ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
64 B URL User Request GET ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
IP
ASN #134548 DXTL Tseung Kwan O Service
File type HTML document, ASCII text, with no line terminators
Hash 6ef5e94ac8a048654bbb0e332e1f4d26
90e2fa9edafc8dce78cb7044127f8e4778c4c6ac
b1aa2b3d2e44bf0e0efd02f846bd91fc62ee44487a240e769ef07f158a85875a
GET /js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/ HTTP/1.1
Host: ekramuzzaman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:22:59 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ekramuzzaman.com/tz.js
200 OK 733 B IP
ASN #134548 DXTL Tseung Kwan O Service
Requested by http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
File type JavaScript source, Unicode text, UTF-8 text
Hash 8bd9aa44a217a9c43a8f300e095374fb
3f1b12bffffaa98749b15def41168c25c6d73e4f
f4a4dcb18681d33f26de8b5067f281c938327ad0c0fd9825a3d586a5c36cff26
GET /tz.js HTTP/1.1
Host: ekramuzzaman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: application/javascript
Last-Modified: Sun, 14 Apr 2024 08:23:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"661b9287-4c0"
Expires: Sun, 05 May 2024 15:23:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
154.91.63.114/
200 OK 965 B IP
Requested by http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
File type HTML document, Unicode text, UTF-8 text, with very long lines (587), with CRLF, LF line terminators
Hash 8fa78af7f483642bc258e27a9b0d0d7b
1cf8fcab2064a96fa1726c2c6c1e0ab1e86d3e4a
34be7b5ac4a18026fb0ad7fbfb769bdbc3b46de09c05861c9eeb0055b4d8b1de
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ekramuzzaman.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: text/html
Last-Modified: Thu, 04 Apr 2024 08:14:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"660e615b-b44"
Content-Encoding: gzip
ekramuzzaman.com/favicon.ico
200 OK 0 B URL GET HTTP/1.1 ekramuzzaman.com/favicon.ico
IP
ASN #134548 DXTL Tseung Kwan O Service
Requested by http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ekramuzzaman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
154.91.63.114/static/css/style.css
200 OK 864 B URL GET HTTP/1.1 154.91.63.114/static/css/style.css
IP
Hash 69bf1de01e6cc7e5886f24356cf10d80
1da6c198d067f51fc13403f4e3f038936c52e4d6
fc114f22c9f8954204116ae41ea905ef684b9b1587ca9260b7cc5ed148e36639
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/css/style.css HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Mar 2024 04:43:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6604f56c-8da"
Expires: Sun, 05 May 2024 15:23:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
154.91.63.114/link.js
200 OK 768 B IP
File type JavaScript source, Unicode text, UTF-8 text
Hash d2733337f74c4a9a03a907474e95d762
a0e89d3606638c532677804893d6db7ceb5fe3d9
92f1ea78ef150934e72e07514e9b0b869e7bd404c25f3733a39f7aed4f7ae334
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /link.js HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: application/javascript
Last-Modified: Sat, 04 May 2024 13:39:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"66363a9b-928"
Expires: Sun, 05 May 2024 15:23:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
154.91.63.114/static/picture/ky.png
200 OK 36 kB URL GET HTTP/1.1 154.91.63.114/static/picture/ky.png
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 960x440, components 3
Hash d345e3625b216f9940227102788ad189
1bdbb0681b2d3c063bd5e747ce9aa3e82a538426
bdbd13a205c4e19a101a2f2f3ef4bd253cfebc7dfe446d7970a739e95d5119c8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/picture/ky.png HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: image/png
Last-Modified: Thu, 28 Mar 2024 04:43:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6604f56c-8bd4"
Expires: Tue, 04 Jun 2024 03:23:00 GMT
Cache-Control: max-age=2592000
154.91.63.114/static/picture/ayx.png
200 OK 38 kB URL GET HTTP/1.1 154.91.63.114/static/picture/ayx.png
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 960x440, components 3
Hash 5cd7886b6d7bf8ee89afd83b1700a6e1
89fa226ebc89fa23ffbc3f674fe6f439f108f5a1
aa4f11f068c32f7ced6901149767546282f300cdfcea8b6c419d199622048fb7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/picture/ayx.png HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: image/png
Last-Modified: Thu, 28 Mar 2024 04:43:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6604f56c-924a"
Expires: Tue, 04 Jun 2024 03:23:00 GMT
Cache-Control: max-age=2592000
154.91.63.114/static/picture/activit.png
200 OK 83 kB URL GET HTTP/1.1 154.91.63.114/static/picture/activit.png
IP
File type PNG image data, 960 x 1270, 8-bit/color RGBA, non-interlaced
Hash e9a58d8abec44a48517a41fc8be98b9c
faf59bea230bc0bb72abdc3bac9cada2f4a1c6c5
b35ae75e9e99bf22eaf9cc544359b5b7ad52fd7edf97cb0514074bc5201e43ed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/picture/activit.png HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: image/png
Last-Modified: Thu, 28 Mar 2024 04:43:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6604f56c-1431b"
Expires: Tue, 04 Jun 2024 03:23:00 GMT
Cache-Control: max-age=2592000
hm.baidu.com/hm.js?643cca9d2a6aff22f2e4076044399046
200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?643cca9d2a6aff22f2e4076044399046
IP
Requested by http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (624)
Hash b64abfb89d81705423252b4dc17744c1
5d6f4b564092cff2dd74968a87a34ed091a6243b
e2f5c83a7496d52329cd25b3c804af4198a527d94828fe4801c4f593d7cbe801
GET /hm.js?643cca9d2a6aff22f2e4076044399046 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ekramuzzaman.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sun, 05 May 2024 03:23:01 GMT
Etag: 2a5921eb420056e1bf9f0da310df2932
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=520D2CCE1DBB8246; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
154.91.63.114/static/picture/jy.png
200 OK 183 kB URL GET HTTP/1.1 154.91.63.114/static/picture/jy.png
IP
File type PNG image data, 960 x 440, 8-bit/color RGBA, non-interlaced
Size 183 kB (182959 bytes)
Hash d4d837fdf1a74b407752ad5ef1ee3ee8
fbdf97f1ed3541f36289baf2d8539581d46c6181
682722ea76cded2c0d43a8365a8555ee809d0891b3a68ead81ae05e68bde5c45
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/picture/jy.png HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:00 GMT
Content-Type: image/png
Last-Modified: Thu, 28 Mar 2024 04:43:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6604f56c-2caaf"
Expires: Tue, 04 Jun 2024 03:23:00 GMT
Cache-Control: max-age=2592000
154.91.63.114/static/images/bg.jpg
200 OK 408 kB URL GET HTTP/1.1 154.91.63.114/static/images/bg.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x804, components 3
Size 408 kB (407521 bytes)
Hash 0fc37465f937309f2896383de7b80037
081363a64b051fbb4c0f69ae5019332bfe89028f
d5ef3573ca23c7a1c15998b38344826fcaf8b44f7161a29e581acfd502e57c1d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/images/bg.jpg HTTP/1.1
Host: 154.91.63.114
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/static/css/style.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 03:23:01 GMT
Content-Type: image/jpeg
Last-Modified: Thu, 28 Mar 2024 04:43:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6604f56d-637e1"
Expires: Tue, 04 Jun 2024 03:23:01 GMT
Cache-Control: max-age=2592000
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1394507521&si=643cca9d2a6aff22f2e4076044399046&v=1.3.0&lv=1&sn=25036&r=0&ww=1280&u=http%3A%2F%2Fekramuzzaman.com%2Fjs%2Ffedexxfr%2F11f668408830183b4cf09fec0b25e8a5%2F
200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1394507521&si=643cca9d2a6aff22f2e4076044399046&v=1.3.0&lv=1&sn=25036&r=0&ww=1280&u=http%3A%2F%2Fekramuzzaman.com%2Fjs%2Ffedexxfr%2F11f668408830183b4cf09fec0b25e8a5%2F
IP
Requested by http://ekramuzzaman.com/js/fedexxfr/11f668408830183b4cf09fec0b25e8a5/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1394507521&si=643cca9d2a6aff22f2e4076044399046&v=1.3.0&lv=1&sn=25036&r=0&ww=1280&u=http%3A%2F%2Fekramuzzaman.com%2Fjs%2Ffedexxfr%2F11f668408830183b4cf09fec0b25e8a5%2F HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ekramuzzaman.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 05 May 2024 03:23:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DEC11B53C149FFC8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
cdn.bootscdns.net/ajax/libs/jquery/3.6.3/jquery.js
403 Forbidden 0 B URL GET HTTP/2 cdn.bootscdns.net/ajax/libs/jquery/3.6.3/jquery.js
IP
Certificate IssuerGoogle Trust Services LLC
Subjectbootscdns.net
Fingerprint70:3E:8F:6F:E7:1B:74:87:66:1A:DD:37:21:68:30:97:BE:0B:6D:84
ValidityThu, 14 Mar 2024 22:14:48 GMT - Wed, 12 Jun 2024 22:14:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ajax/libs/jquery/3.6.3/jquery.js HTTP/1.1
Host: cdn.bootscdns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://154.91.63.114/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sun, 05 May 2024 03:23:00 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: fWm+5iMkIUyJhWcOFpaoX5iVxBWRek197+NiTjhLFTz/nyvCdjYSpS/lrjo/UIJLd9MtkWWFGF4nQME28ROuTjvtDP05phiLg/aoNZeutfvJg18A4XBNvEtnK5bqcSbqEUNqbXwLj8+kx+qx4sI6AA==$WsiGC3FG/jmujitfebxUbg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93MG0DnHFFdb5UYevl0nQm5e50JHKzHUb0SggKcTh3Lv%2FrpLVjxqX%2Fa5yw3m2j1VJHd5crrZIdQNxsD%2F%2FwFJxxFBf%2BXxLl9AzXD3DNaG75roleOshLHuqcIukX4d3gzb%2FMOTZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ed9c014a850b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
38.238.200.143
154.91.63.114
14.215.182.140
104.21.63.142