r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20231
Expires: Thu, 08 Dec 2022 13:48:43 GMT
Date: Thu, 08 Dec 2022 08:11:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10171
Expires: Thu, 08 Dec 2022 11:01:03 GMT
Date: Thu, 08 Dec 2022 08:11:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3340
Expires: Thu, 08 Dec 2022 09:07:12 GMT
Date: Thu, 08 Dec 2022 08:11:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/json
age: 201
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jTa091aZZfGmfBRs3BI/b8UQCtJX8Z5xxCrsq4n9R9WRc+uWVfQzoOfGyD9ZHbTYkItniheV6kA=
x-amz-request-id: 3QY9HARQ102BXP2M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 07:47:50 GMT
age: 1422
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
vivigirl.net/
38.238.98.24301 Moved Permanently 0 B IP 38.238.98.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: vivigirl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 08 Dec 2022 08:11:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.vivigirl.net/index.php
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 08:07:55 GMT
age: 217
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5346
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:32 GMT
Last-Modified: Thu, 08 Dec 2022 06:42:26 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
www.vivigirl.net/index.php
38.238.98.24200 OK 535 B URL HTTP/1.1 www.vivigirl.net/index.php
IP 38.238.98.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (646), with CRLF line terminators
Hash aa50783eafadd68a83e74950a18307e5
e1dbe9f2012c0bd29b9ecbfd2b672cce5f11906d
eb4662d334dc91f3ddf12042258ab9dc8f34fd04677e580c66799fc197a30acd
GET /index.php HTTP/1.1
Host: www.vivigirl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 08:11:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
54.189.139.67101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.139.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1K5TYslel24blXv3JSnacQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aUaysg3j04SSxknzHcX0fS1uvNI=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7721
Expires: Thu, 08 Dec 2022 10:20:14 GMT
Date: Thu, 08 Dec 2022 08:11:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7721
Expires: Thu, 08 Dec 2022 10:20:14 GMT
Date: Thu, 08 Dec 2022 08:11:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7721
Expires: Thu, 08 Dec 2022 10:20:14 GMT
Date: Thu, 08 Dec 2022 08:11:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7721
Expires: Thu, 08 Dec 2022 10:20:14 GMT
Date: Thu, 08 Dec 2022 08:11:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7721
Expires: Thu, 08 Dec 2022 10:20:14 GMT
Date: Thu, 08 Dec 2022 08:11:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce35df4fe4f77c950e40dc44b311bab4
aadf97d040e3577599581e892ee20f88d191bf91
f9c4cfc384213f77c0bbb252f3d6fbc22be60e1ecc158eece857d5050c8ced3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5620
x-amzn-requestid: fadda084-c7fc-4ec0-bad0-27e97b8349d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gHGIMIAMFy_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-5dc824963fe82ab927205128;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ITQgs0jVosYx5zvT7j4YLqGZ1HEmsNgartV3g8uaNuJHs4VqVs50OQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:47:24 GMT
age: 37449
etag: "aadf97d040e3577599581e892ee20f88d191bf91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 31094
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbdf939d23b987fd36a86b7a1258b10d
2cad45ad8e56699db3457501cf1e488fe85d479a
285a8a3d3ec439f493ca5d586477c3e3ed3b9e5d7a0133da73c426b69e112cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:51:32 GMT
age: 37201
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 35240
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bdf4703f3372054a7aadce1cb0e11bd0
84d060f66accd412503d52c385ee47cb35795c07
c5853b653ee328e567e2456be12450e04c1704ed64fb6234f008532e4b6c8363
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3744
x-amzn-requestid: 73eab74b-e50c-46d1-adde-3ef85fb772f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlj7FDiIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb618-70ffb1925e3a9ef6081d1cd1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F-LcglSz1NX1Q2t84r1dv0vQzONyYMhlGB6TdS6CeKf9I8Krk1mDUg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:05:24 GMT
age: 36369
etag: "84d060f66accd412503d52c385ee47cb35795c07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 10:23:11 GMT
age: 78502
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.vivigirl.net/tj.js
38.238.98.24200 OK 258 B IP 38.238.98.24:0
File type ASCII text, with CRLF line terminators
Hash e56c80c846be4bd52375e858560a6e78
21e433ee9d8d892015046b46670ebfa7b21e3957
88424f6f12dab1d8655fe9834459d6fb364ec53193bf5ccf85425ac135820095
GET /tj.js HTTP/1.1
Host: www.vivigirl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.vivigirl.net/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 08:11:33 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
www.vivigirl.net/common.js
38.238.98.24200 OK 675 B URL HTTP/1.1 www.vivigirl.net/common.js
IP 38.238.98.24:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1295), with no line terminators
Hash c4468d295a1d3238c2027545ae9e0eb5
67f72e9a83bc89c6535fe1f6738ddcda957c9b15
1f4228c735498bc33d130a08f893d8a5f53df6759b1e46dffb589d7e30432385
GET /common.js HTTP/1.1
Host: www.vivigirl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.vivigirl.net/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 08:11:33 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.vivigirl.net/favicon.ico
38.238.98.24200 OK 1.2 kB URL HTTP/1.1 www.vivigirl.net/favicon.ico
IP 38.238.98.24:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.vivigirl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.vivigirl.net/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 08:11:33 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Tue, 13 Dec 2022 08:11:33 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash a1e9680e5cfa3e165e0ae15fb0ff0c76
1a7c70ac415d2ff40e3b36245df346f56b6ad21c
3bce87771a4ff4226547d573b8b268d7d7a9c4586df7687c4f2ee87ca7912ef1
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:11:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 12 Dec 2022 05:44:28 GMT
ETag: "1a7c70ac415d2ff40e3b36245df346f56b6ad21c"
Last-Modified: Thu, 08 Dec 2022 05:44:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2018
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776407f1fd6d0b69-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b05f0e86ee7d7c1e8e6883f829210fd5
72a0935c393cd08df13a3d88658c75aa7dd17c2a
27cc0599ef52fb3a0e493a03aa0f40e0d37c822002b78c033a23ce68be89a739
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27CC0599EF52FB3A0E493A03AA0F40E0D37C822002B78C033A23CE68BE89A739"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Thu, 08 Dec 2022 14:11:21 GMT
Date: Thu, 08 Dec 2022 08:11:34 GMT
Connection: keep-alive
hm.baidu.com/hm.js?37a1edbd469ce3c3803a7b50459c8add
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?37a1edbd469ce3c3803a7b50459c8add
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (619)
Hash 8818572fe2d2e6b35ddba301a09526ec
fb2b1d299f422e908f81a6788646b755ddae8e5f
d697df8f72b0bd6f188df7d826fa8f941619f45f7fcfbf9d9bc6bebfb9eabd24
GET /hm.js?37a1edbd469ce3c3803a7b50459c8add HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.vivigirl.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Thu, 08 Dec 2022 08:11:34 GMT
Etag: 761defa46a12d37c5eaa9fac0f3ff596
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3A8269F68C8E70B2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1761956442&si=37a1edbd469ce3c3803a7b50459c8add&v=1.3.0&lv=1&sn=65479&r=0&ww=1280&u=http%3A%2F%2Fwww.vivigirl.net%2Findex.php&tt=%E5%90%89%E6%9E%97%E7%8B%88%E5%A7%A8%E4%BC%9A%E5%B1%95%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1761956442&si=37a1edbd469ce3c3803a7b50459c8add&v=1.3.0&lv=1&sn=65479&r=0&ww=1280&u=http%3A%2F%2Fwww.vivigirl.net%2Findex.php&tt=%E5%90%89%E6%9E%97%E7%8B%88%E5%A7%A8%E4%BC%9A%E5%B1%95%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1761956442&si=37a1edbd469ce3c3803a7b50459c8add&v=1.3.0&lv=1&sn=65479&r=0&ww=1280&u=http%3A%2F%2Fwww.vivigirl.net%2Findex.php&tt=%E5%90%89%E6%9E%97%E7%8B%88%E5%A7%A8%E4%BC%9A%E5%B1%95%E6%9C%8D%E5%8A%A1%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.vivigirl.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 08 Dec 2022 08:11:35 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=9D1778389F4D510F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash edaa4c744a30e010c82beff94f079933
75811c153c2fa93c0e1e68fd1c94ead8f9799384
0d2c73114d2d8617448d56105d4ace72014a392066d5d5ef727fd14ec03a3533
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D2C73114D2D8617448D56105D4ACE72014A392066D5D5EF727FD14EC03A3533"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15632
Expires: Thu, 08 Dec 2022 12:32:07 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8b75e902a5f463af77b6c481a115aa92
a51231e5c3da5100578d6e9a81dd23d083ea0e02
3b1b035b773bdb05daeb3e9c03833ab30f2a56cdbbe4efa2530af43de3aa5316
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B1B035B773BDB05DAEB3E9C03833AB30F2A56CDBBE4EFA2530AF43DE3AA5316"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12201
Expires: Thu, 08 Dec 2022 11:34:56 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8b75e902a5f463af77b6c481a115aa92
a51231e5c3da5100578d6e9a81dd23d083ea0e02
3b1b035b773bdb05daeb3e9c03833ab30f2a56cdbbe4efa2530af43de3aa5316
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B1B035B773BDB05DAEB3E9C03833AB30F2A56CDBBE4EFA2530AF43DE3AA5316"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19024
Expires: Thu, 08 Dec 2022 13:28:39 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 205488b0c1c28f64eb7bbe4ee455ac00
8be0b05eaef5ed80bd8912921579778333f0e86b
7de0b94cdad0887645bde33ff8fbce13ba0b28dc9f0257318fa4ecc3f45eb726
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DE0B94CDAD0887645BDE33FF8FBCE13BA0B28DC9F0257318FA4ECC3F45EB726"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17826
Expires: Thu, 08 Dec 2022 13:08:41 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 205488b0c1c28f64eb7bbe4ee455ac00
8be0b05eaef5ed80bd8912921579778333f0e86b
7de0b94cdad0887645bde33ff8fbce13ba0b28dc9f0257318fa4ecc3f45eb726
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DE0B94CDAD0887645BDE33FF8FBCE13BA0B28DC9F0257318FA4ECC3F45EB726"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17826
Expires: Thu, 08 Dec 2022 13:08:41 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f28588f5ab0fe5fb466db81b009e3cbb
b63a4a863690733d72704fb4f167a8be74088c76
b3e2bc4512a43524eb0c87330643cc3e6bb1838ce06349c028670658e7e04d41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3E2BC4512A43524EB0C87330643CC3E6BB1838CE06349C028670658E7E04D41"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Dec 2022 14:11:35 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
xb3.hadhd.com/
156.251.146.196200 OK 10 kB IP 156.251.146.196:0
Hash 47584641e30e614e87ed6146cc312922
f781952b35e63d2b6bffdad71178575b06bfba1f
84a28d8f49b1d949318da58772bb21de6661a8d1ace7b78bf7021ebdc3f733ff
GET / HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.vivigirl.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:34 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/app3.js
156.251.146.196200 OK 1.0 kB URL HTTP/2 xb3.hadhd.com/template/web/app3.js
IP 156.251.146.196:0
File type HTML document, Unicode text, UTF-8 text
Hash d7ceae1b1bf4f755728d4419cf8734b7
fef9265340695e995de06991be83bd0acf5f9b1b
b2d97042ac92df78d4ad89e2564369161378996c4a127582ae39f8164fc78ff9
GET /template/web/app3.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
content-length: 1023
last-modified: Wed, 07 Dec 2022 16:25:43 GMT
etag: "6390be87-3ff"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 205488b0c1c28f64eb7bbe4ee455ac00
8be0b05eaef5ed80bd8912921579778333f0e86b
7de0b94cdad0887645bde33ff8fbce13ba0b28dc9f0257318fa4ecc3f45eb726
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DE0B94CDAD0887645BDE33FF8FBCE13BA0B28DC9F0257318FA4ECC3F45EB726"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17786
Expires: Thu, 08 Dec 2022 13:08:01 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
pic1.semaobf1.com/20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg
5.180.83.41200 OK 7.8 kB URL HTTP/1.1 pic1.semaobf1.com/20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 0faf389aa26e00b50ba31236d7aa757c
0331ae9c7ae00212ba595b36d920d2b25d018cf9
0334ee949db00220fe6b879038dea459cec5f8dbadb3abd373ece4d41f5ec866
GET /20221111/9F4374017DA84EE8/9F4374017DA84EE8.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 7827
Last-Modified: Sat, 19 Nov 2022 05:59:28 GMT
Connection: keep-alive
ETag: "637870c0-1e93"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221109/CE9255B9862726F9/CE9255B9862726F9.jpg
5.180.83.41200 OK 7.3 kB URL HTTP/1.1 pic1.semaobf1.com/20221109/CE9255B9862726F9/CE9255B9862726F9.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash a97d2d99e90d06c5a618362f592d9a00
d9b1f720f95adf9f5599d92fc97ac66dc7e0f926
4aefa43bdf03c874c6f97cace323012c086fd59705e21d58d2db7844deee37ba
GET /20221109/CE9255B9862726F9/CE9255B9862726F9.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 7339
Last-Modified: Thu, 17 Nov 2022 04:20:58 GMT
Connection: keep-alive
ETag: "6375b6aa-1cab"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg
5.180.83.41200 OK 9.7 kB URL HTTP/1.1 pic1.semaobf1.com/20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash dfaa7f3b897f22e3c766cb9e55b8293d
175bd2fd56bb5bb451231c8b54bead1068233d58
d0e9b9575044f14dfb9fd50c4b70bd4a0e4a835f9b0e2e74e34f4dd469be6c98
GET /20221109/A06D19082C0DBDD6/A06D19082C0DBDD6.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 9654
Last-Modified: Thu, 17 Nov 2022 04:16:43 GMT
Connection: keep-alive
ETag: "6375b5ab-25b6"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg
5.180.83.41200 OK 7.4 kB URL HTTP/1.1 pic1.semaobf1.com/20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash fd5b97445180679fb83eebae2659b311
ac42603208314138243b5e0ac05a01d3fe171b2d
c2de15a414701cb5ff6c76d5f22c2e7621603b9d1c4dcb16af5b3a627ef26add
GET /20221110/392BA37CE6480A5C/392BA37CE6480A5C.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 7378
Last-Modified: Fri, 18 Nov 2022 04:53:35 GMT
Connection: keep-alive
ETag: "63770fcf-1cd2"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg
5.180.83.41200 OK 8.6 kB URL HTTP/1.1 pic1.semaobf1.com/20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 480x331, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 2c3e1fe9d1cf7bb86c8f05afb083e5a0
c2456c681d42ae0a2cd540d7cdc9716ad62da541
c1468065679186706809c84875114163cfb9f59cdcdc563eea7acf97bb5e34b7
GET /20221108/12F2E2EFA96877D1/12F2E2EFA96877D1.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 8641
Last-Modified: Wed, 16 Nov 2022 04:25:53 GMT
Connection: keep-alive
ETag: "63746651-21c1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public
104.18.2.36200 OK 96 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 053613ae3a2a211b79d2b4894275add4
54b82daa9cf29085ed88b303aca50b601893f39d
92a46fbd82ab22e9ce57f7759be78dcb1d09a0b0c22fbdfd5c20bf52063a2c55
GET /PZ5Nnb5z4TfMFnFORJSOeg/d7f4f233-0ec9-425c-758f-dcf37d7a6400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 95610
cf-ray: 776407fbfeeeb524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfVzg5_s7MyEj1XjB5P1mATv4D8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-images: internal=ok/- q=0 n=497 c=2+96 v=2022.11.1 l=95610
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public
104.18.2.36200 OK 7.4 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 320x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11160886e51f2998d748e78a37a7345d
8593db2f6150aa1452b17895f63e581bc5c756d0
f419bc635485ddea94a7328ad68eb1ea0fd85fc0945d1c06dd03376a4ffcbf57
GET /PZ5Nnb5z4TfMFnFORJSOeg/e0921234-c4a9-4c2c-e9f8-9edc9c41ee00/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 7368
cf-ray: 776407fbfef0b524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cf_h4xif-eJHbyMHpkLNIY5i538dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:86,h2pri
cf-images: internal=ok/- q=0 n=478 c=0+9 v=2022.11.1 l=7368
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/xx2.js
156.251.146.196200 OK 178 kB URL HTTP/2 xb3.hadhd.com/template/web/xx2.js
IP 156.251.146.196:0
Size 178 kB (178315 bytes)
Hash 7f55d9aced92511c53febad1285e32bf
09c94c8b05d4eb689edcf1a7df91bd4155afd1e9
4e7349124cf08ca96139dc5324a0cb5af77164c3b4c03dadd734a5a48e6f6b5f
GET /template/web/xx2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:10:57 GMT
vary: Accept-Encoding
etag: W/"639171e1-687"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/app2.js
156.251.146.196200 OK 14 kB URL HTTP/2 xb3.hadhd.com/template/web/app2.js
IP 156.251.146.196:0
Hash 214f725bab41d7125304a33c5dc2433a
e66e2f6aadd008a07b847c07333e1de9f58b3d96
622005289ed75b046e75e9858312f7c4d48a6fc3bc2b6d4cd798bb6110e0df09
GET /template/web/app2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:09:14 GMT
vary: Accept-Encoding
etag: W/"6391717a-437"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
xb3.hadhd.com/template/web/dipiao.js
156.251.146.196200 OK 1.5 kB URL HTTP/2 xb3.hadhd.com/template/web/dipiao.js
IP 156.251.146.196:0
Hash d401ff9662db99d81788dbfd9eff5f54
f47400e0db0d21d94586a135513c3149d5109a7e
b6cb93612742ddc8016bb29ade1599f36a7702c558483a4607a3f0fca8e06f67
GET /template/web/dipiao.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 14:24:29 GMT
vary: Accept-Encoding
etag: W/"62810d1d-81a"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
pic1.semaobf1.com/20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg
5.180.83.41200 OK 22 kB URL HTTP/1.1 pic1.semaobf1.com/20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 2efe545cedfe5d5651f61b7f9f7af668
197a72e40a5016b5bb65988530812c2334363338
c469365aab6840fbf67b51d1300b6279e6ac29b795366e3a20c2f48d0c0b3b4e
GET /20221108/41CD33B0029A55C9/41CD33B0029A55C9.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 22168
Last-Modified: Wed, 16 Nov 2022 04:25:54 GMT
Connection: keep-alive
ETag: "63746652-5698"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg
5.180.83.41200 OK 12 kB URL HTTP/1.1 pic1.semaobf1.com/20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash df1cb4568f34c6573bde72c8528d212f
ea7ceab4de5d2959ef6c3996dde5b2ea49e97a73
0d4800b81acdb1487f633f7ca690ae23ffd86d1aede4a690cf17d1104d181d50
GET /20221106/A9097817FE39EB0C/A9097817FE39EB0C.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 11902
Last-Modified: Mon, 14 Nov 2022 08:29:54 GMT
Connection: keep-alive
ETag: "6371fc82-2e7e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221107/B953184976498753/B953184976498753.jpg
5.180.83.41200 OK 12 kB URL HTTP/1.1 pic1.semaobf1.com/20221107/B953184976498753/B953184976498753.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 6a9e93ebfdbaa499e379742e48805b74
081bbf14cd0a8e07352df2054b2bb247a156d2e7
ac6ab1fd755ee5914e1b3e59829fc57c931fded4304333644f41a47254ead193
GET /20221107/B953184976498753/B953184976498753.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 12211
Last-Modified: Tue, 15 Nov 2022 04:28:07 GMT
Connection: keep-alive
ETag: "63731557-2fb3"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg
5.180.83.41200 OK 15 kB URL HTTP/1.1 pic1.semaobf1.com/20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 435f29693fe11b165bdba845e584f02c
bd447f2cbc5e876adeb64da6fca571beb9290203
1e22835f13014b24ab5cc80f4229ee2119270b5fe909efb48f18cee3b30484bf
GET /20221106/60887D8B11EFFEEA/60887D8B11EFFEEA.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 14700
Last-Modified: Mon, 14 Nov 2022 08:29:48 GMT
Connection: keep-alive
ETag: "6371fc7c-396c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
pic1.semaobf1.com/20221107/1846E8B201CAB214/1846E8B201CAB214.jpg
5.180.83.41200 OK 13 kB URL HTTP/1.1 pic1.semaobf1.com/20221107/1846E8B201CAB214/1846E8B201CAB214.jpg
IP 5.180.83.41:0
ASN #61317 Ipxo Uk Limited
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 8a25f25a235e9067394057fec2b6f009
3b5ef9001bc0df81dcdc3f8424a71674c1a4b865
c369b554b7fdf7c07846ceef2e9e411a93a0caa83b27b84bb853bf5343cd4502
GET /20221107/1846E8B201CAB214/1846E8B201CAB214.jpg HTTP/1.1
Host: pic1.semaobf1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:00 GMT
Content-Type: image/jpeg
Content-Length: 12631
Last-Modified: Tue, 15 Nov 2022 04:27:02 GMT
Connection: keep-alive
ETag: "63731516-3157"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/3f0957c0-5294-4ee3-6e9c-814a3b345000/public
104.18.2.36200 OK 375 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/3f0957c0-5294-4ee3-6e9c-814a3b345000/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 375 kB (374632 bytes)
Hash d63a3555e5be6447fee4b71ab41cb4e8
3899a39cd51df5c53160038da28dcf48dd1433ac
46c1fc7c0d09d2e2490190550fde2fc5b525065d5f5bcff8ca5b218eff3a19ff
GET /PZ5Nnb5z4TfMFnFORJSOeg/3f0957c0-5294-4ee3-6e9c-814a3b345000/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 374632
cf-ray: 776407fc0f11b524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cf7NPAYhs3yfOrI7U9r9g3D4wm8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=5 n=46 c=40+520 v=2022.11.7 l=374632
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/7a51123e-7617-485a-9d78-9e9f73874700/public
104.18.2.36200 OK 504 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/7a51123e-7617-485a-9d78-9e9f73874700/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 504 kB (504108 bytes)
Hash 35b7af93c335d22a4c06dd6095b8639b
bbddde4426a9c1ac8bd31c10d25efb7d8d86a6eb
21a4daa2df9992043835fc0d577a9e2409d03a8533c315218debaa8235d0a9f7
GET /PZ5Nnb5z4TfMFnFORJSOeg/7a51123e-7617-485a-9d78-9e9f73874700/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 504108
cf-ray: 776407fbfef2b524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfRKuKfZC5-BSWZZpDJCyN8odH8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=3 n=1067 c=42+557 v=2022.11.4 l=504108
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public
104.18.2.36200 OK 804 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 804 kB (803788 bytes)
Hash 87d94a746164e73df553f2d1a92ebb40
8a04cb8f923367453b77415f3a31d640d9e4128f
2b70b6312d229b98ba9b7d3b35a3d68619e3247694deeb313f33fe525f9579a0
GET /PZ5Nnb5z4TfMFnFORJSOeg/bb83b3c4-440f-4cf8-9b48-862b0d393a00/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 803788
cf-ray: 776407fc0effb524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfODn44PiZEjmlREkSsNcP6IgH8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=1 n=692 c=54+1015 v=2022.11.7 l=803788
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bf10effd-59bd-4dad-1bd6-8e0ed5ce3400/public
104.18.2.36200 OK 667 kB URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/bf10effd-59bd-4dad-1bd6-8e0ed5ce3400/public
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 667 kB (667402 bytes)
Hash 43b505df2d69f8aa4ec7e26e086ccd65
477a52d16c98aac6b36ec205053b07b9b143be25
46f671f1acfe776a6f35b8058cb924aa3cbb484344c72a0eb0f41393c479de74
GET /PZ5Nnb5z4TfMFnFORJSOeg/bf10effd-59bd-4dad-1bd6-8e0ed5ce3400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 667402
cf-ray: 776407fc5f63b524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfP99lyPkrNo2y7P_pHd6Mf0fW8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=24 c=34+1096 v=2022.11.7 l=667402
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
ttzytp3.com/upload/vod/20221207-1/2af164f60d7f8dc40aa9bbffb5e6612a.jpg
23.224.136.188200 OK 20 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/2af164f60d7f8dc40aa9bbffb5e6612a.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 384x216, components 3\012- data
Hash 55e31be7fb6334795cb3748025942a79
e5cf292201b14afcce5d5fe391b209b95d1063d0
91c6cc673860d0a1075f1459a34d71064b7db73eb961f47702a5dd7afcee21d8
GET /upload/vod/20221207-1/2af164f60d7f8dc40aa9bbffb5e6612a.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 20229
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:38 GMT
ETag: "6390a6d6-4f05"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/20be463747e6b843d62fc0c365c1e045.jpg
23.224.136.188200 OK 27 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/20be463747e6b843d62fc0c365c1e045.jpg
IP 23.224.136.188:0
File type JPEG image data, baseline, precision 8, 368x640, components 3\012- data
Hash a7033140cca75a9ddb72ce996848e813
51e3004be029af6d3ca5adb7e322035f76469441
1531fc9ea09004bb450a026314331c70bc724a0a530591afd2ba69d5f384e651
GET /upload/vod/20221207-1/20be463747e6b843d62fc0c365c1e045.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 26712
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:45:00 GMT
ETag: "6390a6ec-6858"
Accept-Ranges: bytes
xb3.hadhd.com/template/web/app.js
156.251.146.196200 OK 29 kB URL HTTP/2 xb3.hadhd.com/template/web/app.js
IP 156.251.146.196:0
Hash d05188f64115402f0bd4200bfefc1524
5f04fa9490be1a12061502b397d7f993a3d3c5e6
94f53a69c58e5806574606b7adadd0c9d8d9603af831184a982700be52112e9e
GET /template/web/app.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:08:58 GMT
vary: Accept-Encoding
etag: W/"6391716a-2487"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d754caa1ded6f9231b58a821d27e1e9
5ce8a9445bbad67d4fd6b96b2e5fad798466fc0c
20eeef4cf0067017e0a74908d8eda0ac8d5012a1e67b48183e957d3d8675c52c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2954
Cache-Control: max-age=147396
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: "63912d71-116"
Expires: Sat, 10 Dec 2022 01:08:11 GMT
Last-Modified: Thu, 08 Dec 2022 00:18:57 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a7e5aefada1afb3b458e2d9afd08e397
49a08bc985fdc5c838db4420cd04b563fd2846fc
6abe1734141100a5b62c667e5ede51242f007fad0c0a11f7e528695386f6fee7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6ABE1734141100A5B62C667E5EDE51242F007FAD0C0A11F7E528695386F6FEE7"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Thu, 08 Dec 2022 14:11:00 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
xb3.hadhd.com/template/web/dh1.js
156.251.146.196200 OK 323 kB URL HTTP/2 xb3.hadhd.com/template/web/dh1.js
IP 156.251.146.196:0
Size 323 kB (322988 bytes)
Hash d04b42953c26070b3e40c99f417ee1fd
706dad3b2c289c5d4b81ffec0ed8a946ae3d6327
3a5b3e434ef37bcf7ed39d246d83ef795e4011f63d5f9c166b18703139736c79
GET /template/web/dh1.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:10:09 GMT
vary: Accept-Encoding
etag: W/"639171b1-1285"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/36feda9d2b3147f11be821750f7d01de.jpg
23.224.136.188200 OK 78 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/36feda9d2b3147f11be821750f7d01de.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Lavc59.3.102", baseline, precision 8, 680x453, components 3\012- data
Hash c44660d66181be86a6f12a27113baeb7
f088a86b2d9f0a22ed76128f3a63011f39a04a90
37abb1b2204954b9bcdabed66b166deac35f8437c7656628c199ea4f302a6d85
GET /upload/vod/20221207-1/36feda9d2b3147f11be821750f7d01de.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 78435
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:25 GMT
ETag: "6390a6c9-13263"
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a7734a38de27975a782c9c9695d19450
b3f18ffd932b092807af03c04d25984234be6bf0
e40a8676b06c332499884deb06cf79c7c0784ab786858142ad01b76e5f1ad6bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E40A8676B06C332499884DEB06CF79C7C0784AB786858142AD01B76E5F1AD6BF"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=376
Expires: Thu, 08 Dec 2022 08:17:51 GMT
Date: Thu, 08 Dec 2022 08:11:35 GMT
Connection: keep-alive
xb3.hadhd.com/template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff
156.251.146.196404 Not Found 146 B URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff
IP 156.251.146.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/meizhuama/fonts/1e500f419c3a4f24a89cb2dddf17de88.woff HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
xb3.hadhd.com/template/meizhuama/images/video-play.png
156.251.146.196200 OK 1.6 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/images/video-play.png
IP 156.251.146.196:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
GET /template/meizhuama/images/video-play.png HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 06 Mar 2022 14:17:50 GMT
etag: "6224c28e-61f"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/k4.gif
156.251.146.196200 OK 114 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k4.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 114 kB (114030 bytes)
Hash 79cf722c45cb4e5b3e7da0cfff829c98
71558743109d39b3163e3e873111641615c6f80c
37336e1d469f511d19c69cd7e3576ef2665204c7304e0b8dd2ec051dd78309e3
GET /template/web/GG/k4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 114030
last-modified: Fri, 27 May 2022 05:30:56 GMT
etag: "62906210-1bd6e"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/zxbf.js
156.251.146.196200 OK 900 B URL HTTP/2 xb3.hadhd.com/template/web/zxbf.js
IP 156.251.146.196:0
Hash 7725fda520366dd0dbac63361f985f05
ec0a6f0887a2bd3b5499bf43cdc7f9a2732def54
5591a0a7e9b952e3cec44eff54209be15b74a52b95077be5b59e75055fae26b6
GET /template/web/zxbf.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:12:13 GMT
vary: Accept-Encoding
etag: W/"6391722d-1328"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/77c5615594525fe55aa267b4b5a0f497.jpg
23.224.136.188200 OK 18 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/77c5615594525fe55aa267b4b5a0f497.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 385x234, components 3\012- data
Hash beb9eee39e61a74ffadb06772d687929
7857cd5c761c95bf5c2137b2ec1f30766a43a9a0
e82890755a421fc0469367a8252bee6b62acba1b89056a90ff651c6a39bc4466
GET /upload/vod/20221207-1/77c5615594525fe55aa267b4b5a0f497.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 18478
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:55 GMT
ETag: "6390a6e7-482e"
Accept-Ranges: bytes
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 3eb14893f6d859b247ab4ecca0c77749
513286c85d5a464e458ece3e81769b73b0acb59a
a778e1a20877bdf68a96dacc5200421ebd50da812f9f6c22f77ead823ea90f21
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 12 Dec 2022 07:05:55 GMT
ETag: "513286c85d5a464e458ece3e81769b73b0acb59a"
Last-Modified: Thu, 08 Dec 2022 07:05:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2707
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776407fec9731c16-OSL
xb3.hadhd.com/template/web/xx3.js
156.251.146.196200 OK 835 B URL HTTP/2 xb3.hadhd.com/template/web/xx3.js
IP 156.251.146.196:0
Hash e273133286d0b3553d2bb29f7d985058
dd4dbeff7741d5b33f3ebb1c3b6e35644ca09558
bbed79590fda347d0287b72bdeaf2217d9517da38024662d5ccac421053b635a
GET /template/web/xx3.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 17:13:47 GMT
vary: Accept-Encoding
etag: W/"638f784b-9fe"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/667f37a1dc01bed52c33c18be58c2115.jpg
23.224.136.188200 OK 112 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/667f37a1dc01bed52c33c18be58c2115.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x707, components 3\012- data
Size 112 kB (112457 bytes)
Hash 7459a5f82a069cd4915679839ae19db9
ca17f9dc0cbf0791f2e70217310d10428d914d0b
2ab90ecc1e0572a4d4fc2d7f7332f5bb2865c778c373ada2f6277c8533210775
GET /upload/vod/20221207-1/667f37a1dc01bed52c33c18be58c2115.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 112457
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:45:02 GMT
ETag: "6390a6ee-1b749"
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c166fb1b4c52b924d15e8e81381c94
e95cbd153b62cf8ed2896c0dd9892fc7699df2be
b7dd35c1c8b6f65cf23004a052cc628550ac56b45d602e5401d6c1fd2c0d7f11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7DD35C1C8B6F65CF23004A052CC628550AC56B45D602E5401D6C1FD2C0D7F11"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12680
Expires: Thu, 08 Dec 2022 11:42:56 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221207-1/bdc6e426fb78c3e15da6f43e29244424.jpg
23.224.136.188200 OK 21 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/bdc6e426fb78c3e15da6f43e29244424.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 480x360, components 3\012- data
Hash e68db146304d91350ef16f5f815320f5
e7669ce32b47250329d73221887189d9a59c8a4d
b5d6c9a5de40b90499c3b55d52b33425aeeb206169204886d019e432b0e2437b
GET /upload/vod/20221207-1/bdc6e426fb78c3e15da6f43e29244424.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 21294
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:46:29 GMT
ETag: "6390a745-532e"
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 58448d1c6d37b45ad81a6891626c365e
e1d43fe1c56712760426565bab6605db742f80eb
cf8ba4dd20076bb765cbde88d2dc2357d7e939124b997f50d1be5118c6ca32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF8BA4DD20076BB765CBDE88D2DC2357D7E939124B997F50D1BE5118C6CA32E4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21545
Expires: Thu, 08 Dec 2022 14:10:41 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0e70727d9d7f94866fbf0061af1c8d0e
82b4e5a2380ff32edb5040c8137c3f3582d27c10
b7aa92efa9128ce649bc66ae06ad60724cd6a3f16273c49f80a292d3e90efe68
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B7AA92EFA9128CE649BC66AE06AD60724CD6A3F16273C49F80A292D3E90EFE68"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21546
Expires: Thu, 08 Dec 2022 14:10:42 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 2cb9dc129b0fcb39a9ea3ca09020e72a
6dc0f5b65934e8cece74a10ae184eb5ec0791ae2
85470dbd10d8d27bcd2c5ae58962478411ebab82a4b36aafd8933f9d17762671
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124306
Date: Thu, 08 Dec 2022 08:11:36 GMT
Etag: "6390deca-1d7"
Expires: Fri, 09 Dec 2022 18:43:22 GMT
Last-Modified: Wed, 07 Dec 2022 18:43:22 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EMIPFTgLYeDoJdbiRs8MMBQFFZ_nk7jeS2-jurRf5Yf1RRjtXp5d2A==
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a5986076dc722e98c800ae066215210e
df551311c18d2ceef69a5b5c85f522be3ddd7602
86986031a4eaa84af997d8b6ad6712db37f5ab57262fb6e8ba162c84752e7c46
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86986031A4EAA84AF997D8B6AD6712DB37F5AB57262FB6E8BA162C84752E7C46"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Dec 2022 14:11:36 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221207-1/24ecf3e4109ac8ef260c5252b79b87c4.jpg
23.224.136.188200 OK 103 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/24ecf3e4109ac8ef260c5252b79b87c4.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Software: Snipaste", baseline, precision 8, 987x548, components 3\012- data
Size 103 kB (103032 bytes)
Hash ad24aa049540b0b5a830be07b10f8806
e3fe15de07158f844d0ff57279a36fc4d194e117
9b393b5e6cc1dbe13bdebca568706056dbf1fa6af46e2d5e3e87281e8d12646d
GET /upload/vod/20221207-1/24ecf3e4109ac8ef260c5252b79b87c4.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 103032
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:46:29 GMT
ETag: "6390a745-19278"
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 17375bab7960ae74291dad56bffcb477
50df089839267384ddb1a2b05d49f6b12d4d06fc
ae728c6a6634fe25b4dbcb78ebcadc94c7962277b361b23b655fa46d95590d7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE728C6A6634FE25B4DBCB78EBCADC94C7962277B361B23B655FA46D95590D7C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21584
Expires: Thu, 08 Dec 2022 14:11:20 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
hm.baidu.com/hm.js?1f1fc0976934b3c98a8d2495b7812387
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?1f1fc0976934b3c98a8d2495b7812387
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 14ce5b42c4cf71d1d4d1f7f67db21809
e2183b8c20ca7c57f35669a9f3a310e48cee0959
2fa3047e951a29cb0cb3f578ef0a290fb0bc93554bc1dec66b74ca00839db328
GET /hm.js?1f1fc0976934b3c98a8d2495b7812387 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: 07571a344453adcba7d44cd4e8e767b5
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=850E1AF29A3B3898; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 471b977fb42d81b249bc41e62de11c54
46632e602cf5ec98e8d5a2f42644f34f1a8f5f8f
c4467ad38b67a483ac8acd1843f902da78e748718692044cfbfce716aafcb19f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C4467AD38B67A483AC8ACD1843F902DA78E748718692044CFBFCE716AAFCB19F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19254
Expires: Thu, 08 Dec 2022 13:32:30 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
xb3.hadhd.com/template/web/xx1.js
156.251.146.196200 OK 829 B URL HTTP/2 xb3.hadhd.com/template/web/xx1.js
IP 156.251.146.196:0
Hash 3f2c3fdd6dd70f5aec14ef60c8bc35bf
c39347b8addc7834a1bf809733efe06e222e5223
dc277f35f950ca7f17e6576b442a2e65fa2100782790e7066cb683d7c524b6de
GET /template/web/xx1.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 17:13:49 GMT
vary: Accept-Encoding
etag: W/"638f784d-9ec"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0e70727d9d7f94866fbf0061af1c8d0e
82b4e5a2380ff32edb5040c8137c3f3582d27c10
b7aa92efa9128ce649bc66ae06ad60724cd6a3f16273c49f80a292d3e90efe68
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B7AA92EFA9128CE649BC66AE06AD60724CD6A3F16273C49F80A292D3E90EFE68"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21546
Expires: Thu, 08 Dec 2022 14:10:42 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
xb3.hadhd.com/template/meizhuama/css/zui.css
156.251.146.196200 OK 23 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/css/zui.css
IP 156.251.146.196:0
Hash ff756efc9355162472fdbd20bb39cc1d
d8e11329a0ea88f234bd921bf1ab18d1c2383ab5
386fd20907b7c7261a0a6dbffdad4447c6aaa5345e7d64081e38d6973d4e3111
GET /template/meizhuama/css/zui.css HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: text/css
last-modified: Tue, 03 May 2022 06:22:50 GMT
vary: Accept-Encoding
etag: W/"6270ca3a-18ca0"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/024a97ee15c553405aa6636f1e1de274.jpg
23.224.136.188200 OK 794 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/024a97ee15c553405aa6636f1e1de274.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2160x1280, components 3\012- data
Size 794 kB (793788 bytes)
Hash 1b8e50b7d919ec965f09bb5b56eb56da
d05f5bca5e7748e45de531d2abe2d1840df9b953
96e4e88624f9ed64e12cccf398380a4de5227664b7d06c892468acfa981a524f
GET /upload/vod/20221207-1/024a97ee15c553405aa6636f1e1de274.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 793788
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:24 GMT
ETag: "6390a6c8-c1cbc"
Accept-Ranges: bytes
max009.top/4f5ca562874d2b77c6c37263e48db5c6.gif
104.21.235.60200 OK 845 kB URL HTTP/2 max009.top/4f5ca562874d2b77c6c37263e48db5c6.gif
IP 104.21.235.60:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 845 kB (845326 bytes)
Hash c3e13dfb200737af2e68b42c07f28465
4d8262aecd8d789494afca5d63b5dd50600870dc
3e962d14b678808967d50df163581b65c6052144cb6239d72da58cceb7bf04ac
GET /4f5ca562874d2b77c6c37263e48db5c6.gif HTTP/1.1
Host: max009.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 845326
last-modified: Sat, 01 Oct 2022 05:25:56 GMT
etag: "6337cf64-ce60e"
expires: Thu, 29 Dec 2022 10:59:35 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 767521
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBRZhGxHb63RIMx99VNZ%2Fp%2FznnE4aZ4hPSbEdMGg1mESN3Irloibtp9QpBosA40mII4VcOfJd8duvzRO%2BqojQTXTiwNEKR5cftBH0UkWSIFQUIDymR9V2Hm5B6uc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776408000eab8885-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/a87003087bc805059354bc781eb35d68.jpg
23.224.136.188200 OK 654 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/a87003087bc805059354bc781eb35d68.jpg
IP 23.224.136.188:0
File type PNG image data, 721 x 1271, 8-bit/color RGB, non-interlaced\012- data
Size 654 kB (653800 bytes)
Hash 7423b60067ff4b4daa14c27724c437df
ddcc15278e120f377010e1aa8039bd138bec45c0
b147deda21b606ccff11e893cc389b75aabae6862b78f465f77ef9cf1cff9395
GET /upload/vod/20221207-1/a87003087bc805059354bc781eb35d68.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 653800
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:45:00 GMT
ETag: "6390a6ec-9f9e8"
Accept-Ranges: bytes
kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kzerr.com/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kzerr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: text/html
content-length: 162
location: https://kvhooo.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 471b977fb42d81b249bc41e62de11c54
46632e602cf5ec98e8d5a2f42644f34f1a8f5f8f
c4467ad38b67a483ac8acd1843f902da78e748718692044cfbfce716aafcb19f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C4467AD38B67A483AC8ACD1843F902DA78E748718692044CFBFCE716AAFCB19F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19254
Expires: Thu, 08 Dec 2022 13:32:30 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221207-1/b76b7ad2553143026c6be87fbe94d1c5.jpg
23.224.136.188200 OK 9.3 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/b76b7ad2553143026c6be87fbe94d1c5.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 117x88, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash a8109bf81dc8ec2a0b8549379b8486f7
486b13df4945b61c3a6306b1dbcb3b11e881447a
25fb3ffbd00d133e21defde20f185ac22478c5654ed092eea883084d96efd2f9
GET /upload/vod/20221207-1/b76b7ad2553143026c6be87fbe94d1c5.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 9281
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:25 GMT
ETag: "6390a6c9-2441"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/14244c712646342bb2500e2e57bf70b9.jpg
23.224.136.188200 OK 286 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/14244c712646342bb2500e2e57bf70b9.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1632x960, components 3\012- data
Size 286 kB (286527 bytes)
Hash 6a8f9edfa0616311f42f5e77119bbbbf
f49981c031db14b420ed1bb2e37baf9dcc75d371
fb54a0592c7522bd1af07297e1b15291e1d598ef44fa22615dd53a37b71638bc
GET /upload/vod/20221207-1/14244c712646342bb2500e2e57bf70b9.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:35 GMT
Content-Type: image/jpeg
Content-Length: 286527
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:55 GMT
ETag: "6390a6e7-45f3f"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/3d692be78c5a252c9d033b51d84a2a13.jpg
23.224.136.188200 OK 146 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/3d692be78c5a252c9d033b51d84a2a13.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", progressive, precision 8, 800x600, components 3\012- data
Size 146 kB (145816 bytes)
Hash 6e6eaa8b922c8262cb87840a7bf59c90
6f0bd77b4b7d107f4c46d6117fa0c12d2bce06f1
0d20a994f4aa0842cdf5a53db931d5d83f79156cad286af4e35323a3612a2207
GET /upload/vod/20221207-1/3d692be78c5a252c9d033b51d84a2a13.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 145816
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:46:28 GMT
ETag: "6390a744-23998"
Accept-Ranges: bytes
kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
104.21.235.62200 OK 902 kB URL HTTP/2 kvtddd.top/ec9fcd758df74f805f29f72e8545d13b.gif
IP 104.21.235.62:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 902 kB (902313 bytes)
Hash 8b4a95ea7cfbb7fb4d2b18efca5145f3
d2966ecbeb7369620cce5dbcd15d0fe591d79648
dd5ff25f4d6931bd3d2ef86c1a8901853ee2503fd2d6edb264a61abb37c2b002
GET /ec9fcd758df74f805f29f72e8545d13b.gif HTTP/1.1
Host: kvtddd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 902313
last-modified: Sat, 12 Mar 2022 15:17:28 GMT
etag: "622cb988-dc4a9"
expires: Tue, 03 Jan 2023 22:59:03 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 292353
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgPpFDF21GAHe1b0tet9JCe5qlT%2BHgh1xT6F3go%2BRbXayA8p92Sf8F9wXByGr2lHdUBPXD8nyV0nEsEmIJTybO%2FI55zvoe5NmAE1gWeaGtq3GB%2FvCXwZrlJRyZUX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77640800a906dcff-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?35d04a7d0ada2b49f1c51725fde2aae6
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?35d04a7d0ada2b49f1c51725fde2aae6
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 12991901a4f97beeef74a16ff3a1259e
2b583b9a5a8802af8e98d26ccfbd88cffdb2a9e1
fcbd2423eafe774c69f935267209095db096d52f7eacc5f19a92d9f8b7a834cc
GET /hm.js?35d04a7d0ada2b49f1c51725fde2aae6 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Thu, 08 Dec 2022 08:11:35 GMT
Etag: c9b55d18f229e985cbcf6aaae0f40863
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=795AAB17146AF0A9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0ee82551b9b3527e5afa3b04e0e650af
4889606f3f917edc36de8384503109fadf07852e
da227c659bb7cc4601a2388cd393a61c687e1adf82590840f99d7b568c3427f0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "DA227C659BB7CC4601A2388CD393A61C687E1ADF82590840F99D7B568C3427F0"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12609
Expires: Thu, 08 Dec 2022 11:41:45 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
18.155.68.9200 OK 65 kB URL HTTP/1.1 kvevv.com/47fc3dfa6dab926d04bc8c0e76b89995.gif
IP 18.155.68.9:0
File type GIF image data, version 89a, 960 x 60\012- data
Hash 514c48163ce5b65fb6bf16d8578b478b
6c21c2f7fd18259458573225fbfdf80cd27b6bac
045b14c655e54a2b1c3bef56f95352d2bb6b794889c746985ec51ef03578cb52
GET /47fc3dfa6dab926d04bc8c0e76b89995.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 65414
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:07:51 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 07 Dec 2022 10:42:49 GMT
ETag: "514c48163ce5b65fb6bf16d8578b478b"
X-Cache: Hit from cloudfront
Via: 1.1 dff3fc94ddb54b32b708edf2668b23d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SIN52-P1
X-Amz-Cf-Id: o1B-O3q0rCvt3q4TmBgYrILESlxrMmtH86sQ0K41bYvlsikC05B1DQ==
Age: 77328
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1626263387&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1626263387&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1626263387&si=1f1fc0976934b3c98a8d2495b7812387&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 08 Dec 2022 08:11:36 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=1F13A2E576E01757; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ttzytp3.com/upload/vod/20221207-1/9c4db5274c9eed2cad5cae1ab62bb02b.jpg
23.224.136.188200 OK 91 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/9c4db5274c9eed2cad5cae1ab62bb02b.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", progressive, precision 8, 567x426, components 3\012- data
Hash 0c796c302bc53f1d15a7c07268f73871
b59b87eac3401100141771cc31267917961e074b
15b136bfb3bed80ffa705f6be0db122d817e31c0ad7c0c14075ae7e9cdd3021f
GET /upload/vod/20221207-1/9c4db5274c9eed2cad5cae1ab62bb02b.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 90963
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:24 GMT
ETag: "6390a6c8-16353"
Accept-Ranges: bytes
kvhooo.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
104.21.33.12200 OK 919 kB URL HTTP/2 kvhooo.top/6fb5deabda1e984b6bd49b2baa8dfa10.gif
IP 104.21.33.12:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 919 kB (918679 bytes)
Hash 956582dd3aa22ca9b19bdd1d5e091e24
c2d80e05f59981f6ed58a8231f502bd990894d6b
88e686882e64a0e199c79bd83b7102885b67242b5d0b49a1f37674c0bb3ddd8e
GET /6fb5deabda1e984b6bd49b2baa8dfa10.gif HTTP/1.1
Host: kvhooo.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 918679
last-modified: Thu, 01 Dec 2022 15:44:20 GMT
etag: "6388cbd4-e0497"
expires: Fri, 06 Jan 2023 16:58:34 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 54782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhCItwcMmJ00Uuu4OSm9WvsOMU7kYuSmqGCQBSXk0ls3JTiGRDMF4BR1JzAIqazau4NuHzP6GNCEftX2HV%2BWZkbdO1vUUkzHTWkNLjAKZkDWyOssNu%2B26apAj1KC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776408029dcab51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/e5ec5ae6c6fa346fa6c3a93035194b4f.jpg
23.224.136.188200 OK 8.4 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/e5ec5ae6c6fa346fa6c3a93035194b4f.jpg
IP 23.224.136.188:0
File type JPEG image data, baseline, precision 8, 320x240, components 3\012- data
Hash 0d5a9d4ba2d02cb74057d3c15e982c47
f1b81bbaade6f09402e7f5a0eba2fc40189f126b
bf9d1ddfb2df81c7d9fef58ec687bae4eadb5c257bdad39b1232e682e79887c3
GET /upload/vod/20221207-1/e5ec5ae6c6fa346fa6c3a93035194b4f.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 8380
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:23 GMT
ETag: "6390a6c7-20bc"
Accept-Ranges: bytes
ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
IP 216.58.211.3:0
Hash 75ddedf41fb3fce75fa910aa20e6980c
90a9557adb103aca8835a64a21d4754b05fd7c4b
aaf470e685c1bb53d153b0e195435d46017f3394d129a3ed329403a6e5680cf1
POST /s/gts1p5/6NFsAw0VKxk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ttzytp3.com/upload/vod/20221207-1/944690476d694987b2bae0705f41108e.jpg
23.224.136.188200 OK 7.2 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/944690476d694987b2bae0705f41108e.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 30x23, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 5f22178263cafc753dd5f8fa789d957d
6992050a420887f0e8524b0dd94a938643dd4dbf
66a3198c703f702b1b8f1f160cc52d87b51abc7330f338473e92c6ba5a42620c
GET /upload/vod/20221207-1/944690476d694987b2bae0705f41108e.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 7184
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:31 GMT
ETag: "6390a6cf-1c10"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/fe936897d6dc1ae886b3c6d61362cebe.jpg
23.224.136.188200 OK 8.4 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/fe936897d6dc1ae886b3c6d61362cebe.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 117x88, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 09b3e82f266de3fe463625fc083a7933
f67de0117d8550af8e7e55cba1835a55108f70b2
a79630c8d1ae9bb99c387d67c9980225d31f143b1b8a28a3944c8dbbe9a75b90
GET /upload/vod/20221207-1/fe936897d6dc1ae886b3c6d61362cebe.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 8418
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:31 GMT
ETag: "6390a6cf-20e2"
Accept-Ranges: bytes
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0ee82551b9b3527e5afa3b04e0e650af
4889606f3f917edc36de8384503109fadf07852e
da227c659bb7cc4601a2388cd393a61c687e1adf82590840f99d7b568c3427f0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "DA227C659BB7CC4601A2388CD393A61C687E1ADF82590840F99D7B568C3427F0"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12609
Expires: Thu, 08 Dec 2022 11:41:45 GMT
Date: Thu, 08 Dec 2022 08:11:36 GMT
Connection: keep-alive
ttzytp3.com/upload/vod/20221207-1/e8c286b63b49a879a6f513d4800e4c25.jpg
23.224.136.188200 OK 230 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/e8c286b63b49a879a6f513d4800e4c25.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2160x1280, components 3\012- data
Size 230 kB (229696 bytes)
Hash 900aaffc5a3d55a63306f6c1a7e57414
fced2bee092fc3f890ba02a4a239d671dab2740c
3882bd7e736f45ae3acb7ce8003c37af27024809551e04171b1fc651eb39217a
GET /upload/vod/20221207-1/e8c286b63b49a879a6f513d4800e4c25.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 229696
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:23 GMT
ETag: "6390a6c7-38140"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/14914696a80412e808fdeedbf9a0fabc.jpg
23.224.136.188200 OK 186 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/14914696a80412e808fdeedbf9a0fabc.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x536, components 3\012- data
Size 186 kB (185920 bytes)
Hash 6c64c7420b91eb15a1f79ef8871f791d
212ea13e8ee71bfaa4bb6ffc73b7374b13f1b8bb
09e6488d2650a1920c35fd9a70e275ee7a187ac1145162b1c6e163a1d2c9a472
GET /upload/vod/20221207-1/14914696a80412e808fdeedbf9a0fabc.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 185920
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:25 GMT
ETag: "6390a6c9-2d640"
Accept-Ranges: bytes
xb3.hadhd.com/template/web/GG/k14.gif
156.251.146.196200 OK 73 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k14.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 6ce732040d4d9750ef120f2a4221f362
f3114f09ed27718c62d54d6fbe08847421429a00
bf4e102a698f9d805b4d4209c8ca62ca20565344a8949d0efeedc6a720026c5b
GET /template/web/GG/k14.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 73223
last-modified: Sat, 28 May 2022 04:43:32 GMT
etag: "6291a874-11e07"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/d10.gif
156.251.146.196200 OK 119 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/d10.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 150 x 150\012- data
Size 119 kB (119145 bytes)
Hash 03611dd134898d951bd6479076eee32b
4aef7215e5d6206ededff3fff78d735064e6fbb5
9c3ea4fa33413bfe2175b5e9eac750617538bafe475a84367d0c6d693c75c076
GET /template/web/GG/d10.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 119145
last-modified: Sat, 23 Apr 2022 04:49:11 GMT
etag: "62638547-1d169"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 82a22b92f4541590a4efe64e006f2083
e5a4e0577f71d4eda920c173a903ee1718cd3df2
010476bc2706c3887542a4a450c5751c0be2c1efb78740792de98dc413e772f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:36 GMT
Etag: "6390f26f-117"
Server: ECS (amb/6BBE)
Content-Length: 279
max002.top/68a7807de3933bf7079116fa9df99e6f.gif
104.21.233.253200 OK 366 kB URL HTTP/2 max002.top/68a7807de3933bf7079116fa9df99e6f.gif
IP 104.21.233.253:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 366 kB (366444 bytes)
Hash 86371c51bf2086f3a40f0e438246b662
9da793de9c620485ee91b88413b256c69dc774c5
8155b44efd09301dca9ec4bdab8e3e6445d1564fe580edd5f7575c9289843ccf
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: max002.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Thu, 05 Jan 2023 08:34:06 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 171450
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27ToRqrkFlcqUx9IKAFaogyzfyHYdYyHsaWLi9nxxoSFjnKPU4MDQfG1%2BHAaEz2eEyDqVSMK%2Bmj1XckXMxK3o4BfKZu5E%2B6lOrM54z7tRM3kzEbzAtpBm3JcvWhP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776408032ad923c4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6NFsAw0VKxk
IP 216.58.211.3:0
Hash 75ddedf41fb3fce75fa910aa20e6980c
90a9557adb103aca8835a64a21d4754b05fd7c4b
aaf470e685c1bb53d153b0e195435d46017f3394d129a3ed329403a6e5680cf1
POST /s/gts1p5/6NFsAw0VKxk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 82a22b92f4541590a4efe64e006f2083
e5a4e0577f71d4eda920c173a903ee1718cd3df2
010476bc2706c3887542a4a450c5751c0be2c1efb78740792de98dc413e772f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:36 GMT
Etag: "6390f26f-117"
Last-Modified: Thu, 08 Dec 2022 08:11:36 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
ttzytp3.com/upload/vod/20221207-1/3f34fc16c3a4a7f6ef6b888ec41ba2ab.jpg
23.224.136.188200 OK 12 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/3f34fc16c3a4a7f6ef6b888ec41ba2ab.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash adb34be427387d2cc1ffe40c5e4547a2
6607abb183256881dc6bdfc80057411a954f2e52
1d1bb81e0069c53368bf54d07e85dd8c273a1f2997b0e322babea5db8e9691c9
GET /upload/vod/20221207-1/3f34fc16c3a4a7f6ef6b888ec41ba2ab.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 12025
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:30 GMT
ETag: "6390a6ce-2ef9"
Accept-Ranges: bytes
kvhuuu.top/d766f59de772a56dbe1bc6cf1d0027ad.gif
104.21.234.153200 OK 328 kB URL HTTP/2 kvhuuu.top/d766f59de772a56dbe1bc6cf1d0027ad.gif
IP 104.21.234.153:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 328 kB (328164 bytes)
Hash 27b3d7f9fb788c290c5025ee779a7a86
549f03a050418ee932de6ac04508c6a49668341a
8e40d3a5d0773e3f69da3851dc6adfd4920b109a0d349a6d97da76cdc00f4717
GET /d766f59de772a56dbe1bc6cf1d0027ad.gif HTTP/1.1
Host: kvhuuu.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xb3.hadhd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 328164
last-modified: Wed, 30 Nov 2022 09:05:08 GMT
etag: "63871cc4-501e4"
expires: Fri, 30 Dec 2022 09:37:17 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 686059
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGE6xPlaF83%2FVvk6Gr1VtNEHlZnYQ9T3I%2F4%2BbU0PC5qEuz8QkjxDXolMOCMyoKkWTTYJkkDuFzwHzB7AZyYFZP8kT9Pl35fDKPDUwvFq33DYLg8wj79fXUhstr5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776408039f4088a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/add4fc32427fa58d3e33a0e42781bae7.jpg
23.224.136.188200 OK 7.9 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/add4fc32427fa58d3e33a0e42781bae7.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash f5bff2d7da23b4847aa892e6b630d0fa
c601a0a955460f665c3c116a220f13d66e5fa391
14a89afaaa8db83ff0611349f0653ad4b6184e4cd8972e2cdd44acf46be27ca4
GET /upload/vod/20221207-1/add4fc32427fa58d3e33a0e42781bae7.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 7889
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:30 GMT
ETag: "6390a6ce-1ed1"
Accept-Ranges: bytes
ttzytp3.com/upload/vod/20221207-1/b9b1ef2a4de759d0751197ecfd76f57a.jpg
23.224.136.188200 OK 7.0 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/b9b1ef2a4de759d0751197ecfd76f57a.jpg
IP 23.224.136.188:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 320x240, components 3\012- data
Hash 987287dab162278495c61eb0e01a292c
3ec9e4a1f5cf50f9280b15468333f7bc406aea12
01d0764addc4e8e4eb9f648cbdd68b9ed0d77a15fc141d1082a1f64e3af683ce
GET /upload/vod/20221207-1/b9b1ef2a4de759d0751197ecfd76f57a.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 6965
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:30 GMT
ETag: "6390a6ce-1b35"
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1997423043&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1997423043&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=1997423043&si=35d04a7d0ada2b49f1c51725fde2aae6&su=http%3A%2F%2Fwww.vivigirl.net%2F&v=1.3.0&lv=1&sn=65481&r=0&ww=1268&u=https%3A%2F%2Fxb3.hadhd.com%2F&tt=%E5%91%B7%E5%93%BA%E8%B5%84%E6%BA%90%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 08 Dec 2022 08:11:36 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FB70B9667ED992F8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
xb3.hadhd.com/template/meizhuama/fonts/iconfont.woff
156.251.146.196200 OK 525 B URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/iconfont.woff
IP 156.251.146.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash f66ed8f90ffb0fc831098b7701d3ba8a
1bc63ccb714f1272c80b224aa8fd9da94914825d
6ccac1f3560824c5e11e27d1798e447cfc5a930e5824009d6b1cf8eb98e248de
GET /template/meizhuama/fonts/iconfont.woff HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: font/woff
content-length: 525
last-modified: Sun, 06 Mar 2022 14:12:36 GMT
etag: "6224c154-20d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/k1.gif
156.251.146.196200 OK 167 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/k1.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 167 kB (167104 bytes)
Hash 9387415ad469299bf6e3bb5c1bbc77e2
cc52974b6ed2239afbbd4088c675fceb0d75cd22
912ce0aceb7de66266542ec85454be033b0a285c975dd7fc8f0d43eecb8716ce
GET /template/web/GG/k1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 167104
last-modified: Fri, 27 May 2022 05:30:54 GMT
etag: "6290620e-28cc0"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/dh2.js
156.251.146.196200 OK 111 kB URL HTTP/2 xb3.hadhd.com/template/web/dh2.js
IP 156.251.146.196:0
Size 111 kB (111335 bytes)
Hash b503e55de4baa0979e52b45f46242ca3
b051e41142ceaa16f219782c142367cb25c56750
1f5c841ca12efa139279c9a10554c0add5e77c126e6bcfca7d0384e595b7cea1
GET /template/web/dh2.js HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 05:10:45 GMT
vary: Accept-Encoding
etag: W/"639171d5-16b7"
expires: Thu, 08 Dec 2022 20:11:35 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/dp1.gif
156.251.146.196200 OK 141 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp1.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 640 x 200\012- data
Size 141 kB (141174 bytes)
Hash 2846430b1663c942a9d2a92c559667cd
2b7d07a004fa13af572b8d5d6317594c1eee9eec
b1357936607e4478fa840a29b58e6714f0063f4a90e28571bd8c8be4e175d74e
GET /template/web/GG/dp1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 141174
last-modified: Mon, 25 Apr 2022 12:29:49 GMT
etag: "6266943d-22776"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/t2.gif
156.251.146.196200 OK 254 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/t2.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 254 kB (253670 bytes)
Hash bace60a0adc9bdd54f7c83058456a847
4867fd68497b7db5c4e5bbdde781cf098dbabd22
17a4f7b3d5caf413211515976326969951cc1bb9a3e32a9caa885fd6e3109368
GET /template/web/GG/t2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 253670
last-modified: Tue, 10 May 2022 09:20:01 GMT
etag: "627a2e41-3dee6"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ttzytp3.com/upload/vod/20221207-1/982b7c3119d759a24ddfa167b26938fd.jpg
23.224.136.188200 OK 314 kB URL HTTP/1.1 ttzytp3.com/upload/vod/20221207-1/982b7c3119d759a24ddfa167b26938fd.jpg
IP 23.224.136.188:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=394, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=700], baseline, precision 8, 700x394, components 3\012- data
Size 314 kB (314355 bytes)
Hash 155df89cdab4d37cbc1da404854a1f8d
0b5dc0a6ef20742007665a2a05945f58f21de316
43304c49796b4f2095e8082c7ed14fd1d4c916e7e3c025fa09b45b1e0c6983e7
GET /upload/vod/20221207-1/982b7c3119d759a24ddfa167b26938fd.jpg HTTP/1.1
Host: ttzytp3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/jpeg
Content-Length: 314355
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 14:44:30 GMT
ETag: "6390a6ce-4cbf3"
Accept-Ranges: bytes
xb3.hadhd.com/template/web/GG/122.gif
156.251.146.196200 OK 301 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/122.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 120 x 120\012- data
Size 301 kB (301024 bytes)
Hash 924fb352713ee10f6f4bce3167ccce13
127a437f7a5020f7e7c08b6c6465be55dcb32e0c
6e04c7ee887495ce8805d38b200ca217c28b5e83655f4e7f4e8f8f8e28b872bf
GET /template/web/GG/122.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 301024
last-modified: Wed, 09 Mar 2022 10:04:32 GMT
etag: "62287bb0-497e0"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/4.gif
156.251.146.196200 OK 279 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/4.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 200 x 113\012- data
Size 279 kB (279026 bytes)
Hash 42809e0a73309f01de7651ab3b712cb4
19a1658a10d4e8ca6831a824d4bccbb35dcbf113
da7e1e1332d196cde6cc3a7b9c758abb4493e9708799e7836551823dd399b13d
GET /template/web/GG/4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 279026
last-modified: Wed, 11 May 2022 08:12:44 GMT
etag: "627b6ffc-441f2"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/55.gif
156.251.146.196200 OK 834 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/55.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 140 x 206\012- data
Size 834 kB (834244 bytes)
Hash 3965598665b057b276ed86263c36f334
f8374496c56ad6cd140a9bd009b0637c8ce91a35
5efcea93fd0c2cb8059ea79144c6bfb6b094b5810e21cf6e2168ef51ac2fd36a
GET /template/web/GG/55.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 834244
last-modified: Wed, 11 May 2022 08:28:17 GMT
etag: "627b73a1-cbac4"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
kvevv.com/4b6dde2b3f39cee4956a18a192534906.gif
18.155.68.9200 OK 325 kB URL HTTP/1.1 kvevv.com/4b6dde2b3f39cee4956a18a192534906.gif
IP 18.155.68.9:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 325 kB (325185 bytes)
Hash f6abc830b4c6c36a82db7bc9c87d79db
deda6d00011a2f90e666ce239ce43139f8e8b2ef
eca7c8dc365cd60e9fc4076bce5e618d6cf1ed7176d2da027be2b23f065109a9
GET /4b6dde2b3f39cee4956a18a192534906.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 325185
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:06:14 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 07 Dec 2022 21:32:58 GMT
ETag: "f6abc830b4c6c36a82db7bc9c87d79db"
X-Cache: Hit from cloudfront
Via: 1.1 4efbd5b290462fbd5ee9b1de5f123e2a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SIN52-P1
X-Amz-Cf-Id: sdLyvs4BzVXJdozej-fzH0B03ieD3w43Zc6-1c6PZQrl4HbGf-T9tw==
Age: 38319
xb3.hadhd.com/template/web/GG/xx7.gif
156.251.146.196200 OK 360 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/xx7.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 360 kB (359977 bytes)
Hash 14950db3ed3afbd5ed56e866a5f42fcb
6872ddf2a12966c6a69eaffff2bf807034168ba7
2f9b3f10f9691fadd60822c131a5ce89679f0ce97792e90863d51320e1845e97
GET /template/web/GG/xx7.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 359977
last-modified: Sat, 19 Nov 2022 12:26:52 GMT
etag: "6378cb8c-57e29"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
gif.xjabre.net/GIF/GG.gif
172.247.31.99200 OK 103 kB URL HTTP/2 gif.xjabre.net/GIF/GG.gif
IP 172.247.31.99:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 103 kB (102652 bytes)
Hash 4ea87bf064b6a321a25be03966f1fe52
950e88121e18e47880340351cd8b435ef009dd16
1d1efeb6b9857e9d7ea6ec4c94154c0a61b3bcf9251108fe527adec84fbde332
GET /GIF/GG.gif HTTP/1.1
Host: gif.xjabre.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:36 GMT
content-type: image/gif
content-length: 102652
last-modified: Tue, 15 Nov 2022 06:13:56 GMT
etag: "63732e24-190fc"
expires: Sat, 07 Jan 2023 08:11:36 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/a13.gif
156.251.146.196200 OK 674 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/a13.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 393 x 262\012- data
Size 674 kB (673882 bytes)
Hash 8f0aa6d32c03c602b0480194b2efdf4a
a2dfc596103bf743c9cf389e2b7a481a8bbedc96
2a54a439ea081c5418030b63dd4e0f247ff7089b1d7ba67a0fe6e2abcf466658
GET /template/web/GG/a13.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 673882
last-modified: Mon, 20 Jun 2022 04:59:33 GMT
etag: "62affeb5-a485a"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/2.gif
156.251.146.196200 OK 620 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/2.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 300 x 200\012- data
Size 620 kB (620010 bytes)
Hash 8171edd386b6abd105c0ff0e740330d9
7914e2b95f29d65b0ffb8e6daf7f54dc14da0ae0
5044971fcc4e0c4837e7e586b858fba8257feeed88812253aa9ee2396915c40a
GET /template/web/GG/2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 620010
last-modified: Wed, 11 May 2022 08:12:37 GMT
etag: "627b6ff5-975ea"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/meizhuama/fonts/iconfont.ttf
156.251.146.196200 OK 1.2 kB URL HTTP/2 xb3.hadhd.com/template/meizhuama/fonts/iconfont.ttf
IP 156.251.146.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 8363acaeab9cbb099b59b78a44127ca6
aef448ce5500e3734059ec285cf6ec0b547075f2
9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
GET /template/meizhuama/fonts/iconfont.ttf HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/template/meizhuama/css/zui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:37 GMT
content-type: application/octet-stream
content-length: 1163
last-modified: Sun, 06 Mar 2022 14:17:48 GMT
etag: "6224c28c-48b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 59197cb90b5ac4e2398f65750b174b4f
b6c5f24962eb176b5cbbdca3605d5b161bb2b502
76b78eaca33cee806a59d70b3153f950c9634fdd045bee842b9a9549d265fc3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:11:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 18:28:35 GMT
Expires: Wed, 14 Dec 2022 18:28:34 GMT
Etag: "b6c5f24962eb176b5cbbdca3605d5b161bb2b502"
Cache-Control: max-age=554816,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776408055996b4fd-OSL
xb3.hadhd.com/template/web/GG/xxx1.gif
156.251.146.196200 OK 553 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/xxx1.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 200 x 252\012- data
Size 553 kB (552798 bytes)
Hash 91d07389688e8efa64691b2e60121992
7e0bb709dd99efb0076fd5ce62a6b244acdc30d1
a95c5eaa76c0863eb4bf0a11d77f203f3a691ba3254da27820ab7c561186b34a
GET /template/web/GG/xxx1.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 552798
last-modified: Sat, 19 Nov 2022 15:51:37 GMT
etag: "6378fb89-86f5e"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xb3.hadhd.com/template/web/GG/dp2.gif
156.251.146.196200 OK 767 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp2.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 640 x 200\012- data
Size 767 kB (766938 bytes)
Hash 06f924cdbba4e6c4765765139a404682
7eaadc65f26a4fe45240e14f96c29aa53e721775
514dc1d00a06bed8dbb2a891aa73b6ff70cd32772f582df1c2c959c856d45a5d
GET /template/web/GG/dp2.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 766938
last-modified: Mon, 25 Apr 2022 12:29:50 GMT
etag: "6266943e-bb3da"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
rootnetworksdv.ocsp-certum.com/
95.101.10.107200 OK 1.5 kB URL HTTP/1.1 rootnetworksdv.ocsp-certum.com/
IP 95.101.10.107:0
ASN #20940 Akamai International B.V.
Hash 00222ff4195b544c76eba2aaa9ff4ba6
0d950de82fc6cbba734961e5edf4c5db9a39b93d
7fa17b258fabea5790422c95a624c0ca75600d55a9a20890c4e3262e3aa2b7b7
POST / HTTP/1.1
Host: rootnetworksdv.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1490
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=140
Date: Thu, 08 Dec 2022 08:11:37 GMT
Connection: keep-alive
X-N: S
xb3.hadhd.com/template/web/GG/dp4.gif
156.251.146.196200 OK 747 kB URL HTTP/2 xb3.hadhd.com/template/web/GG/dp4.gif
IP 156.251.146.196:0
File type GIF image data, version 89a, 640 x 200\012- data
Size 747 kB (746571 bytes)
Hash 84e8edecf6c28c8218e0a7b1ad9ea414
3897e6bf1a2292c59b45e44d2b9c38e45f8f9a6f
356abb92d87698d59a4af16304d13e760b032739634c495fba68568e82d5c1ce
GET /template/web/GG/dp4.gif HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/gif
content-length: 746571
last-modified: Mon, 25 Apr 2022 12:29:52 GMT
etag: "62669440-b644b"
expires: Sat, 07 Jan 2023 08:11:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060b.gif
47.110.23.69200 OK 698 kB URL HTTP/1.1 ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060b.gif
IP 47.110.23.69:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 698 kB (697949 bytes)
Hash d56b723db43960dda680dd06c0a1dffe
52f8d42d21c450279d7bf9dc1bc2d78c7413aedd
70683f6af2fd147738c0d54277925f9c9477610ad4e6c8fe730d9b2efa74df26
GET /xpj/xpj96060b.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 08 Dec 2022 08:11:36 GMT
Content-Type: image/gif
Content-Length: 697949
Connection: keep-alive
x-oss-request-id: 63919C38A966993835591B2F
Accept-Ranges: bytes
ETag: "D56B723DB43960DDA680DD06C0A1DFFE"
Last-Modified: Sat, 19 Nov 2022 11:19:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 469146596027910540
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 1WtyPbQ5YN2mgN0GwKHf/g==
x-oss-server-time: 3
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 50e7304604e7c77b3c119da8e820c093
50803969449a9904ab28148c2272015edaaf1264
f37596514fe9c4d75d7cfeb6e71a905a40458b9bbaae35472d71f015e1528421
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:37 GMT
Last-Modified: Thu, 08 Dec 2022 07:03:29 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 50e7304604e7c77b3c119da8e820c093
50803969449a9904ab28148c2272015edaaf1264
f37596514fe9c4d75d7cfeb6e71a905a40458b9bbaae35472d71f015e1528421
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6539
Cache-Control: max-age=142351
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:11:37 GMT
Etag: "63910bbd-2d7"
Expires: Fri, 09 Dec 2022 23:44:08 GMT
Last-Modified: Wed, 07 Dec 2022 21:55:09 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 727
p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
47.246.44.227200 OK 460 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Size 460 kB (459882 bytes)
Hash 9755d798f1df0ff90ff281daf889c27e
6684c546dc5b1e65c84786cf929562e4bf5a4854
86943358042194179070f2e3fa41e8296cd53999c5d025fdcaf6ddff98714f87
GET /obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 459882
date: Mon, 05 Dec 2022 11:57:37 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 11:29:24 GMT
nw-session-id: 202212051929240102090950660FC6D0DCgkhk903dy
nw-session-trace: 2022-12-05T19:29:24.652328753+08:00 35
x-bdcdn-cache-status: TCP_HIT
x-length: 459882
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 19:29:24 GMT
x-tt-logid: 202212051929240102090950660FC6D0DC
via: n132-078-099, cache9.l2de2[0,0,206-0,H], cache3.l2de2[1,0], cache3.l2de2[1,0], cache4.se1[0,0,200-0,H], cache5.se1[1,0]
x-request-ip: fdbd:dc03:4:481::12
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01e53d331f021ee346a4a71cd251f620c397b4785e133000e4fcc6a1414827e76105afaf9318ee148ff06afa2468c0c77cf2a1905b0e38acce52cf9db0363cd74a65d3a109f76bc5c653c18372cd8b87f98cdbbed705c989cbdb2708cf3e5eac60
x-response-lb: image
ali-swift-global-savetime: 1670241457
age: 245640
x-cache: HIT TCP_MEM_HIT dirn:2:442320201
x-swift-savetime: Mon, 05 Dec 2022 12:00:14 GMT
x-swift-cachetime: 31535843
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9916704870979081853e
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
47.246.44.227200 OK 180 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 130 x 130\012- data
Size 180 kB (179559 bytes)
Hash 12bddb3d218b1092cafee407bf7a769a
9df85c0c5e60970e9cd10f06aa586155730d4a8b
08cffaa5b2b7e8c8205ee009f1c813ef36d2ebaa83667ff4078d8242f9f959ac
GET /obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 179559
date: Mon, 05 Dec 2022 13:26:09 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 05 Dec 2022 12:45:39 GMT
nw-session-id: 2022120520453801020402415421C55112msshl01dy
nw-session-trace: 2022-12-05T20:45:39.019875998+08:00 38
x-bdcdn-cache-status: TCP_HIT
x-length: 179559
x-powered-by: ImageX
x-response-date: Mon, 05 Dec 2022 20:45:39 GMT
x-tt-logid: 2022120520453801020402415421C55112
via: n132-082-090, cache1.l2de2[0,0,206-0,H], cache21.l2de2[0,0], cache21.l2de2[1,0], cache1.se1[0,0,200-0,H], cache5.se1[1,0]
x-request-ip: fdbd:dc03:8:579::167
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01fd379e806552472691cc785c4d3ee565d551db217bf2923320eb014dc36052a94fa95496fa3683998372ab46e94b1970a6ecb8807ef77d2d3045545758b6d7f63fb29df3755e279e363a53c9de7fa241d0ab5810c8deb447d876fdfaf427042f
x-response-lb: image
ali-swift-global-savetime: 1670246770
age: 240327
x-cache: HIT TCP_MEM_HIT dirn:11:64796367
x-swift-savetime: Mon, 05 Dec 2022 14:21:20 GMT
x-swift-cachetime: 31532690
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9916704870979361874e
X-Firefox-Spdy: h2
ntvxbf7.com/7a4bba1f2d494d268e4e3d01f7b02f09.gif
45.61.212.47200 OK 73 kB URL HTTP/1.1 ntvxbf7.com/7a4bba1f2d494d268e4e3d01f7b02f09.gif
IP 45.61.212.47:0
File type GIF image data, version 89a, 120 x 120\012- data
Hash 68b499187d4013f220129a499602b1f9
80f5fbd2ff84d9e55159bbb5d7871415391cf382
e5bc92b24d0ecf1febf05f08c0787be05413a6bf82bb950505e6a34c492af6ae
Analyzer Verdict Alert quad9 Sinkholed
GET /7a4bba1f2d494d268e4e3d01f7b02f09.gif HTTP/1.1
Host: ntvxbf7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=604800
ETag: "6294b7c2-11daf"
Date: Tue, 15 Nov 2022 12:19:00 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Mon, 30 May 2022 12:25:38 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us1-cdnb-17
Content-Length: 73135
pure-stone.vip/mdt/er2irdi.gif
211.97.85.84200 OK 375 kB URL HTTP/1.1 pure-stone.vip/mdt/er2irdi.gif
IP 211.97.85.84:0
ASN #140886 UNICOM Guangxi province network
File type GIF image data, version 89a, 1000 x 80\012- data
Size 375 kB (374720 bytes)
Hash 0e4e92c65cebab78b8d43a4d13b64b61
dc6eda27f0b92730f5d0ab9064530b4c3d3a252d
785ca8660ed62d18deb4d28e404f45fe6c0eece67ec5306d24f74390182fe979
GET /mdt/er2irdi.gif HTTP/1.1
Host: pure-stone.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 22 Nov 2022 10:38:55 GMT
Etag: "637ca6bf-5b7c0"
Server: nginx
Date: Tue, 06 Dec 2022 07:07:18 GMT
Content-Type: image/gif
Expires: Thu, 05 Jan 2023 07:07:18 GMT
Age: 3525
Content-Length: 374720
Accept-Ranges: bytes
X-NWS-LOG-UUID: 3170271537003433003
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Cache-Control: max-age=3600
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cbac0c7e45d3f33c38dbf3af4de05ba
e9106fec14ddda290951c61eda64a69ada9a244a
98d3785eb167ea6bbba3782ab3cfd8cc9c7715f493265ac6d59494c00d3b002e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: bf2f33a6-7f13-4f5b-ba9c-da33282135b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctERHFRSoAMFgYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb406-121af6ba1b7b6a3066ffa103;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yTLFIBUWHjudn2h6VKM79RUnXfuUTmQBkYSCFrRuY7_biVW5bEKZfA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 17:39:05 GMT
age: 52355
etag: "e9106fec14ddda290951c61eda64a69ada9a244a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public
104.18.2.36200 OK 0 B URL HTTP/2 imagedelivery.net/PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public
IP 104.18.2.36:0
GET /PZ5Nnb5z4TfMFnFORJSOeg/25b65e6c-d8c9-461c-ae8c-129adc09a400/public HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:11:35 GMT
content-type: image/webp
content-length: 423700
cf-ray: 776407fbfeeab524-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfGhStahWYAid_xbNfQZFffhHH8dO5Wny_BInlx8NnBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-images: internal=ok/- q=0 n=25 c=26+500 v=2022.11.7 l=423700
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.1158555.com/images/638f407c93f8ec5e6b5c07b4.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.1158555.com/images/638f407c93f8ec5e6b5c07b4.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/638f407c93f8ec5e6b5c07b4.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/5f20e8f5c682499b8eb059dd144345a9
X-Firefox-Spdy: h2
xb3.hadhd.com/template/meizhuama/css/ate.css
156.251.146.196200 OK 0 B URL HTTP/2 xb3.hadhd.com/template/meizhuama/css/ate.css
IP 156.251.146.196:0
GET /template/meizhuama/css/ate.css HTTP/1.1
Host: xb3.hadhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xb3.hadhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:11:34 GMT
content-type: text/css
last-modified: Wed, 30 Nov 2022 16:01:32 GMT
vary: Accept-Encoding
etag: W/"63877e5c-11e0a"
expires: Thu, 08 Dec 2022 20:11:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.1158555.com/images/638f5e4d93f8ec5e6b5c07f8.gif
185.239.226.87302 Found 0 B URL HTTP/2 img.1158555.com/images/638f5e4d93f8ec5e6b5c07f8.gif
IP 185.239.226.87:0
ASN #134835 Starry Network Limited
GET /images/638f5e4d93f8ec5e6b5c07f8.gif HTTP/1.1
Host: img.1158555.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
cache-control: max-age=3600
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/44806b63977c4233aff487907a4efa90
X-Firefox-Spdy: h2