22 GMT
content-type: image/gif
content-length: 845326
last-modified: Sat, 01 Oct 2022 05:25:56 GMT
etag: "6337cf64-ce60e"
expires: Thu, 05 Jan 2023 11:17:15 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 43445
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vZudWNmX8Q%2FOFgHaLm5GP3eGXaL0fDUel9OgMisu%2F4l232YSqGcyZ68eeKwAgFPErLPHoUncSVtA1FwHM33wE73dwbKBwfCUmbis1QbGsI6NU%2Bla%2FjXLT8Shvoxb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7758c1df0aa374f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.148.107.168
156.251.146.196
5.180.83.21
23.36.77.32
104.18.20.226
93.184.220.29
47.246.44.225