r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3918
Expires: Fri, 31 Mar 2023 23:36:43 GMT
Date: Fri, 31 Mar 2023 22:31:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16907
Expires: Sat, 01 Apr 2023 03:13:12 GMT
Date: Fri, 31 Mar 2023 22:31:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 22:16:13 GMT
content-type: application/json
age: 912
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6845
Expires: Sat, 01 Apr 2023 00:25:30 GMT
Date: Fri, 31 Mar 2023 22:31:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lrWGZ8+T7fF0t1HtLGGe5NcrQZ9pDBqIQWAzJhDRNix4EVLRZFFBROmdXKG/Lb2x/cyTWtFJIXk=
x-amz-request-id: WZV2DK268HN6AVXX
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 22:12:21 GMT
age: 1144
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:25 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Expires, Pragma, Content-Length, ETag, Backoff, Cache-Control, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 22:17:26 GMT
age: 839
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ghtwf01.cn/
301 Moved Permanently 162 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Length: 162
Server: GitHub.com
Content-Type: text/html
Location: https://www.ghtwf01.cn/
X-GitHub-Request-Id: 9602:F9F1:26753B:27AEC6:64275F3D
Accept-Ranges: bytes
Date: Fri, 31 Mar 2023 22:31:25 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1644-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1680301886.568937,VS0,VE117
Vary: Accept-Encoding
X-Fastly-Request-ID: 1000ce6099429cf452c7c468c4ca1a4abf4bcc15
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b3df8c73360b4239af64e11f9d2388be
dc5463ff26615b40e4eab388052790d6c30ea5e6
877b23d16abf2e0e9f649f53747e82af0b75e8595abd71728254e612847cfdb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877B23D16ABF2E0E9F649F53747E82AF0B75E8595ABD71728254E612847CFDB6"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14716
Expires: Sat, 01 Apr 2023 02:36:41 GMT
Date: Fri, 31 Mar 2023 22:31:25 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CofUSQWoV2GB1r090qcOYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ooaDHIXTdnkeIajZYxRtYZpR+Y0=
www.ghtwf01.cn/
200 OK 12 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5927)
Hash 9602f6a8d0e9cf5c2485625690da551f
b122027bd5c1e56a7dafebe047436fff82d6bfa8
2cd996204d25d9a0704a34750f70a051fc72308764f077f56648a5d94158551d
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: W/"636c9a13-a6ef"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 7EB2:4C84:25E837:272184:64275F3D
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.150191,VS0,VE120
vary: Accept-Encoding
x-fastly-request-id: 2d69883d8bbc29332640e5edc5bd7d814bcf9c04
content-length: 11650
X-Firefox-Spdy: h2
cdn.pixabay.com/photo/2017/08/17/13/33/business-2651346_1280.jpg
200 OK 164 kB URL HTTP/2 cdn.pixabay.com/photo/2017/08/17/13/33/business-2651346_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 164 kB (163682 bytes)
Hash e82c9edc6f05c69101769e3898704c6c
68cb5cbaa283708a67bf9032944a545fbd51ffa9
2114d42070566662675b86c5a25725c9d47a2914bf3836394cfe8c4322a84491
GET /photo/2017/08/17/13/33/business-2651346_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 163682
cf-ray: 7b0c0ae64d81b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "e82c9edc6f05c69101769e3898704c6c"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Wed, 12 Oct 2022 01:16:52 GMT
vary: Accept-Encoding
cf-cache-status: HIT
x-amz-id-2: R2Y8BiUehTBUT4u/Yts182D+pHRsA4/c6D0poz+N0Jz9sQMSScMxLYC2on5SQJcQVGPgpa1xPZ0=
x-amz-replication-status: COMPLETED
x-amz-request-id: 2H1AYEMC5SMAG2ZP
x-amz-server-side-encryption: AES256
x-amz-version-id: cBkLp.6mP8NGEc_AfuzSJtAG8yvqY0vR
set-cookie: __cf_bm=dL6wDKJ_YZ4o1f92WCxqLyKHo9iJC0Ku8jE_g2eBGnc-1680301886-0-ASZumX41T1wamNjkHXddzfMKgF2kqsh6RpUBz+9C0ipqVVKd4WZ2rV/ddHGDEC79wpAeyJIOhw++m7seHxGBYLQ=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pixabay.com/photo/2015/05/31/10/55/man-791049_1280.jpg
200 OK 177 kB URL HTTP/2 cdn.pixabay.com/photo/2015/05/31/10/55/man-791049_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 177 kB (176707 bytes)
Hash 8c89af09c02e18ce2ea1a5050c14bc03
7a0784ff4a5789a1cbc0228930a7df1468560a66
bdf01acf119a5046d95872a935b6a02ced7d2763ffe027e4e5763f34ff7c6a3f
GET /photo/2015/05/31/10/55/man-791049_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 176707
cf-ray: 7b0c0ae65d90b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "8c89af09c02e18ce2ea1a5050c14bc03"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Tue, 11 Oct 2022 14:16:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
x-amz-id-2: hRzKQzxqVRag8nNQC2EX+y8Kqoe0Aps4mg9BIseZRi5Y6vEGOqlWGuIXMc683y1ODm30dmOZcGg=
x-amz-replication-status: COMPLETED
x-amz-request-id: EW7JCHANSXH7JXHM
x-amz-server-side-encryption: AES256
x-amz-version-id: SNFLOH1oFefZNjWQTPu4mjHOG.DbqmcJ
set-cookie: __cf_bm=A.gvKgae2AkLF1MPvM8w.OwBUCAQGJBWQJQ2ch7Eo18-1680301886-0-AZf5jaPrnFUsZ5PMUxstk5Km4Khu9dP8bMvUPxNh/733LH8CRJ5wJoOoK/aDiz6/43bHC5vWWhTVji4SWmobdIA=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pixabay.com/photo/2014/12/15/14/38/coffee-569178_1280.jpg
200 OK 166 kB URL HTTP/2 cdn.pixabay.com/photo/2014/12/15/14/38/coffee-569178_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x845, components 3\012- data
Size 166 kB (166023 bytes)
Hash e88e94c37ba39a4d1f3a0391fc004b2e
d9a69852d07aa3209f9e345af6edd94abdfd0244
62eb4f35da1c13182587edca17617e376b523eb5b4e3771f31b00251fb517d77
GET /photo/2014/12/15/14/38/coffee-569178_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 166023
cf-ray: 7b0c0ae65d84b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "e88e94c37ba39a4d1f3a0391fc004b2e"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Tue, 11 Oct 2022 12:44:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
x-amz-id-2: ttr/zd/HjHO20uFoKTzJ7SOoXUX4bsHO4TL3onlO2T5E1nET+EiuBztF6WWEiLJseSSMua7OsGw=
x-amz-replication-status: COMPLETED
x-amz-request-id: M7MRFB9MH28GP3MS
x-amz-server-side-encryption: AES256
x-amz-version-id: dzrkaciPO8vY_EUkQ8o9_0UCH3WD9nU5
set-cookie: __cf_bm=AqG9vDPmCvLjwbeoQ0mFXQK9KSi_IvAMRp3mIc0QpUU-1680301886-0-AcAxqofRwfXv98nxoYD8lB7Z5guuAjczwHzlDSgldYKBWNOOlkXHn9EjSYAmbBvlz15+8HF8rKhg8y/NcdnbBq4=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ghtwf01.cn/img/avatar.jpg
200 OK 17 kB URL HTTP/2 www.ghtwf01.cn/img/avatar.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x333, components 3\012- data
Hash 076e30ff484d86d9db6045d5e4cf1c19
be450a8c6abb4bad8b9ade766488f2a00281e204
79ed7df0d5c7e91a9d949ba24842c6227714ed5078666f3591c7aae5ab8ad578
GET /img/avatar.jpg HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: image/jpeg
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: "636c9a13-42c6"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 6C12:96C9:27309E:286A59:64275F3A
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.377741,VS0,VE120
vary: Accept-Encoding
x-fastly-request-id: fa408b3d56bb2ccf8935236627e41c23780d02a6
content-length: 17094
X-Firefox-Spdy: h2
www.ghtwf01.cn/css/index.css
200 OK 19 kB URL HTTP/2 www.ghtwf01.cn/css/index.css
IP
Hash 9ce9d515b850eecd25c716bc0905821f
b1ff1a7f97563e8ef42eee1e9e4b9196deba2c02
ac8d2bd6bccda7096f208032999ed94ff0e02e62f0d87fe894e01d1c759f3d8e
GET /css/index.css HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: text/css; charset=utf-8
last-modified: Thu, 10 Nov 2022 06:28:34 GMT
access-control-allow-origin: *
etag: W/"636c9a12-2143e"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 3040:5F31:267D5B:27B735:64275F3C
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.375558,VS0,VE124
vary: Accept-Encoding
x-fastly-request-id: 38ddc3dec708b328f827878c26ddf19d60069a05
content-length: 18735
X-Firefox-Spdy: h2
www.ghtwf01.cn/js/utils.js
200 OK 2.5 kB URL HTTP/2 www.ghtwf01.cn/js/utils.js
IP
Hash b42d24039cafbd3365a007cddc178484
2c5b277c670e6008c983d7f7edb2717b234f6a0c
bc15dcbf2f91f531c43457e4d996839cf6d19e2effac373b3fe5e2a082fe879c
Analyzer Verdict Alert fortinet Malware
GET /js/utils.js HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: W/"636c9a13-1e0f"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: D8EC:11A78:254F35:2688E4:64275F3E
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.382467,VS0,VE119
vary: Accept-Encoding
x-fastly-request-id: eacde2e954d921c76221f3d7950ada859154e57c
content-length: 2461
X-Firefox-Spdy: h2
www.ghtwf01.cn/js/main.js
200 OK 6.8 kB URL HTTP/2 www.ghtwf01.cn/js/main.js
IP
Hash d3993f385385686486f4b9aa5579c223
ba907aa339a6ceef15b560a82c3b88c6aee1ebfd
599c8bf56faaf9feec774d52db5eaa6cdf7ec2c422e8f2531b68e0499725282d
Analyzer Verdict Alert fortinet Malware
GET /js/main.js HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: W/"636c9a13-65f6"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 8FC2:4C84:25E84A:272194:64275F3E
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.383279,VS0,VE120
vary: Accept-Encoding
x-fastly-request-id: a418e615c84fa19ae2571cd816fd66c01d9bcd14
content-length: 6786
X-Firefox-Spdy: h2
www.ghtwf01.cn/js/search/local-search.js
200 OK 1.9 kB URL HTTP/2 www.ghtwf01.cn/js/search/local-search.js
IP
Hash 200da3be7d2a8e37ac6367d7cf0f7e22
e3323b8aa6c2c154472ced9135ef225283f376de
2e27d2dc35725504230f7466f4f453a07cabaed72e4fcf08b23dce612182f75b
Analyzer Verdict Alert fortinet Malware
GET /js/search/local-search.js HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: W/"636c9a13-1972"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 8908:D209:262F8A:2768CF:64275F3D
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301886.385153,VS0,VE136
vary: Accept-Encoding
x-fastly-request-id: 65371c9be5c41e88929613b9aa07764632486d83
content-length: 1917
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 7977e02e5acca4207ca6da010d599727
ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471
13c97066287fcb8826c8fd47c1c53caee0c8f8207701709ea27435c9b37933d3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 22:31:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 31 Mar 2023 11:49:58 GMT
Expires: Fri, 07 Apr 2023 11:49:57 GMT
Etag: "ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471"
Cache-Control: max-age=565710,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b0c0ae5fd560b39-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 7977e02e5acca4207ca6da010d599727
ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471
13c97066287fcb8826c8fd47c1c53caee0c8f8207701709ea27435c9b37933d3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 22:31:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 31 Mar 2023 11:49:58 GMT
Expires: Fri, 07 Apr 2023 11:49:57 GMT
Etag: "ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471"
Cache-Control: max-age=565710,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b0c0ae6ec400afa-OSL
cdn.pixabay.com/photo/2018/09/21/15/06/notepad-3693309_1280.jpg
200 OK 56 kB URL HTTP/2 cdn.pixabay.com/photo/2018/09/21/15/06/notepad-3693309_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x719, components 3\012- data
Hash a2d6a9757b65e8d759afdcfe9bf13b66
75c1eaf05f7fd6b671a02542de004dba94e81f72
8110c12c0b23aaf0bda19fc607c7440d9d22f26da619c39a4f15785c8fc7508c
GET /photo/2018/09/21/15/06/notepad-3693309_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 55797
cf-ray: 7b0c0ae65d8db505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "a2d6a9757b65e8d759afdcfe9bf13b66"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Wed, 12 Oct 2022 06:46:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-amz-id-2: 2IiZ/gQYc+l5sNOFIqrF0nCfCF0KST5hn9r4ajsS70QdbsGUtJAfwk027D2eoDQGEra+hh64kcM=
x-amz-replication-status: COMPLETED
x-amz-request-id: Q1ZNFDDWZCPB0GVG
x-amz-server-side-encryption: AES256
x-amz-version-id: Pku1t7ULaXOHlCfBXFwcmRm5lmt2M6I0
set-cookie: __cf_bm=VnqvKiQ1JkObz8QwzahLGdTCYzIG7WQBpYJLyw9NgD8-1680301886-0-AY24I1rkoMwwrFCxEMuU0ZGv3l6vOoeAqo7kjaJZiYCfz8ONyYnnJ2DBxBJVgvSgTOO6/C64JCrgZ1qHoOvxmwM=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pixabay.com/photo/2015/07/15/11/53/woodtype-846088_1280.jpg
200 OK 315 kB URL HTTP/2 cdn.pixabay.com/photo/2015/07/15/11/53/woodtype-846088_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 315 kB (315148 bytes)
Hash df03615b79fb12ff5921edb6f30c992d
a79965a8f0c1e775563b103303605ee3a0f75829
6f8a1c57c865509fd26782c2bc35fa2bfbf264f8d7a1c2bac32c65572e425f8b
GET /photo/2015/07/15/11/53/woodtype-846088_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 315148
cf-ray: 7b0c0ae65d86b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "df03615b79fb12ff5921edb6f30c992d"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Tue, 11 Oct 2022 14:37:12 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-amz-id-2: xtQyz0ViZUXQigoZz6y814/zyaDn91of3hZ1ngK6suPNFH/YQ2CzmPriqApTIbDdYjNHv8BxBNo=
x-amz-replication-status: COMPLETED
x-amz-request-id: Q1ZZPT0MTQ3ZESX8
x-amz-server-side-encryption: AES256
x-amz-version-id: BkIap1gH73AnpxWoBQqZREq0jUIJPnsw
set-cookie: __cf_bm=Ktiine80UEAJeyPf5zAxxcmfyCQ1oAx73F9TLpF7rOI-1680301886-0-AaJZDj8VoQ41OwZ5FqTdyCLRWbHNoInHV1n9c5WpHgEYovc5rZwdC+KsY8OF65FReo6j2iHnmdej+wgcvNuWP7s=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ghtwf01.cn/img/background.png
200 OK 950 kB URL HTTP/2 www.ghtwf01.cn/img/background.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2695x1851, components 3\012- data
Size 950 kB (949636 bytes)
Hash e831281a9d9a7f91c4217a2e076c2ca3
7f6cd0c72c42393f8e77a9bf85cbd89f591e4179
077a765ede666be82db28799cd763417fbcebc49589cbd8709e3e848cdcbb6b7
GET /img/background.png HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: image/png
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: "636c9a13-e7d84"
expires: Fri, 31 Mar 2023 22:41:26 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 2620:01E7:25A02D:26DA34:64275F3A
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301887.567923,VS0,VE197
vary: Accept-Encoding
x-fastly-request-id: 649e1de8d5eb2a671f124ce2a2b1052fd616d232
content-length: 949636
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 7977e02e5acca4207ca6da010d599727
ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471
13c97066287fcb8826c8fd47c1c53caee0c8f8207701709ea27435c9b37933d3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 22:31:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 31 Mar 2023 11:49:58 GMT
Expires: Fri, 07 Apr 2023 11:49:57 GMT
Etag: "ba2d85aadaaaa6e6e2dd0491c1e94885fba3b471"
Cache-Control: max-age=565710,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b0c0ae6ef99b511-OSL
cdn.pixabay.com/photo/2020/04/02/12/28/clef-4994941_1280.jpg
200 OK 116 kB URL HTTP/2 cdn.pixabay.com/photo/2020/04/02/12/28/clef-4994941_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 116 kB (116155 bytes)
Hash 0dd28a353a4b18ad34d11f52a405fe88
cb548b18900bcc9572e7fd6e04f17b202a303cc0
ef1c7af716bff46d35589197e891bfe9297b88f12d5b76e80d83ef2122bff260
GET /photo/2020/04/02/12/28/clef-4994941_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 116155
cf-ray: 7b0c0ae65d88b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "0dd28a353a4b18ad34d11f52a405fe88"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Wed, 12 Oct 2022 13:13:32 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-amz-id-2: IcyWEPzlPFNgoVi6wb9osAiQGMeloY3X8mPcMHWOoJWQLg+7undrzkut154XGv7HQjivENixp30=
x-amz-replication-status: COMPLETED
x-amz-request-id: Q1ZS77C2BR5DYWDJ
x-amz-server-side-encryption: AES256
x-amz-version-id: vH9L3dou3IeDhGPnd6lqDsGF68mth9a4
set-cookie: __cf_bm=UmL1iTESRYA4i9RlkTIeu0_mjbdcJONTaAFEDqxgLTU-1680301886-0-AeXUgAiPdracNaq9z7pCH+eEggCia4qkOBINX4AG6bAU3vC+OtsLkpc4ZYLCFycYXbFtEp2zG5sAfoRnX4VIyYE=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pixabay.com/photo/2019/09/17/18/48/computer-4484282_1280.jpg
200 OK 203 kB URL HTTP/2 cdn.pixabay.com/photo/2019/09/17/18/48/computer-4484282_1280.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 203 kB (202895 bytes)
Hash db238fd81fc58ed9d3eff6003e6a79be
ecf8ed89937403120688be50a4ed73ec33ff5287
477b850354ec1a6f5d1db5423ce11a5d6726987301ff462de3a932e041186bac
GET /photo/2019/09/17/18/48/computer-4484282_1280.jpg HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: binary/octet-stream
content-length: 202895
cf-ray: 7b0c0ae65d91b505-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
etag: "db238fd81fc58ed9d3eff6003e6a79be"
expires: Sat, 30 Mar 2024 22:31:26 GMT
last-modified: Wed, 12 Oct 2022 10:13:53 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-amz-id-2: ZU3iLW6PQlcCr5dqvDr+fHQrl9VmRAI6LM/Bk2Hc/GvXCqV5TlGSWZ2loCGOthrkysIMW8JCfo0=
x-amz-replication-status: COMPLETED
x-amz-request-id: Q1ZSQ4RWF3WJ7X7C
x-amz-server-side-encryption: AES256
x-amz-version-id: rXGtQkpmPDc.8UaYmZUL93Sk3a.MkAjd
set-cookie: __cf_bm=9KG1RNdA9iJUzQ92d3wPGYL7MIPDb_3Ed3y2sbibjlI-1680301886-0-Acg3Q81XUxfIWDHbmgvz7JxohhFxOADPM5OJvEJKc3Fexmv3KDSXEf3VdRikdTJ9UAk8neby5DEN+DNeG/7TmLU=; path=/; expires=Fri, 31-Mar-23 23:01:26 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2
200 OK 150 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2
IP
ASN #58286 Electric-IT Business S.R.L.
File type Web Open Font Format (Version 2), TrueType, length 150124, version 772.256\012- data
Size 150 kB (150124 bytes)
Hash c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
GET /npm/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ghtwf01.cn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: font/woff2
content-length: 150124
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 6.4.0
x-jsd-version-type: version
etag: W/"24a6c-a5mqZQvRKjbKoU4BJ0Ndj0zTunM"
cache: HIT, STALE
x-cached-since: 2023-03-31T01:18:49+00:00, 2023-03-31T01:54:45+00:00
x-id: am3-up-gc88, osix-up-gc4
x-nginx: nginx-be, nginx-be
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2
200 OK 25 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2
IP
ASN #58286 Electric-IT Business S.R.L.
File type Web Open Font Format (Version 2), TrueType, length 24948, version 772.256\012- data
Hash 61f30b79daf5b31f0d254a31fba66158
fb363d27cfdfe71a243fa2ac3dab2815232b9b7e
8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35
GET /npm/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ghtwf01.cn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: font/woff2
content-length: 24948
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 6.4.0
x-jsd-version-type: version
etag: W/"6174-+zY9J8/f5xokP6KsPasoFSMrm34"
cache: HIT, STALE
x-cached-since: 2023-03-28T06:34:30+00:00, 2023-03-31T01:54:45+00:00
x-id: am3-up-gc89, osix-up-gc4
x-nginx: nginx-be, nginx-be
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4ad1e39c813fe2e3850d2e6557498c74
fcb85209a9fdbe64cf795a59b4ceff269b8ac3d0
254dbd3125d0f5572f78191b50e988017c028223462aeb36bec85184f3c3485f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "254DBD3125D0F5572F78191B50E988017C028223462AEB36BEC85184F3C3485F"
Last-Modified: Thu, 30 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1475
Expires: Fri, 31 Mar 2023 22:56:02 GMT
Date: Fri, 31 Mar 2023 22:31:27 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-brands-400.woff2
200 OK 108 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts/fa-brands-400.woff2
IP
ASN #58286 Electric-IT Business S.R.L.
File type Web Open Font Format (Version 2), TrueType, length 108020, version 772.256\012- data
Size 108 kB (108020 bytes)
Hash 8b0ddedbb27cbc9971c8667caa8a0cc1
4350f9ba93384634faf35f41c503c99c767f1069
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
GET /npm/@fortawesome/fontawesome-free/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ghtwf01.cn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: font/woff2
content-length: 108020
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 6.4.0
x-jsd-version-type: version
etag: W/"1a5f4-Q1D5upM4RjT6819BxQPJnHZ/EGk"
cache: HIT, STALE
x-cached-since: 2023-03-31T01:27:56+00:00, 2023-03-31T01:54:45+00:00
x-id: am3-up-gc88, osix-up-gc4
x-nginx: nginx-be, nginx-be
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9039
Expires: Sat, 01 Apr 2023 01:02:06 GMT
Date: Fri, 31 Mar 2023 22:31:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9039
Expires: Sat, 01 Apr 2023 01:02:06 GMT
Date: Fri, 31 Mar 2023 22:31:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9039
Expires: Sat, 01 Apr 2023 01:02:06 GMT
Date: Fri, 31 Mar 2023 22:31:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9039
Expires: Sat, 01 Apr 2023 01:02:06 GMT
Date: Fri, 31 Mar 2023 22:31:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg
200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7abfd37bfd9b14a195c3de2d399b6d8a
65c966c2dd0015ffa61acea36212a538eccd5fd9
c80e0dc705226d0b96fbb2fc7dde331ba5ebca2e887d6b77661d7c6a6efdd49d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14764
x-amzn-requestid: 76fa5c4f-2fa7-4310-9ad8-80cd096fb636
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqnIXF_aoAMFtGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64275235-2846a8ee4376c7c02a919ed9;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:35:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: amQTkLCNC_uZPfK4WtkXyNuYaMI6-5epIiCmGNB6Day7oExaNKO9Hw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:49:55 GMT
age: 2492
etag: "65c966c2dd0015ffa61acea36212a538eccd5fd9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js
200 OK 1.9 kB URL HTTP/2 busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js
IP
File type ASCII text, with very long lines (1938)
Hash f9ab2dc5d28224db1c6338486ea7ae92
a30fcd42f277944e6524b99f2412b1f01880b813
0471fe90ad450f642e15aa79134b7bb6a2b2fd7e88349948fbe60747062ab25e
GET /busuanzi/2.3/busuanzi.pure.mini.js HTTP/1.1
Host: busuanzi.ibruce.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 31 Mar 2023 22:31:27 GMT
content-type: application/javascript
content-length: 1939
last-modified: Mon, 23 Nov 2020 05:39:59 GMT
etag: "5fbb4b2f-793"
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: k7ZzBBGmbX5OCG_u8RwOqyLQBvohNe643wpsd3Srg2hoxh55aqSV6A==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:38:48 GMT
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
age: 3159
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 613b90b49678a72443e992713b7eb711
f4216e9b06d9cb62aadfafce434789a3cc5d1fe2
7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 800eecdb-6883-4266-a476-7e3ce7985d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClVE3HmcoAMF9cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253552-6ee0d63805e7a9631efa30fd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:08:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: coKmHNJLD7miKkRqU3JiHYurjgK5WSnLuwTfw9uNohVOXv-7XjVatg==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 07:43:53 GMT
age: 53254
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b04f715-df83-425c-b3e1-5703d926f759.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b04f715-df83-425c-b3e1-5703d926f759.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a88f6c7b5bce83cc00e9e8271cf56702
21835a62ac378c55a61a762636b811a837749648
40b4e80bf0a5ac477804025c56beb2263d77a9f84933eabf6d464589e6f1d573
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b04f715-df83-425c-b3e1-5703d926f759.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5257
x-amzn-requestid: 694e361b-d59f-4a35-b547-de5a42689670
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClU6mHJuIAMF5Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253510-4f0d883b2f15ceee32b013da;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:06:56 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: -nOAcLEHo6i5uOJHpDTP9r7bI0F9okpHJ77bPkOEvUpPKmRWebrwZw==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 07:30:05 GMT
age: 54082
etag: "21835a62ac378c55a61a762636b811a837749648"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ff5ce6b-6aa5-4dee-8d16-aa3f8b265b59.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ff5ce6b-6aa5-4dee-8d16-aa3f8b265b59.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95b4bec205ae2333b5364e6c6bcc0bbf
931e351c6f6938fae4988f25297f010acd48a6ae
dc0a45c6e520ced7b4f0d936c58289be840d22ed09db6f4814456cdf1448e934
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ff5ce6b-6aa5-4dee-8d16-aa3f8b265b59.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6416
x-amzn-requestid: 67096d91-717f-4063-8eb0-27861e962b2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CiCLOFgZoAMF3xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6423e3e1-47604c2a497b529e72d91a85;Sampled=0
x-amzn-remapped-date: Wed, 29 Mar 2023 07:08:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LEsZTvaedZGhAea0MVs1L1MOrwxuJ6k0adgL_2UHKOyEwxrUaJznSg==
via: 1.1 0a166b53605851fe961f5a2952e5a748.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 10:42:58 GMT
age: 42509
etag: "931e351c6f6938fae4988f25297f010acd48a6ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63f65b3207378879c6e794007b8a11ee
f0ee85f6acc45822ca5dc638bedefb21618d9127
dadd45018a3f500653176e5d585284fa28ca8140ec71c666feb4ab1b93f54c54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8479
x-amzn-requestid: 918a80ec-9fed-420b-b213-3c7e34e007ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9WEw_IAMF53g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-7cdad9533b2617c0043823f2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 5k1BvSMuAPqwe3p5nriPjlGSoNbEV8HCa7pwF2_Bx0C6s5hNB0Ea4Q==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:58:10 GMT
etag: "f0ee85f6acc45822ca5dc638bedefb21618d9127"
content-type: image/jpeg
age: 1997
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.ghtwf01.cn/img/favicon.png
200 OK 323 B URL HTTP/2 www.ghtwf01.cn/img/favicon.png
IP
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 7a8c47cb5a2149c1a1af21e90ecd9ca7
3cf89864b4f6c9b532522a4d260a2e887971c92d
f89e1bc59b25ec8f54e7d3864f56b92bf6ceb6c25eadc1276958f42674bf1c1f
GET /img/favicon.png HTTP/1.1
Host: www.ghtwf01.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: GitHub.com
content-type: image/png
x-origin-cache: HIT
last-modified: Thu, 10 Nov 2022 06:28:35 GMT
access-control-allow-origin: *
etag: "636c9a13-143"
expires: Fri, 31 Mar 2023 22:41:27 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: EF90:6704:240BB7:254422:64275F3D
accept-ranges: bytes
date: Fri, 31 Mar 2023 22:31:27 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1626-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680301887.236223,VS0,VE135
vary: Accept-Encoding
x-fastly-request-id: e14a0a9634ead1c870259f640c499e77032ccda5
content-length: 323
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css
200 OK 70 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css
IP
ASN #58286 Electric-IT Business S.R.L.
File type ASCII text, with very long lines (52276)
Hash 20cd95472f462f63c8a454f2cb9082dd
121e66cfd91b5bb36b35f9a0fb2a545d0e44ce74
23c08c8a57b7d776dcf28ba7851c4fd477c01ca1f98cad5205eaf9d02d661225
GET /npm/@fortawesome/fontawesome-free/css/all.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 6.4.0
x-jsd-version-type: version
etag: W/"18e89-jAbYJznRSwlP9tkDYCGiUr0dmF0"
content-encoding: br
cache: HIT, HIT
x-cached-since: 2023-03-28T07:08:33+00:00, 2023-03-31T14:01:16+00:00
x-id: am3-up-gc88, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
busuanzi.ibruce.info/busuanzi?jsonpCallback=BusuanziCallback_43530460029
200 OK 106 B URL HTTP/2 busuanzi.ibruce.info/busuanzi?jsonpCallback=BusuanziCallback_43530460029
IP
File type ASCII text, with no line terminators
Hash 43ddf4e1d8c9be09b9cf42d30dcc20a3
f8afdf8d881fad605a85bea4d71001c655645163
80bf29c78daee4acc7c5047563220ae26c046e844d6dac7d1e266e8196ee72df
GET /busuanzi?jsonpCallback=BusuanziCallback_43530460029 HTTP/1.1
Host: busuanzi.ibruce.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 31 Mar 2023 22:31:27 GMT
content-type: application/json
content-length: 106
set-cookie: busuanziId=01BDB44FA2EF48BB9BDB3249DBCE7838; Path=/; httponly; secure; SameSite=None; Domain=busuanzi.ibruce.info; Secure
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20230329/r20190131/zrt_lookup.html
200 OK 4.5 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230329/r20190131/zrt_lookup.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3205)
Hash bad17ab9662318e8927e5009c83c2ad1
53ded630f95abe04b7b77d43076bf71b9ea71c02
68da39270ebfa6d17f4b765cbe004797a736611585ff0c53213d91f78f13c260
GET /pagead/html/r20230329/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4549
x-xss-protection: 0
date: Fri, 31 Mar 2023 02:50:55 GMT
expires: Fri, 14 Apr 2023 02:50:55 GMT
cache-control: public, max-age=1209600
age: 70832
etag: 2378337311435320485
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 13aea90b56c70f627cf1b6cf76bc9317
3a4a5bf198962f4898565cb59d36c840dbfb455f
e687f0b713563125f2e84ac8ed135c56fd2ed704de83a2597695979df25f8864
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 13aea90b56c70f627cf1b6cf76bc9317
3a4a5bf198962f4898565cb59d36c840dbfb455f
e687f0b713563125f2e84ac8ed135c56fd2ed704de83a2597695979df25f8864
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c805a5c8d88d63e317a631e82533b14
c9c70d6d8c42c5690e57e1d3b0b6331a8b1ec1a7
4957e91e8473ee4aaf83db07185ba4a0eab8f9b5687d566e65cb5f4028071183
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.ghtwf01.cn
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.ghtwf01.cn
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.ghtwf01.cn HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 22:31:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=www.ghtwf01.cn
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.ghtwf01.cn
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.ghtwf01.cn HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 22:31:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c805a5c8d88d63e317a631e82533b14
c9c70d6d8c42c5690e57e1d3b0b6331a8b1ec1a7
4957e91e8473ee4aaf83db07185ba4a0eab8f9b5687d566e65cb5f4028071183
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a8070f57a419ebadd7e2c6115eeed394
4657b655f2cf17f0d74631eb01f0a1424c910a09
475c1a60dbc19591f91707b7e436215d7cb7f22c74c5d5035ec103a7fa9469a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Fri, 31 Mar 2023 22:31:27 GMT
expires: Fri, 31 Mar 2023 22:31:27 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 11:44:47 GMT
expires: Sat, 30 Mar 2024 11:44:47 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 38800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 741a2f47aab81a2c7ed0fadaa1fa74e3
be34e0df4a5f272589a017ce77ece974d890f27c
4ea1737c8246072ea1072314ae684c1f7e518a81a5200c46374e47378bfb6b63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:31:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 3b1dfdcf33971f0d3473f2fc7ed201eb
fb40dd79aea784e117ddea36530d3b9ef8f2112d
5255580678d6fce6ed7b6d5ecf1b52bfa806976f13fd3bd2a776fec83de54f0e
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 31 Mar 2023 22:31:28 GMT
date: Fri, 31 Mar 2023 22:31:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-b6dP7gGJzX0eiDSzXnRA0A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js
200 OK 3.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js
IP
ASN #58286 Electric-IT Business S.R.L.
File type ASCII text, with very long lines (11549)
Hash 7ce615fc0f8c2a94d16a74ea692fcd0f
0f41e4fc2eb24e7fa948a4e181ee82385cc035f5
73df0062c9ccd7be271518cb23c05a3329dccde46b15f2e53500ee71562af55e
GET /npm/typed.js/lib/typed.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 2.0.12
x-jsd-version-type: version
etag: W/"2e10-6vJ5gph5DsP60X9saLXTsC39Bpw"
content-encoding: br
cache: MISS, STALE
x-cached-since: 2023-03-31T01:54:41+00:00
x-id: am3-up-gc88, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0016adbc-9eaa-41a0-88fb-97c440b93a00.jpeg
200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0016adbc-9eaa-41a0-88fb-97c440b93a00.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c528a914643f270c39c913daaf18baa3
e4c2d95a58e2b4a70956969b2418cc7d02b5d267
1163759cb7d40315bfdb8be80957c1ed2cc85b41159ab402acbd1dac62bd3599
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0016adbc-9eaa-41a0-88fb-97c440b93a00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3681
x-amzn-requestid: 995c0201-ebb0-4aa5-9d26-87cb92fbcfa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqnHKFoVoAMFp1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427522d-365b465e628d402065ed1749;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:35:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AD6GOV4T7JOKCh7aEGbDWMVO_RGRlEW1m425FrHzX68lonWjKXk-bQ==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:47:54 GMT
age: 2620
etag: "e4c2d95a58e2b4a70956969b2418cc7d02b5d267"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js
IP
ASN #58286 Electric-IT Business S.R.L.
GET /npm/@fancyapps/ui/dist/fancybox.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.0.31
x-jsd-version-type: version
etag: W/"19dc2-52bkaOTwF7UaZDZI9rTwUYfEHWs"
content-encoding: br
cache: HIT, STALE
x-cached-since: 2023-03-28T06:48:09+00:00, 2023-03-31T01:54:34+00:00
x-id: am3-up-gc89, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css
200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css
IP
ASN #58286 Electric-IT Business S.R.L.
GET /npm/@fancyapps/ui/dist/fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ghtwf01.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:31:26 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.0.31
x-jsd-version-type: version
etag: W/"3e06-vOIOi9srO0DvNkc4R6jiqW4H74E"
content-encoding: br
cache: HIT, STALE
x-cached-since: 2023-03-28T07:00:48+00:00, 2023-03-31T01:54:34+00:00
x-id: am3-up-gc88, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2
185.199.111.153
23.36.76.226
185.244.209.62
104.18.32.68