r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2638
Expires: Thu, 24 Nov 2022 15:35:52 GMT
Date: Thu, 24 Nov 2022 14:51:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5711
Cache-Control: max-age=162868
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:54 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:06:22 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
neexulro.net/ad/locked?rndad=3583501526-1669301485&url=1GcS0a&t=s&subid=8284302&h=1
172.67.150.219302 Found 0 B URL HTTP/1.1 neexulro.net/ad/locked?rndad=3583501526-1669301485&url=1GcS0a&t=s&subid=8284302&h=1
IP 172.67.150.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/locked?rndad=3583501526-1669301485&url=1GcS0a&t=s&subid=8284302&h=1 HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 24 Nov 2022 14:51:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=4ejck462qdnv1m0dif1eorm2p9; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-powered-by: adfly
location: /-1/1GcS0a
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B20CbsKKBqF9nKoldyS4uMZzWEJPFKgZbDsa%2BDtP%2FOz8Nqll%2BAXiRWW3u9EF9YyenvgYl3AOj95pAlwjrE0SEnnQAWkP2zRm8OoXoawZfbs9uHENq8v5QIa1j4Ws3RM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f72138750b06-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 14:18:58 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1976
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11196
Expires: Thu, 24 Nov 2022 17:58:30 GMT
Date: Thu, 24 Nov 2022 14:51:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nD5ACWWjmMKQ+br4fStoTESQFvWZ+pzfYX54LiPkBOJPxeRszlELTGo6FAHp0t15eyF96rY8maY=
x-amz-request-id: 9CV4RSBGB15K1XBA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 14:43:26 GMT
age: 508
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 14:51:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
neexulro.net/-1/1GcS0a
172.67.150.219200 OK 5.5 kB IP 172.67.150.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (552), with CRLF, LF line terminators
Hash 804b98019a5fac14eaa7d8465bf21f31
5e3516084cfa2e92fa75904d3c35ec81e0d4261a
96c4447c27b9bc7c8fbdd44656b0ac69d782966a0f2ef1f348f34c238b77e121
GET /-1/1GcS0a HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: FLYSESSID=4ejck462qdnv1m0dif1eorm2p9
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: adfly
strict-transport-security: max-age=0
set-cookie: yp1=d6d3afbab59b819343f48548849260a7; expires=Fri, 25-Nov-2022 14:51:54 GMT; Max-Age=86400; path=/; domain=.neexulro.net
yp2=530aaadfbd2c81e5bb513d9e6446395b; expires=Fri, 25-Nov-2022 14:51:54 GMT; Max-Age=86400; path=/; domain=.neexulro.net
yp3=1532635802; expires=Fri, 25-Nov-2022 14:51:54 GMT; Max-Age=86400; path=/; domain=.neexulro.net
p3p: policyref="http://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 24 Nov 2022 14:51:54 GMT
x-frame-options: DENY
referrer-policy: no-referrer-when-downgrade
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ub%2FkDtfIVNId4tyDWzhtwBFMUQjEf2ZwOvs9lVLasxYruTiEVA8is5mVL16orGUIA2%2FlWx7vhcjt96H9BmNleapEgduNp2Lny%2BfErZWgwxfTob02MKL7kCf5%2FYXij0k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7238b440b06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/js/amvn.js
104.21.0.99200 OK 84 kB URL HTTP/1.1 cdn.neexulro.net/static/js/amvn.js
IP 104.21.0.99:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash 5b707e4defc2bde20214a0ac24f7d927
4bc6d75a4233b32f6ad40d8ef9ce7845e0799402
fc09934f8c5c3de101d1f0a112e80b65a66240dd7666a91265b7c9eaed6c753b
GET /static/js/amvn.js HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: application/x-javascript
Content-Length: 84174
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:20 GMT
last-modified: Thu, 24 Nov 2022 12:20:02 GMT
etag: "3f157-637f6172-f8d66ee6e8273f60;gz"
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2975
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKkxfM%2B%2BkQGmRmoXdo%2BQrTFVN83KLRH7TKN7kcGhLRgOdTguz38XvqdZY95oElY07qF2Sm%2FNX7zvwE49qiHC9382RYZq9qXu3C33BOqEzlZAFCbHNN929t3PIctoHWDB2ZPB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7252e3cb4ee-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/js/view118_bidshow.js
104.21.0.99200 OK 4.0 kB URL HTTP/1.1 cdn.neexulro.net/static/js/view118_bidshow.js
IP 104.21.0.99:0
File type ASCII text, with very long lines (10991), with no line terminators
Hash 966f84aff8b7893cbf2b87da5a27f8a9
695e0fcb64fc820db2ca76e808136a3762ea3673
25c6680edff77f84bc5606fdd9f06116ec800f29173528135cb74d564f2732f9
GET /static/js/view118_bidshow.js HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: application/x-javascript
Content-Length: 4024
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:16 GMT
last-modified: Wed, 24 Aug 2022 10:51:38 GMT
etag: "2aef-630602ba-53ef1c725fb7c923;gz"
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2979
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHjAhIWyj7qmZJoNmbtprbFCalKeDJ7zyLAB1yV6mFHihmq5aV3yVpTBN%2B0q3wovVTwSouzGpOHn9fAkSZPqEjavwwLFfIcZHvBdpXAR1kh12g2RvKC08l8GvlVhKteVlJsS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7252bcc1c06-OSL
alt-svc: h2=":443"; ma=60
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP 142.250.74.170:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 18351732b1849ba758e98884e186b3c8
d735af8661eda41ff4ffbf76e6a284a0e2deb81c
bfac625d304d52e04f2caeb19266354749929c888ca09d3d1e3edcbb8770d0f0
GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33333
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 08:31:18 GMT
Expires: Wed, 22 Nov 2023 08:31:18 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 195637
cdn.neexulro.net/static/css/adfly_7.css
104.21.0.99200 OK 875 B URL HTTP/1.1 cdn.neexulro.net/static/css/adfly_7.css
IP 104.21.0.99:0
File type ASCII text, with very long lines (2735), with no line terminators
Hash f8c8a9d49e010a2cf10a44dacf35e661
5a069859544758f32b5d09e89c3631c8257c64e1
2cdcaf6a39f9cd39a37dfacfeec2461813fb5557e071d96756c129d17e84cb7a
GET /static/css/adfly_7.css HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=3778
cache-control: public, max-age=604800
etag: W/"ec2-60467027-6a5aa4acec833b9;gz"
expires: Thu, 01 Dec 2022 14:02:02 GMT
last-modified: Mon, 08 Mar 2021 18:42:47 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2993
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cro2M%2B2sU612x7ujl%2B3tyqXa2AnPR1ZgmwfZMlnaKurp48J330pSE9es1xAip%2BmGgxqqDsXV3d%2B0F9B8doe7y7cvVYKPy2ygMhEXzsYggD5QiSFJcHP9OjGlmEkvLNNd4pzp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7252b610afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 14:11:11 GMT
cache-control: public,max-age=3600
age: 2444
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
d1a3jb5hjny5s4.cloudfront.net/?hbjad=709056
54.230.245.125200 OK 36 kB URL HTTP/1.1 d1a3jb5hjny5s4.cloudfront.net/?hbjad=709056
IP 54.230.245.125:0
File type Unicode text, UTF-8 text, with very long lines (15478)
Hash 1926e445e9d432d70901d0f5bba7e679
12121c0ad292ea8cbd55cec789521d3f22e51956
7bd3a0805e69186008fff607692914ba658f78e8272d11fbe9436117f272c8f1
GET /?hbjad=709056 HTTP/1.1
Host: d1a3jb5hjny5s4.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Content-Length: 36041
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:55 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8MvHBLeDmylEyjiO-gZ8Yv6LniCOIyX46X_aMAQ-3DwirqQsgK-L6A==
cdn.neexulro.net/static/image/logo_fb2.png
104.21.0.99200 OK 6.3 kB URL HTTP/1.1 cdn.neexulro.net/static/image/logo_fb2.png
IP 104.21.0.99:0
File type PNG image data, 193 x 98, 8-bit colormap, non-interlaced\012- data
Hash 84a673a878949a7a8410199f5f8ea220
49cbc367cd9e0943df6d6e2180bb9a5771dbb208
042313bf805bd8d9a1c6b2a88c90e15407004fcc6e9c5d5974c87c85c20796f3
GET /static/image/logo_fb2.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 6283
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:20 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "188b-5faa60e6-8113dca053ec939e;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2975
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tCTZ0hJYEh2nybc08Q5h3WI2PsJNRRUhjlUCkl%2FzrRXXGzX0eMIBAQof3ijyUf%2FbCId9j7ZsBmfnU9Aq8dRz9%2FzWHLCwSfIutOzKDxueEtIcyeg8QRGVmCR%2Bx8Bt7CmmHjL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7264cd80afe-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/image/skip_ad/en_tran.png
104.21.0.99200 OK 5.1 kB URL HTTP/1.1 cdn.neexulro.net/static/image/skip_ad/en_tran.png
IP 104.21.0.99:0
File type PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 5076
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:20 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-a653c25d6e1f8e24;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2975
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l72DWNbOi3S%2FUbxaKkydbninkf3Ub6gEU%2FKcXrWtpWOYeME%2Bw5fWtXxsq7Ps81Vz%2FHOKAb15szGAY0K1BoFHasx0gOgLn5%2BtbUwxL2r7AOwNVOgOOARYU4k9K%2FsHXJ1%2BPT94"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7264fb6b4ee-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/image/spinner.gif
104.21.0.99200 OK 36 kB URL HTTP/1.1 cdn.neexulro.net/static/image/spinner.gif
IP 104.21.0.99:0
File type GIF image data, version 89a, 39 x 39\012- data
Hash 2055f195780b3e4c71b97c95fa97eab0
36c1138bdcccf116f1b9ee9effa3e5d13f1e6161
0a607f27600e85addcfd1415ee611a370a30dce3f53ac200d3e0e25d2bdc5157
GET /static/image/spinner.gif HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/gif
Content-Length: 35453
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:13 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "8a7d-5faa60e6-3e1a311be9cf3f91;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2982
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suW%2BsJpjfQLnDoDgT4np8rC%2FIkKTHn7y1N7dkItsoGw%2FMHqN8S5OxHuvYfwKhuasI7acM3Um3uK77xDVlK2eosLPDE%2FUWMaLRcdSCsf0XhPeqT%2FqeBdl6PJBZnrotGaHsHpe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7264cb31c06-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/image/delete2.png
104.21.0.99200 OK 577 B URL HTTP/1.1 cdn.neexulro.net/static/image/delete2.png
IP 104.21.0.99:0
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a612b41ba5d1cad10ae4c6660d8fda4
4006ab2bfe338d2d1f060c0486bad8e1b589ba44
2fa2ba143aaedc6b6169e9b024d4f12df4acfc5995950dce175fd97644dd0c43
GET /static/image/delete2.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 577
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:06 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "241-5faa60e6-a0c39838649de106;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2989
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EIgPiuYDoQHDESoewfsHy9HMBPgEnvTVIrtKshIyoRs3WXQWsqTec6TeRis2r%2BJ5PifjFvQPcApMYWlqnZiwaZzeXSJcTzhJQweTWdjeC4sOWI9l3HWbGhGivK2RElFt0hPm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7264aeeb505-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/image/ahl6532.gif
104.21.0.99200 OK 3.2 kB URL HTTP/1.1 cdn.neexulro.net/static/image/ahl6532.gif
IP 104.21.0.99:0
File type GIF image data, version 89a, 166 x 58\012- data
Hash 48d26bd889d62fc9c72d33138f409c15
3bd2657ee1ba4843f266cda7217a8d0a2b725ea3
13cad7fb56a878cd12d9456a8754cf13433ac6741338371f87776b4373411b15
GET /static/image/ahl6532.gif HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/gif
Content-Length: 3229
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:20 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "c9d-5faa60e6-bdf1ebb6d8b3a2e3;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2975
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FrhwYjz3ctDndBPPSYwCnDkUtPThJYKRSwjgdYyw6jTcGE0GTZNRxBXmBK2xxdCsy0Oj8BopdahdHaHbMRSsax3xoB83JU7DcLKBB5bZ7eIdxHoEduw1FU3SzH986I7evdLI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7266fd8b4ee-OSL
alt-svc: h2=":443"; ma=60
neexulro.net/js/display.js
172.67.150.219200 OK 5.8 kB URL HTTP/1.1 neexulro.net/js/display.js
IP 172.67.150.219:0
File type ASCII text, with very long lines (15999)
Hash e149217d65efcf53cc382af7c60f461c
6de97c3f773cf9b21e4373097f5f5cddf37d872e
4d30ac5f2c0ab10e25b4c39eb646e9cb86d66394775d77ba7b88a34720f85b27
GET /js/display.js HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: FLYSESSID=4ejck462qdnv1m0dif1eorm2p9; yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: application/x-javascript
Content-Length: 5775
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:10 GMT
last-modified: Thu, 29 Jul 2021 14:08:58 GMT
etag: "3e81-6102b67a-1a029ed62bba2563;gz"
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2985
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ucn7%2B05X2mIG0Pq1HNOS1sQbmSleGJYARbXolku1l2ctu%2B1Xl%2B%2BdZn9bZksaPbeeF4Sp9iTsENE0gll3IXHJfcTorwo0ZCvIhvDzake5R%2BfMOKIM%2Bhvzi2GrXGNs5fE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f726bec40b06-OSL
alt-svc: h2=":443"; ma=60
cdn.neexulro.net/static/js/main.js?v=2022052901
104.21.0.99200 OK 705 B URL HTTP/1.1 cdn.neexulro.net/static/js/main.js?v=2022052901
IP 104.21.0.99:0
Hash 5d2f026c4af9cf86a2ecb368dc1533d6
376ce5a73144b00dd162aa8524ac856b8db7a33e
0fd907185fe7d7610498d8d487449707fe4949c5c89a1028da380d2e5e862c3d
GET /static/js/main.js?v=2022052901 HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:51:55 GMT
last-modified: Sun, 29 May 2022 07:10:19 GMT
etag: "7a0-62931c5b-8cbcca2019146215;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXBj2V5WvpkJGGuQYYUuzROOy0Lx4Uc6RimmGP7xQHhirrZUd3XJW%2Fs8cr67YV%2Bk4Tl6wHXCvWppYPwgVs3O8UfzGO%2FUGm53eMStMaYMoFSkBHcQ5ZJdfQgC%2Bs1DC%2FGyG0fm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7252f910b41-OSL
alt-svc: h2=":443"; ma=60
engingsecondu.com/popunder.gif
104.21.55.224200 OK 58 B URL HTTP/1.1 engingsecondu.com/popunder.gif
IP 104.21.55.224:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 74214
Last-Modified: Wed, 23 Nov 2022 18:15:01 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ySHU6dun7DjUN8N4V1KuI5OX3sWlhpSHxeH7GsEEnpNHPF%2FDdm1PpGxUbv8T1LOKV1asPC4sLZhlsvNacxg7HEH3YyQecXryXLz7446k5%2BOUVk6NPMWvavTq2Q%2BaDwfaPJRYZw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f726ceebfac8-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cd68ca69e11ea523173f643d774c0b8f
a2f89f2e07b69cafc41efa2bc4548a04c5b81d95
8094b372e49f5ab920ef260ab9706d07b3ee6ea036813ad6f332254a4a2a3e9c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8094B372E49F5AB920EF260AB9706D07B3EE6EA036813AD6F332254A4A2A3E9C"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5810
Expires: Thu, 24 Nov 2022 16:28:45 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
cdn.neexulro.net/static/image/d_top_bg.png
104.21.0.99200 OK 156 B URL HTTP/1.1 cdn.neexulro.net/static/image/d_top_bg.png
IP 104.21.0.99:0
File type PNG image data, 1 x 59, 8-bit/color RGB, non-interlaced\012- data
Hash 106113dd42dd001363d6e2c920dba647
ebb71cf1a44a45852fff4d4fc0971f299b8b8c4c
938632fb472382061e62d8f1d033da03cbc84f150236e4251c8ece12241405ae
GET /static/image/d_top_bg.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.neexulro.net/static/css/adfly_7.css
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 156
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:09 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "9c-5faa60e6-6bfb178d8ae4aca5;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2985
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWiXp%2FQEZzKQmlIyl6NAu46NzFf2%2BGvCyFgn%2BqpJVK2H3M6lcVWrn%2Bpxo4oS6ptG8rHMWftQfqMzpxy%2FnBEY2P3DIUODHr5ymadGnpt0dIMimLSJJeeoBdl7gR1ehu60PNJR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f72738bcb4ee-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8e84c7b429830df22931bfa43af0da4f
5ae486a89d22c4524681768cda152f35c898f9ad
951346e5ca7a488a04b2a123f2f3f081638a358f41592f691741855b5f823879
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "951346E5CA7A488A04B2A123F2F3F081638A358F41592F691741855B5F823879"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2265
Expires: Thu, 24 Nov 2022 15:29:40 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
cdn.neexulro.net/static/image/d_bottom_bg2.png
104.21.0.99200 OK 2.8 kB URL HTTP/1.1 cdn.neexulro.net/static/image/d_bottom_bg2.png
IP 104.21.0.99:0
File type PNG image data, 1 x 28, 8-bit/color RGB, non-interlaced\012- data
Hash 765bb01e93fec22bee832ea0219871d0
2059131c55ef4c9b171fff20fc692839686761b7
27ab7efdb31ee6b311557cb2296d9bdb4c5038a230bcb4f9bc1a2409bb73863a
GET /static/image/d_bottom_bg2.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.neexulro.net/static/css/adfly_7.css
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 2829
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:16 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "b0d-5faa60e6-4be0e3e54c61ce38;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2979
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44QjDGgvrGOvX%2B1uXZPvh09gWsaRu7VxImTXxoeBa7hoSx22KVjHqeuowHSLL8Nr6pEqhgWw7feu4toxZI0LTNSfkt5XoMJBhZyNvFVXy7K0l%2Fz%2F5eyQbvBAnyXZPS%2BgYvkT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7276e5f1c06-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3376
Cache-Control: max-age=155470
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:03:05 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5364
Expires: Thu, 24 Nov 2022 16:21:19 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
mantedtonisms.com/cGZNUTARBC48DxFbL3dFAgpwdAI2Q38XVEMAITBZRgB6M0IEBTV/UxwJODVWAgkjJR4eAzl0AjYWAgV+NjQJNVEoJT44czVXLBhoGyQOAFRCBSocVicyFCNnJQ0CEF4IBCsXCCACFTkAKgsAJmQmVgI1ZzoEGhcAGQMfF1MoNRdkchhfHhhjKS0JA2UIKAs5YzQMfWFnJVcXGlo+AhtgCRorGwh1KA8idAIyPiEHVjohCBdWBzw/NXI5KgxjAAo+ITVoOwwDFHgxIHwaWz0FDAlmQSQ1MnQpLilgeDEgfBwBRT4PCXYYJAUiZxRVHwF0BwIqNQMlBQwJHSVUHANHMSQFBHg0JHxgUiIvARBJOQ4bF3oTPwULSDMRA2FUMQUEEAMiDg8AXCYqCQtjKFc6aGkhMGhjdjEIGyl3IQ0bHHgbIWs7Qx8IPWx3SAoIPXpBKQAE
54.230.111.95200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/cGZNUTARBC48DxFbL3dFAgpwdAI2Q38XVEMAITBZRgB6M0IEBTV/UxwJODVWAgkjJR4eAzl0AjYWAgV+NjQJNVEoJT44czVXLBhoGyQOAFRCBSocVicyFCNnJQ0CEF4IBCsXCCACFTkAKgsAJmQmVgI1ZzoEGhcAGQMfF1MoNRdkchhfHhhjKS0JA2UIKAs5YzQMfWFnJVcXGlo+AhtgCRorGwh1KA8idAIyPiEHVjohCBdWBzw/NXI5KgxjAAo+ITVoOwwDFHgxIHwaWz0FDAlmQSQ1MnQpLilgeDEgfBwBRT4PCXYYJAUiZxRVHwF0BwIqNQMlBQwJHSVUHANHMSQFBHg0JHxgUiIvARBJOQ4bF3oTPwULSDMRA2FUMQUEEAMiDg8AXCYqCQtjKFc6aGkhMGhjdjEIGyl3IQ0bHHgbIWs7Qx8IPWx3SAoIPXpBKQAE
IP 54.230.111.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 8fe6b5be21b058f6bb5dd178c77d973e
326db55a887f8bde491cb513f5c7ba0d7369ee71
5b1fd68395881b090f31c6efab463b74f252fb1efc0a8302f52e6673be44ba49
Analyzer Verdict Alert fortinet Phishing
GET /cGZNUTARBC48DxFbL3dFAgpwdAI2Q38XVEMAITBZRgB6M0IEBTV/UxwJODVWAgkjJR4eAzl0AjYWAgV+NjQJNVEoJT44czVXLBhoGyQOAFRCBSocVicyFCNnJQ0CEF4IBCsXCCACFTkAKgsAJmQmVgI1ZzoEGhcAGQMfF1MoNRdkchhfHhhjKS0JA2UIKAs5YzQMfWFnJVcXGlo+AhtgCRorGwh1KA8idAIyPiEHVjohCBdWBzw/NXI5KgxjAAo+ITVoOwwDFHgxIHwaWz0FDAlmQSQ1MnQpLilgeDEgfBwBRT4PCXYYJAUiZxRVHwF0BwIqNQMlBQwJHSVUHANHMSQFBHg0JHxgUiIvARBJOQ4bF3oTPwULSDMRA2FUMQUEEAMiDg8AXCYqCQtjKFc6aGkhMGhjdjEIGyl3IQ0bHHgbIWs7Qx8IPWx3SAoIPXpBKQAE HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1188
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:55 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fhD-rcFsn07ouYZdnDm9peZ4nCHPnBCZwFJ4ZeT0tLs-gEv6kXO2Bg==
engingsecondu.com/am50SnFFURc5TAgrMXorLzwRLzAoDRccSF8qIgBAMl0XDidZDVI+GA5TQ3pIWltCbAEDCkl4SEwdACsFHx1Je1cDABIlTEwYSXtfWkBCel9bSAF3QEwaBCsWV19SOgUeAkl7R1xXR3pAX19Ac0ZS
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/am50SnFFURc5TAgrMXorLzwRLzAoDRccSF8qIgBAMl0XDidZDVI+GA5TQ3pIWltCbAEDCkl4SEwdACsFHx1Je1cDABIlTEwYSXtfWkBCel9bSAF3QEwaBCsWV19SOgUeAkl7R1xXR3pAX19Ac0ZS
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /am50SnFFURc5TAgrMXorLzwRLzAoDRccSF8qIgBAMl0XDidZDVI+GA5TQ3pIWltCbAEDCkl4SEwdACsFHx1Je1cDABIlTEwYSXtfWkBCel9bSAF3QEwaBCsWV19SOgUeAkl7R1xXR3pAX19Ac0ZS HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 14:51:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zy6VTNRZvW6i59t9d4FZKYSLWRrHj3HTOWdkHhN8N5hizIBw3YYaq5FneX9ZY88bDE2UepRzHnd26HXGf6D8B55X7U86mlAEy4vE%2FmHzGk6qJZ9aCN2tPEVIjpPzxpPygRLuIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2f7272afd0b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.neexulro.net/static/image/ad_top_bg2.png?&ad_box_=1
104.21.0.99200 OK 156 B URL HTTP/1.1 cdn.neexulro.net/static/image/ad_top_bg2.png?&ad_box_=1
IP 104.21.0.99:0
File type PNG image data, 1 x 59, 8-bit/color RGB, non-interlaced\012- data
Hash 106113dd42dd001363d6e2c920dba647
ebb71cf1a44a45852fff4d4fc0971f299b8b8c4c
938632fb472382061e62d8f1d033da03cbc84f150236e4251c8ece12241405ae
GET /static/image/ad_top_bg2.png?&ad_box_=1 HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/png
Content-Length: 156
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:51:55 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "9c-5faa60e6-616091c58406c4e2;;;"
accept-ranges: bytes
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mn1tivbfH4cGyNQvp5z%2BR%2BfU6yOPrJpzONdHWgKcnYajppKdq1ZeJKHoYr1FfquigtVpo8wCEdBuOXJfbSt0HJI9Rmu4RjYhMxtdCxu4%2FOM8UCNwAl%2BCIcqsNT2a%2BJmlix2r"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f7265cef0afe-OSL
alt-svc: h2=":443"; ma=60
neexulro.net/2market_bidshow.php?user_id=8284302&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&ref_url=eyJ1cmwiOm51bGwsImRvbWFpbiI6bnVsbH0%3D&url=https%3A%2F%2Fwww22.davisonbarker.pro%2Fpushredirect%2F%3Fnetwork%3D3%26site%3Dadfly%26ppi%3D8284302%26pci%3D3614296597%26t%3D1669301514%26dest%3Dhttp%253A%252F%252Fdl.hackphoenix.com%252Ftk%252FTechnic_Launcher_64bit.zip&url_id=3614296597&t=99e17688dbccaa465a0df2cb0772a07d&w=e93a876fde2a527d6152e05e460bcf7e
172.67.150.219200 OK 82 B URL HTTP/1.1 neexulro.net/2market_bidshow.php?user_id=8284302&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&ref_url=eyJ1cmwiOm51bGwsImRvbWFpbiI6bnVsbH0%3D&url=https%3A%2F%2Fwww22.davisonbarker.pro%2Fpushredirect%2F%3Fnetwork%3D3%26site%3Dadfly%26ppi%3D8284302%26pci%3D3614296597%26t%3D1669301514%26dest%3Dhttp%253A%252F%252Fdl.hackphoenix.com%252Ftk%252FTechnic_Launcher_64bit.zip&url_id=3614296597&t=99e17688dbccaa465a0df2cb0772a07d&w=e93a876fde2a527d6152e05e460bcf7e
IP 172.67.150.219:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d597c22e79c772d1f89ed2602adb80ab
50c7c63c9269278ff7aba9b8c5b4810c3570df80
798215a625e276fde8e69c0a79401e406f59e1a30ad0e9113d880b9d566ae61c
GET /2market_bidshow.php?user_id=8284302&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&ref_url=eyJ1cmwiOm51bGwsImRvbWFpbiI6bnVsbH0%3D&url=https%3A%2F%2Fwww22.davisonbarker.pro%2Fpushredirect%2F%3Fnetwork%3D3%26site%3Dadfly%26ppi%3D8284302%26pci%3D3614296597%26t%3D1669301514%26dest%3Dhttp%253A%252F%252Fdl.hackphoenix.com%252Ftk%252FTechnic_Launcher_64bit.zip&url_id=3614296597&t=99e17688dbccaa465a0df2cb0772a07d&w=e93a876fde2a527d6152e05e460bcf7e HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: FLYSESSID=4ejck462qdnv1m0dif1eorm2p9; yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
set-cookie: adfly_ad_report=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
p3p: policyref="http://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2B%2BPFWZji7FsP%2BIAVRkPMgqBSPxLmqgLzxYdPZ9%2BH8QR8G%2FKotsL5YpZj8D5puf65aELrwKjgoBCqadTLkGKQzylticpEsNg0fWor2QErI0Hv0ESRJViPHxJka8tlRI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f2f7272f190b06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cd68ca69e11ea523173f643d774c0b8f
a2f89f2e07b69cafc41efa2bc4548a04c5b81d95
8094b372e49f5ab920ef260ab9706d07b3ee6ea036813ad6f332254a4a2a3e9c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8094B372E49F5AB920EF260AB9706D07B3EE6EA036813AD6F332254A4A2A3E9C"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5810
Expires: Thu, 24 Nov 2022 16:28:45 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
mantedtonisms.com/QjVIRUQjVysoeyMIKmMxMFl1YHYEEHoDIHNUey8md10iKz13RnxrJy5aPSEiMFomMWosUDxgdgRmGgAoNnodLioIUgYjICh0LwYVEBB6ByAKdywBDHtcAT1xFX8yF3QNcglgdgRlGXERIEIdBg4TfywnPgNPCxQWd2whEAkUTH1wJjVdEA4qLgEbdCM2fyYXHgpPeHUOJWwNCRATEHoHBhcNfg8tB3AdKHw6fg4HEQhffCIFFGAnHBwxRwwCIHJXDn0OG2EFIgVzBSUIPjJ8C3YvM2UdIggnbR5wFTVZOyEzNnwLdi84fAkIFCRiDnMIOk1/IQAEVwwSPHF2eGgjDlAcHGFwcxsEKwtRECkdBAYkMSYEDQIJLQdECikeMVEvfCIBbSB1IRRCAiADBAIQE3wleyEyCBRfDi0hO0YBIBwEWxAXfHpQECJiKEYnKzR/YBEzPQVMHgkCLlos
54.230.111.95200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/QjVIRUQjVysoeyMIKmMxMFl1YHYEEHoDIHNUey8md10iKz13RnxrJy5aPSEiMFomMWosUDxgdgRmGgAoNnodLioIUgYjICh0LwYVEBB6ByAKdywBDHtcAT1xFX8yF3QNcglgdgRlGXERIEIdBg4TfywnPgNPCxQWd2whEAkUTH1wJjVdEA4qLgEbdCM2fyYXHgpPeHUOJWwNCRATEHoHBhcNfg8tB3AdKHw6fg4HEQhffCIFFGAnHBwxRwwCIHJXDn0OG2EFIgVzBSUIPjJ8C3YvM2UdIggnbR5wFTVZOyEzNnwLdi84fAkIFCRiDnMIOk1/IQAEVwwSPHF2eGgjDlAcHGFwcxsEKwtRECkdBAYkMSYEDQIJLQdECikeMVEvfCIBbSB1IRRCAiADBAIQE3wleyEyCBRfDi0hO0YBIBwEWxAXfHpQECJiKEYnKzR/YBEzPQVMHgkCLlos
IP 54.230.111.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 2ae725ecc95e29c4654405b1a6f628f1
b19d6cf9f796e6d3039eec5e3b67f3c7852f717d
62b8225a28b54867d77890995ef03ac37bbc27ea1d79eff73d2965548f39e1ab
Analyzer Verdict Alert fortinet Phishing
GET /QjVIRUQjVysoeyMIKmMxMFl1YHYEEHoDIHNUey8md10iKz13RnxrJy5aPSEiMFomMWosUDxgdgRmGgAoNnodLioIUgYjICh0LwYVEBB6ByAKdywBDHtcAT1xFX8yF3QNcglgdgRlGXERIEIdBg4TfywnPgNPCxQWd2whEAkUTH1wJjVdEA4qLgEbdCM2fyYXHgpPeHUOJWwNCRATEHoHBhcNfg8tB3AdKHw6fg4HEQhffCIFFGAnHBwxRwwCIHJXDn0OG2EFIgVzBSUIPjJ8C3YvM2UdIggnbR5wFTVZOyEzNnwLdi84fAkIFCRiDnMIOk1/IQAEVwwSPHF2eGgjDlAcHGFwcxsEKwtRECkdBAYkMSYEDQIJLQdECikeMVEvfCIBbSB1IRRCAiADBAIQE3wleyEyCBRfDi0hO0YBIBwEWxAXfHpQECJiKEYnKzR/YBEzPQVMHgkCLlos HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1192
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:55 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fWmVei4WxBUt6Dl2lQsgkysbw7zP1sleWKxJV000lmOSJJ_IVzVOxQ==
engingsecondu.com/WDRkald3CwcZagoGXQcCD1BXMhE8RDIiFTtiVgYFPFhRDw0ObUIePjwJUlpjawJQTCcxUFlbcStABR4iKwlVTD42UgtXcS4JVURkbBpXWnluEhFXZn5AFAswZQVCGiMsWFlbYW4NV1pmbQVRWmRq
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/WDRkald3CwcZagoGXQcCD1BXMhE8RDIiFTtiVgYFPFhRDw0ObUIePjwJUlpjawJQTCcxUFlbcStABR4iKwlVTD42UgtXcS4JVURkbBpXWnluEhFXZn5AFAswZQVCGiMsWFlbYW4NV1pmbQVRWmRq
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WDRkald3CwcZagoGXQcCD1BXMhE8RDIiFTtiVgYFPFhRDw0ObUIePjwJUlpjawJQTCcxUFlbcStABR4iKwlVTD42UgtXcS4JVURkbBpXWnluEhFXZn5AFAswZQVCGiMsWFlbYW4NV1pmbQVRWmRq HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 14:51:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U85SwitLyEXgJ2shunLCsMWkTrjn4bX%2Bb5J0hsDbwfA912shtilU1GwCsYOvLksE2h%2BX%2BIScmW8zU0OCWUyrhPGe2WoCMit1UNj0xG2%2BnZruUi613bbGTz1TA9hQrCFmE7wJhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2f7277b410b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=Drz2rQZszzh8&top=neexulro.net&tid=709056
54.230.111.95204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=Drz2rQZszzh8&top=neexulro.net&tid=709056
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Drz2rQZszzh8&top=neexulro.net&tid=709056 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 14:51:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 14:52:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _u5dHxLtWngucKHuACyywVjY5FaepdwZY0PP7AwvQYHw9u0wdjbWCw==
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=I3KaWeKJwA61&top=neexulro.net&tid=604364
54.230.111.95204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=I3KaWeKJwA61&top=neexulro.net&tid=604364
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=I3KaWeKJwA61&top=neexulro.net&tid=604364 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 14:51:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 14:52:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fTOtNtFnCGjIFQKEDC7F6xwy5l0_TXjUqD9iLTVllvAuSRLhkzJxpg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5364
Expires: Thu, 24 Nov 2022 16:21:19 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
push.services.mozilla.com/
35.166.172.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.172.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yUNhLY9gRXbesfrF58Tyhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 10U8iO5vdNJRmliz0uGzYn25bfQ=
d1a3jb5hjny5s4.cloudfront.net/SREltOUknJgNfdjAgCQR+dHBdDH9iIx5WJzR0OGA/PQ4UbwUCJQJdbzAzCQR5YiUMVy55bwhXKnl4S1gtJnRZHz00JgYELTQ+BU86JiEEUm8xKFBUJj4gAVUoYXsrDGd0bF8JYTMgA10mMzpIC3kqPUgLeXV5QwlsdwtIC3kzIAMPfWF6Lxx7dDFbDWx3C0-gLeTY/SAoIdXlYF3ltbF8JLiEqBlZsdg9fCXh0eVwJeGF7XV8gNiwLVjFheysIeXFnXR88eXg
54.230.245.125200 OK 455 B URL HTTP/1.1 d1a3jb5hjny5s4.cloudfront.net/SREltOUknJgNfdjAgCQR+dHBdDH9iIx5WJzR0OGA/PQ4UbwUCJQJdbzAzCQR5YiUMVy55bwhXKnl4S1gtJnRZHz00JgYELTQ+BU86JiEEUm8xKFBUJj4gAVUoYXsrDGd0bF8JYTMgA10mMzpIC3kqPUgLeXV5QwlsdwtIC3kzIAMPfWF6Lxx7dDFbDWx3C0-gLeTY/SAoIdXlYF3ltbF8JLiEqBlZsdg9fCXh0eVwJeGF7XV8gNiwLVjFheysIeXFnXR88eXg
IP 54.230.245.125:0
File type ASCII text, with very long lines (596), with no line terminators
Hash 180269e591398a05d7563861e7e82d17
655a6e3ee389bf5077c63b5768492932fda7d9e5
90aa7c8f709226aa0dabff9a96b2c6685c3bc74c02912b4dd311ada494afb714
GET /SREltOUknJgNfdjAgCQR+dHBdDH9iIx5WJzR0OGA/PQ4UbwUCJQJdbzAzCQR5YiUMVy55bwhXKnl4S1gtJnRZHz00JgYELTQ+BU86JiEEUm8xKFBUJj4gAVUoYXsrDGd0bF8JYTMgA10mMzpIC3kqPUgLeXV5QwlsdwtIC3kzIAMPfWF6Lxx7dDFbDWx3C0-gLeTY/SAoIdXlYF3ltbF8JLiEqBlZsdg9fCXh0eVwJeGF7XV8gNiwLVjFheysIeXFnXR88eXg HTTP/1.1
Host: d1a3jb5hjny5s4.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 455
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:55 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yEMZCpSOzn5hsEGsfr0r7OJSSmNG9jc25nAlGCcxgtiOND10xRT0Pw==
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8e84c7b429830df22931bfa43af0da4f
5ae486a89d22c4524681768cda152f35c898f9ad
951346e5ca7a488a04b2a123f2f3f081638a358f41592f691741855b5f823879
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "951346E5CA7A488A04B2A123F2F3F081638A358F41592F691741855B5F823879"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2265
Expires: Thu, 24 Nov 2022 15:29:40 GMT
Date: Thu, 24 Nov 2022 14:51:55 GMT
Connection: keep-alive
d3flai6f7brtcx.cloudfront.net/pOTNFRDdaXCsiCE1aIXkBCQd2cgMfWTYrWUkOAnxbfF8PdXh0ZmMwTV0OdWJbWF0ieRFcXSZ5Bh9SISYKDRUxNFhSDj00WU1ZKjNdV19jMVYEXio+XlVfJGEFfwZrdBILA20zXldXKjNEHAF1KkMcAXV1BxcDYHd1HAF1M15XBXFhBHsWd3RPDwdgd3UcAX-U2QRwABHUHDB11bRILAyIhVFJcYHZxCwN0dAcIA3RhBQlVLDZSX1w9YQV/AnVxGQkVMHkG
54.230.245.166200 OK 516 B URL HTTP/1.1 d3flai6f7brtcx.cloudfront.net/pOTNFRDdaXCsiCE1aIXkBCQd2cgMfWTYrWUkOAnxbfF8PdXh0ZmMwTV0OdWJbWF0ieRFcXSZ5Bh9SISYKDRUxNFhSDj00WU1ZKjNdV19jMVYEXio+XlVfJGEFfwZrdBILA20zXldXKjNEHAF1KkMcAXV1BxcDYHd1HAF1M15XBXFhBHsWd3RPDwdgd3UcAX-U2QRwABHUHDB11bRILAyIhVFJcYHZxCwN0dAcIA3RhBQlVLDZSX1w9YQV/AnVxGQkVMHkG
IP 54.230.245.166:0
File type ASCII text, with very long lines (718), with no line terminators
Hash fd1b8679efe1e1658ceadf898741f9d1
4b71914a454a131efaa45b6f1d0b5f0ad47cf8cd
5e5fa6209f18ce4639642c04f4ae738fa0c12e5ce330fb8292ca0ec55411c011
GET /pOTNFRDdaXCsiCE1aIXkBCQd2cgMfWTYrWUkOAnxbfF8PdXh0ZmMwTV0OdWJbWF0ieRFcXSZ5Bh9SISYKDRUxNFhSDj00WU1ZKjNdV19jMVYEXio+XlVfJGEFfwZrdBILA20zXldXKjNEHAF1KkMcAXV1BxcDYHd1HAF1M15XBXFhBHsWd3RPDwdgd3UcAX-U2QRwABHUHDB11bRILAyIhVFJcYHZxCwN0dAcIA3RhBQlVLDZSX1w9YQV/AnVxGQkVMHkG HTTP/1.1
Host: d3flai6f7brtcx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 516
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:55 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -tgIm0SrW0mKhbCxEX5mLgnwZKg3Kcd5rYWf5ZQ4QpoWtlBex9ib_Q==
cdn.neexulro.net/static/image/favicon.ico
104.21.0.99200 OK 766 B URL HTTP/1.1 cdn.neexulro.net/static/image/favicon.ico
IP 104.21.0.99:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 1e28765e56393f673da97ce5913cdf10
8af9d66ac98f4689ba1d04acbd17df40dd83dbde
30aa2a7dd1b96d852108bf4f4213b0d749ae2faedd112f0c03006209e5e6c98a
GET /static/image/favicon.ico HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 14:02:28 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: W/"47e-5faa60e6-15b72dd35dac079e;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 2967
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WjKJWc1ZQuWalxNl3I7%2FVFR5zHjMopBHcuiGGtXce9gZ6gWCeIMjWUuI%2BroKo2KUT%2FLTLT%2Bl7cC6xCE00VrD20LWtYc4Amm2b3s3SZ%2FcfEj5kzJ%2Fs1nkib9S5RXLv5QZV%2B5Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f729c97b1c06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.google-analytics.com/ga.js
142.250.74.174200 OK 17 kB URL HTTP/1.1 www.google-analytics.com/ga.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 24 Nov 2022 13:05:57 GMT
Expires: Thu, 24 Nov 2022 15:05:57 GMT
Cache-Control: public, max-age=7200
Age: 6358
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
adf.ly/static/other/main.html
104.20.66.244200 OK 2.4 kB URL HTTP/1.1 adf.ly/static/other/main.html
IP 104.20.66.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (418)
Hash b20a86b2e91f51d2f7a19eada1de2f51
c240e9c813f8f93d3db499df1cc88984e873e418
44311176f257c7180a0fdc5491f021623ce7a0404369e883e8a6feb1e8d3469e
GET /static/other/main.html HTTP/1.1
Host: adf.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:51:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Fri, 02 Sep 2022 14:31:48 GMT
etag: "1ddf-631213d4-ef3ca68773a05f57;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f2f7294d57b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash 18e7166a00aeb887d93a92c71fb2fec2
698f4c06f5081c3b0fff034388166485d1ec89e7
4d4bd31097df4c0c8850d800cc41615d6ce439ba21b67785f68aa5f7e667247e
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://neexulro.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6495
last-modified: Thu, 24 Nov 2022 13:03:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GgKTrn20IxO0jOOW%2BHvqhtlXDN%2F8oVNgqDbkrW91LBB38vuQalWUTbbMvDxUNu%2Fd0qYBJvOUpZMA8RNMsL052HE%2BzCef8g0v582jvt0zuELeFSbKPajyEvI%2Bbb%2F323br"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f2f727fc7376cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1328
Cache-Control: max-age=86085
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 14:46:40 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1281593371&utmhn=neexulro.net&utme=8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301515537&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=934888917&utmredir=1&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.174302 Found 368 B URL HTTP/1.1 www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1281593371&utmhn=neexulro.net&utme=8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301515537&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=934888917&utmredir=1&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 384f3edd9b3ce9747f8f9b7be38a7f62
23e4695acd7d7a2b5853816722d62691b6c36248
10ca44d5e814f8944b6ef39c92e6bbfa3d95b065c289050fa60424422b3cc133
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1281593371&utmhn=neexulro.net&utme=8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301515537&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=934888917&utmredir=1&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 302 Found
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6469700-9&cid=975971684.1669301516&jid=934888917&_v=5.7.2&z=1281593371
Access-Control-Allow-Origin: *
Date: Thu, 24 Nov 2022 14:51:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 368
mantedtonisms.com/multi?cs=b0drRkNdfl9%2Bdlx%2FUnByXHFcdXA&abt=0&red=1&sm=76&k=shrink%20your%20urls%20paid&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&fs=1&ref=http%3A%2F%2Fneexulro.net%2F-1%2F1GcS0a&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_K2c7=1669301515102&crc=1
54.230.111.95200 OK 1.6 kB URL HTTP/2 mantedtonisms.com/multi?cs=b0drRkNdfl9%2Bdlx%2FUnByXHFcdXA&abt=0&red=1&sm=76&k=shrink%20your%20urls%20paid&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&fs=1&ref=http%3A%2F%2Fneexulro.net%2F-1%2F1GcS0a&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_K2c7=1669301515102&crc=1
IP 54.230.111.95:0
File type ASCII text, with very long lines (3246), with no line terminators
Hash d918517704a41d71a725ea725714015b
ecd6962794cc17c864e9a74be454805861bc9ede
5613bf9574df4459c2087f27c33e58dc6fe7e4ce2a520cccda4d7a60f06daa60
GET /multi?cs=b0drRkNdfl9%2Bdlx%2FUnByXHFcdXA&abt=0&red=1&sm=76&k=shrink%20your%20urls%20paid&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&fs=1&ref=http%3A%2F%2Fneexulro.net%2F-1%2F1GcS0a&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_K2c7=1669301515102&crc=1 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1575
date: Thu, 24 Nov 2022 14:51:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e0164fa4-3010-463f-9bac-5900cc2cb07c
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MEM7yazBKI2x7ey2u7BAXOWLH2uPlPcX6XHV2CwEKlqq1L9L78BltA==
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=xPam9PRGaiv9&top=neexulro.net&tid=709056
54.230.111.95204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=xPam9PRGaiv9&top=neexulro.net&tid=709056
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=xPam9PRGaiv9&top=neexulro.net&tid=709056 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 14:51:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 14:52:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1Tj64J4HqZR-lFjHzFpWDOJB6EJV44A5L639GKaxRXgc1SS0FkThhQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 7125bde99424dc6a75927839c7ed1f6a
ca773cc37a98dfec9a822ddb4c674e305df842b9
3dd03dcd3f2ada4c0da8bf4341a5c4b902196020a2fb0060faf49c01e3c2ccad
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 14:51:55 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-66355948%3A1669301515905695&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu9sB61Z1bRYbNR8tT-A2rDQd9KKIoq_GKT2EvLKKWU_28Q1IR8praryCnZZ05A_i-eV-_hHw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-UWOu8KkFzZoaeH8eopxoIA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:NiBq2bEaHuwTsDUDCbeLtazOWTBvfg:C5ME3NAvtMH-CLLJ;Path=/;Expires=Sat, 23-Nov-2024 14:51:55 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cdd94f6b8094257bc8b01f8a7359ada7
f87e1e7b10d7cdd1fcd5548a3afe2659c51ed00c
dc6c76b00b5eb8c0e7cd7b66bf297781fc283797f542e80ef97eb381e9f20515
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Last-Modified: Thu, 24 Nov 2022 13:18:19 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
pogothere.xyz/
172.64.172.27200 OK 308 B IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 6b4602b9a26a77dbae090025ff14a379
2b9bc856d616b81736ecb27284d2da50f2892818
1575bf86f40db45f009adf470abac8ab1b0747319b0009c6ae4bdf2361fd73a0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: text/plain
set-cookie: csu=350150278006236@1@1669301515; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://neexulro.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wC1173c2Gl67VmzRbSVVOMSSsbLrOTv0ABLnXbZdSWfc066YcfmZ3Am4DlimxTr9TbL17ThjBYja%2FRdHm%2F5ak0VApY6YldK%2FQ0s9Hpx81zxz8L%2F9Hd%2BY95w5%2F2yztcO5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2f727fc7c76cb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash b9c630050aac12fb84335399f7acf3c2
4882f5c71be32a386cf212f57e85902eeeb9eedd
f8826d52a0ed50c0773ba5a1b455a290c92db6ac18a2449bd478fd14cdb3570d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 14:51:55 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S856243082%3A1669301515916860&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsWpaQCendOfyDNprTJdcGQ-Z2ZqLTzs-HOi_W3xu-l7IQ5ZJPHx6ZtLSnsdDb32SXwy6ombw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-7l9u_AaVgn3ML1jHY1W7Fg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:KgHLsYQ1d3n4IZtkqpTAq-bE_--Cxw:pvI39ECz4FRepRcm;Path=/;Expires=Sat, 23-Nov-2024 14:51:55 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cdd94f6b8094257bc8b01f8a7359ada7
f87e1e7b10d7cdd1fcd5548a3afe2659c51ed00c
dc6c76b00b5eb8c0e7cd7b66bf297781fc283797f542e80ef97eb381e9f20515
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Etag: "637e4970-117"
Last-Modified: Thu, 24 Nov 2022 14:07:38 GMT
Server: ECS (amb/6BBB)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cdd94f6b8094257bc8b01f8a7359ada7
f87e1e7b10d7cdd1fcd5548a3afe2659c51ed00c
dc6c76b00b5eb8c0e7cd7b66bf297781fc283797f542e80ef97eb381e9f20515
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Last-Modified: Thu, 24 Nov 2022 14:07:38 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6469700-9&cid=975971684.1669301516&jid=934888917&_v=5.7.2&z=1281593371
142.251.1.154200 OK 35 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6469700-9&cid=975971684.1669301516&jid=934888917&_v=5.7.2&z=1281593371
IP 142.251.1.154:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6469700-9&cid=975971684.1669301516&jid=934888917&_v=5.7.2&z=1281593371 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 24 Nov 2022 14:51:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.neexulro.net/static/image/apple-touch-icon.png
104.21.0.99403 Forbidden 436 B URL HTTP/1.1 cdn.neexulro.net/static/image/apple-touch-icon.png
IP 104.21.0.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash b112c984fdf3ae98cbf4bc84066cf619
e68cf1400ca02fc1b472c6f3a2cbb9c2234073c5
233729c945d3c6dc5a81cbf30abedd598a9927d141eda2e369aecd13a790938a
GET /static/image/apple-touch-icon.png HTTP/1.1
Host: cdn.neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Cookie: yp1=d6d3afbab59b819343f48548849260a7; yp2=530aaadfbd2c81e5bb513d9e6446395b; yp3=1532635802
HTTP/1.1 403 Forbidden
Date: Thu, 24 Nov 2022 14:51:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lwmM48iWvBWjU%2BJ1e8fTXAkZLBkPF8ERYxBiQ6uI70CXUAYhMBnNiJtYnxyJV%2FsdtvU0InTpzjcH1gpzXYwc4PjHWCMnR0wpbDTYV7f4Jd9Klx0ezxQ44q%2Bx%2FPVrWQIJs29"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2f729cc6db4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1329
Cache-Control: max-age=86085
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:56 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 14:46:41 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.39200 OK 50 kB URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.39:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash a734c905be88d2a4362f166e25c631d1
b13dacaf856d4aa041dae989423bf6ded1ac8c13
3bc28aaacf4405b565b43f87404c82f6da51d3b9666a333e62e9243e86661a12
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adf.ly/
HTTP/1.1 200 OK
Content-Length: 50128
Connection: keep-alive
Date: Thu, 24 Nov 2022 14:51:56 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fVSu_RT1USxfrjlnuJuTG6dHBNUBDOrMWObd29kvBHH5Ib_eUwrLcw==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:51:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fx19ltd.adfly&width=100&fb_source=homestatic&layout=standard&colorscheme=light&action=like&show_faces=true&share=true&height=80&appId=399141353502152
157.240.200.35301 Moved Permanently 0 B URL HTTP/1.1 www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fx19ltd.adfly&width=100&fb_source=homestatic&layout=standard&colorscheme=light&action=like&show_faces=true&share=true&height=80&appId=399141353502152
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fx19ltd.adfly&width=100&fb_source=homestatic&layout=standard&colorscheme=light&action=like&show_faces=true&share=true&height=80&appId=399141353502152 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adf.ly/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fx19ltd.adfly&width=100&fb_source=homestatic&layout=standard&colorscheme=light&action=like&show_faces=true&share=true&height=80&appId=399141353502152
Content-Type: text/plain
Server: proxygen-bolt
Date: Thu, 24 Nov 2022 14:51:56 GMT
Connection: keep-alive
Content-Length: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 14:51:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 14:51:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 27470
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8rbsN9OVJmneT9ov-Q7V4RB8DP5UWhhn-7cnukHiBpl06zmMM0zJTg==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
age: 60877
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 27395
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ve4q5FDkwMGhPK6ZVVVCZtoBTaGaz43r_PwINzwS5Nx5tcZeQkVIfw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:47 GMT
age: 61330
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 61491
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:03:54 GMT
age: 60483
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=1512424111&utmhn=neexulro.net&utmt=event&utme=5(Ad*Paid*Success)(3)8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301520023&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=6QAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.174200 OK 35 B URL HTTP/1.1 www.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=1512424111&utmhn=neexulro.net&utmt=event&utme=5(Ad*Paid*Success)(3)8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301520023&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=6QAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.174:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /__utm.gif?utmwv=5.7.2&utms=2&utmn=1512424111&utmhn=neexulro.net&utmt=event&utme=5(Ad*Paid*Success)(3)8(User)9(8284302)&utmcs=UTF-8&utmsr=1280x1024&utmvp=1280x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shrink%20your%20URLs%20and%20get%20paid!&utmhid=1197363272&utmr=-&utmp=%2F-1%2F1GcS0a&utmht=1669301520023&utmac=UA-6469700-9&utmcc=__utma%3D218196230.975971684.1669301516.1669301516.1669301516.1%3B%2B__utmz%3D218196230.1669301516.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=6QAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 23 Nov 2022 22:56:36 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 57324
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
accounts.google.com/v3/signin/identifier?dsh=S856243082%3A1669301515916860&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsWpaQCendOfyDNprTJdcGQ-Z2ZqLTzs-HOi_W3xu-l7IQ5ZJPHx6ZtLSnsdDb32SXwy6ombw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S856243082%3A1669301515916860&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsWpaQCendOfyDNprTJdcGQ-Z2ZqLTzs-HOi_W3xu-l7IQ5ZJPHx6ZtLSnsdDb32SXwy6ombw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S856243082%3A1669301515916860&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsWpaQCendOfyDNprTJdcGQ-Z2ZqLTzs-HOi_W3xu-l7IQ5ZJPHx6ZtLSnsdDb32SXwy6ombw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 14:51:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-eHzPO05ixp9C-k2PwLD_5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.adf.ly/static/css/jquery.loadmask.css
104.20.66.244200 OK 0 B URL HTTP/2 cdn.adf.ly/static/css/jquery.loadmask.css
IP 104.20.66.244:0
GET /static/css/jquery.loadmask.css HTTP/1.1
Host: cdn.adf.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adf.ly/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=850
cache-control: public, max-age=604800
etag: W/"352-5faa60e6-ed1d36b7b05a6c35;gz"
expires: Thu, 01 Dec 2022 14:01:57 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2998
server: cloudflare
cf-ray: 76f2f72aa9f1b524-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://neexulro.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6495
last-modified: Thu, 24 Nov 2022 13:03:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bi6VgiIHte4PD810jMM%2FL%2FJ33QyiNWuYKGmeYog3%2F5nCnFQfVZnngSTny8yt3wFxB1bCWfruNh8AuDLA2kgH3O7aM4wh1pSDZk6baBikgcaGHIl03%2Be%2Fi9UUatGjM4Mq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f2f727fc7a76cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
neexulro.net/funcript1669301515018.php?pub=8284302&v=jMg40oMjzIAkyVLnCIJs2IICjMouyULDCMJxj8aCyeIv6ZdWHZJy1lZmSRwgiEcDGMFx0AIDjMox0AMjiMwvi8Y2maljuVZ2ERVgskZCWM1ulUbDnMQxioOjidJyzBay2Ol0wYXD2eJg1sMDnNR204bW2a4XiBLyCOJwo4YCXMNxoAICjVoOiBOyTcA3y9OGWZNullM2jVEoxAOCTMVumUMzmLIhxxMGmbZpmpY3TbUNxJYijOAi5QNnGbIl2dNWTYcyzVZ2DcY1iJfyQe==
172.67.150.219200 OK 0 B URL HTTP/2 neexulro.net/funcript1669301515018.php?pub=8284302&v=jMg40oMjzIAkyVLnCIJs2IICjMouyULDCMJxj8aCyeIv6ZdWHZJy1lZmSRwgiEcDGMFx0AIDjMox0AMjiMwvi8Y2maljuVZ2ERVgskZCWM1ulUbDnMQxioOjidJyzBay2Ol0wYXD2eJg1sMDnNR204bW2a4XiBLyCOJwo4YCXMNxoAICjVoOiBOyTcA3y9OGWZNullM2jVEoxAOCTMVumUMzmLIhxxMGmbZpmpY3TbUNxJYijOAi5QNnGbIl2dNWTYcyzVZ2DcY1iJfyQe==
IP 172.67.150.219:0
GET /funcript1669301515018.php?pub=8284302&v=jMg40oMjzIAkyVLnCIJs2IICjMouyULDCMJxj8aCyeIv6ZdWHZJy1lZmSRwgiEcDGMFx0AIDjMox0AMjiMwvi8Y2maljuVZ2ERVgskZCWM1ulUbDnMQxioOjidJyzBay2Ol0wYXD2eJg1sMDnNR204bW2a4XiBLyCOJwo4YCXMNxoAICjVoOiBOyTcA3y9OGWZNullM2jVEoxAOCTMVumUMzmLIhxxMGmbZpmpY3TbUNxJYijOAi5QNnGbIl2dNWTYcyzVZ2DcY1iJfyQe== HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/-1/1GcS0a
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aykm5stLxLlXG%2BddNAlBMEeEckwpRbrzcx7BTIXWMDg%2BcNVdjPemhwR0EFC51CRyfALgBOwDI%2B6SCV%2BSd5ZHha310swfYR%2FlMmNa%2B10JyxCuuALGamy6w2sVDGFXo%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2f727b97bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.adf.ly/static/css/core_default.css
104.20.66.244200 OK 0 B URL HTTP/2 cdn.adf.ly/static/css/core_default.css
IP 104.20.66.244:0
GET /static/css/core_default.css HTTP/1.1
Host: cdn.adf.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adf.ly/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=41418
cache-control: public, max-age=604800
etag: W/"a1ca-5faa60e6-43aa68c40fef0c2b;gz"
expires: Thu, 01 Dec 2022 14:06:17 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2738
server: cloudflare
cf-ray: 76f2f72aa9efb524-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-66355948%3A1669301515905695&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu9sB61Z1bRYbNR8tT-A2rDQd9KKIoq_GKT2EvLKKWU_28Q1IR8praryCnZZ05A_i-eV-_hHw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-66355948%3A1669301515905695&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu9sB61Z1bRYbNR8tT-A2rDQd9KKIoq_GKT2EvLKKWU_28Q1IR8praryCnZZ05A_i-eV-_hHw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-66355948%3A1669301515905695&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu9sB61Z1bRYbNR8tT-A2rDQd9KKIoq_GKT2EvLKKWU_28Q1IR8praryCnZZ05A_i-eV-_hHw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 14:51:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-r8jyRDyuRJcfxqr5NFFaXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css
104.20.66.244200 OK 0 B URL HTTP/2 cdn.adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css
IP 104.20.66.244:0
GET /static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css HTTP/1.1
Host: cdn.adf.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adf.ly/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:51:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=25476
cache-control: public, max-age=604800
etag: W/"6384-5faa60e6-2ce8da3c9d76af49;gz"
expires: Thu, 01 Dec 2022 14:01:57 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2998
server: cloudflare
cf-ray: 76f2f72aba00b524-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 3N3zqTs3VSUzKTXM4+xXdOiJTSJ7BDTAp0T4n1Zw2BAoS2k8uDph3ajQel3VVX2Z0C9L0B3XoUNxZZoUmMKDgg==
date: Thu, 24 Nov 2022 14:51:55 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2