staging.camersoftware.com/
82.165.73.164301 Moved Permanently 162 B URL HTTP/1.1 staging.camersoftware.com/
IP 82.165.73.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 12 Mar 2023 15:14:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://staging.camersoftware.com/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6253
Expires: Sun, 12 Mar 2023 16:58:59 GMT
Date: Sun, 12 Mar 2023 15:14:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6251
Expires: Sun, 12 Mar 2023 16:58:57 GMT
Date: Sun, 12 Mar 2023 15:14:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 12 Mar 2023 15:13:59 GMT
content-type: application/json
age: 47
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1a564ae484daef6a82bb08116ad794eb
f75350abf28a42c16324901035889a1f3af700a1
225214187df3f50835a8aafcc4555fe47cf0b78938b71d34fb422942292b153b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225214187DF3F50835A8AAFCC4555FE47CF0B78938B71D34FB422942292B153B"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14637
Expires: Sun, 12 Mar 2023 19:18:43 GMT
Date: Sun, 12 Mar 2023 15:14:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: b8d8OiqyIggKBHrPrnSjmU9anZMaNzaUYOnN9gFrXzH2dBanznyAe8tiKHhQGaCAryJWgoS/xbg=
x-amz-request-id: 6QYHWC0HETRVY9B1
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 12 Mar 2023 14:46:00 GMT
age: 1726
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e310cb3fe9de5118111c14fecc3b087b
824638670908839ba3dca015e37c90e17a27feca
50d2b46d9400621c1ceaa3015cf948fb818badbe0c81814bac0f39a1b4490200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D2B46D9400621C1CEAA3015CF948FB818BADBE0C81814BAC0F39A1B4490200"
Last-Modified: Sat, 11 Mar 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21533
Expires: Sun, 12 Mar 2023 21:13:39 GMT
Date: Sun, 12 Mar 2023 15:14:46 GMT
Connection: keep-alive
staging.camersoftware.com/wp-content/maintenance/assets/images/facebook.svg
82.165.73.164200 OK 424 B URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/images/facebook.svg
IP 82.165.73.164:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (424), with no line terminators
Hash dc3714e15ee2485e02683e0bf0793907
138013642372d3647a473b9dc6b6742262264646
fd7d36f12699b359c97d46c3215c20acd013d32c46577d25a7e8370ac9d09137
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/maintenance/assets/images/facebook.svg HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: image/svg+xml
content-length: 424
x-accel-version: 0.01
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "1a8-5f31e9b10eb2b"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
staging.camersoftware.com/
82.165.73.164503 Service Unavailable 2.9 kB URL HTTP/2 staging.camersoftware.com/
IP 82.165.73.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (952)
Hash 847f6e303be371720e41ee2868a9eba4
6717cbfc4317b87a61a30fffef30480cdb22a4aa
7e6d7cb63e83a95bf328ebc37c0eb24a6b815741aae6d44e8597f08247e8660e
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 503 Service Unavailable
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/7.3.33
retry-after: 600
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/plesk-logo.png
82.165.73.164200 OK 3.9 kB URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/images/plesk-logo.png
IP 82.165.73.164:0
File type PNG image data, 133 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash d797b691c4cae7787433d824b966e3c5
307084c1d2da5aa21f0c0873aacf09f684304e86
89cfb5e2bc5d24ca9c3bf9b279aca5b0c225b785efaaee16af6e483b76dab73f
GET /wp-content/maintenance/assets/images/plesk-logo.png HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: image/png
content-length: 3894
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "63d1b4ab-f36"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 12 Mar 2023 15:06:47 GMT
age: 480
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9447
Expires: Sun, 12 Mar 2023 17:52:14 GMT
Date: Sun, 12 Mar 2023 15:14:47 GMT
Connection: keep-alive
new.weatherplllatform.com/pick.js?v=7.77.3
194.135.30.42200 OK 689 B URL HTTP/2 new.weatherplllatform.com/pick.js?v=7.77.3
IP 194.135.30.42:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (1529), with no line terminators
Hash 4155ee2aeda036a7db96986ed8567463
3b9091b7fa1268ee548741e23539984adc44a47f
3db23fb0511f34e3654d3546626ff6659ffa7c312a30fb02efeb9d744cf77ea6
Analyzer Verdict Alert fortinet Malware
GET /pick.js?v=7.77.3 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 689
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/fonts/open-sans-300.woff2
82.165.73.164200 OK 63 kB URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/fonts/open-sans-300.woff2
IP 82.165.73.164:0
File type Web Open Font Format (Version 2), TrueType, length 63180, version 1.6554\012- data
Hash ea284cc760cad1896d4c917f1e546210
6c7717f61df483598f42fce74f4d743b282b008b
19edd2b018063320559188548b225aa63914bbc90fb756bc26872db1669e89f0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/maintenance/assets/fonts/open-sans-300.woff2 HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://staging.camersoftware.com/wp-content/maintenance/assets/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:47 GMT
content-type: font/woff2
content-length: 63180
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "63d1b4ab-f6cc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/Camer_Software_bg.jpeg
82.165.73.164200 OK 187 kB URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/images/Camer_Software_bg.jpeg
IP 82.165.73.164:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x854, components 3\012- data
Size 187 kB (186747 bytes)
Hash 82a425afeb306c463cbd8e7befd0ea73
0d0a6531f4f107899f3fe04fdc4cf38ffbc946de
240f7dcbc6942d2bfc6df8b091293380cb11f3948eec5b5a32f3e58237592797
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/maintenance/assets/images/Camer_Software_bg.jpeg HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/wp-content/maintenance/assets/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:47 GMT
content-type: image/jpeg
content-length: 186747
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "63d1b4ab-2d97b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.83.22.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.22.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FH1OZr3yj5eRKRuZVonhSg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NJA8OME72Y2xXbmfZhI4u7eoQXY=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 07ef0ceea84445ed6ea91e6a8013227f
28be7c2dd7778177c92f0ab36e230381883ba723
b0e6892714b2918a8fe6c64b48ebb71d6b7b13d63b28f39e762f6140c985276b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0E6892714B2918A8FE6C64B48EBB71D6B7B13D63B28F39E762F6140C985276B"
Last-Modified: Sat, 11 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13492
Expires: Sun, 12 Mar 2023 18:59:39 GMT
Date: Sun, 12 Mar 2023 15:14:47 GMT
Connection: keep-alive
staging.camersoftware.com/wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png
82.165.73.164200 OK 1.1 kB URL HTTP/2 staging.camersoftware.com/wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png
IP 82.165.73.164:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 2ee1744cff15b973568d9a9cdeb522b0
2dbc8bfc37ab6b803a638c4f2cf9d56fb1280683
35990b0e367d9c9a28b1b30726a5e5a08764a8a9a20d8fe7cc73016a1c571c44
GET /wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:47 GMT
content-type: image/png
content-length: 1093
last-modified: Wed, 25 Jan 2023 23:01:32 GMT
etag: "63d1b4cc-445"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
back.firstblackphase.com/mbRB96
162.55.76.206200 OK 851 B URL HTTP/1.1 back.firstblackphase.com/mbRB96
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2003), with no line terminators
Hash 2615b36507259920be0c13ac25457013
ea1137c5b0deda5000d40c065cc413120ea8c73b
18e3958c974b7635664dd2ff8b91681eece2b157c7767b9dadc3e32bfe624cc9
GET /mbRB96 HTTP/1.1
Host: back.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Mar 2023 15:14:47 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 851
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa1erjl; expires=Wed, 12 Apr 2023 15:14:47 GMT; path=/
381c9=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNjc4NjM0MDg3fSxcImNhbXBhaWduc1wiOntcIjFcIjoxNjc4NjM0MDg3fSxcInRpbWVcIjoxNjc4NjM0MDg3fSJ9.42rPSTjbWpJfgDmbvyRMNu43wW2nnDGo0DY8qLpOnY0; expires=Thu, 21 May 2076 14:29:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3203010f1702162d1a178f8b6e370cd5
c095fd36e630dd2141ad1c05429cac17ed5c466e
9617dae57e9784d7bc29b93db5977ea5f7bd8f19b2dfd2a128f61d20e3a409ee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9617DAE57E9784D7BC29B93DB5977EA5F7BD8F19B2DFD2A128F61D20E3A409EE"
Last-Modified: Sat, 11 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15486
Expires: Sun, 12 Mar 2023 19:32:54 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
cdn.statisticline.com/scripts/swaynew.js
162.55.76.206200 OK 2.0 kB URL HTTP/1.1 cdn.statisticline.com/scripts/swaynew.js
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (5714), with no line terminators
Hash dfa1e9995cc351323bdb382fbb2ea8e7
556752c25715d7dc47eb3181633479c60d6acea5
06a95f2607643bc2f6f9e6ff2575ad3e094352370b7392d34524d3c46c0a3251
GET /scripts/swaynew.js HTTP/1.1
Host: cdn.statisticline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Mar 2023 15:14:48 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 Mar 2023 11:33:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"640c66fb-1652"
Expires: Wed, 22 Mar 2023 15:14:48 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3606
Expires: Sun, 12 Mar 2023 16:14:54 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3606
Expires: Sun, 12 Mar 2023 16:14:54 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e5516df1d2dbd31fe75cea73d8738dee
228b67c298539e104a99f3eed1ce5ee407e14ec7
28d17cad1855d83db522f487ea44c6ad8090885f5714c8f3f4431dbd6ce3e30b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28D17CAD1855D83DB522F487EA44C6AD8090885F5714C8F3F4431DBD6CE3E30B"
Last-Modified: Sat, 11 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Sun, 12 Mar 2023 18:46:44 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3606
Expires: Sun, 12 Mar 2023 16:14:54 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3606
Expires: Sun, 12 Mar 2023 16:14:54 GMT
Date: Sun, 12 Mar 2023 15:14:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56954902055f7b634773a3cf27cec213
c08733caed5383a2790e0760a889a6e545753105
16aa87074a92c80776c901da479e182fff8e81600d0a026b1e8c2ca38033b4fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11176
x-amzn-requestid: 8f3332e2-954e-4c35-96c9-390e257f5451
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BosvyFdeIAMF3MA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cb-3869435d54341ff376a91d06;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: JdyxGvD16BjZNkG6J1b5pDwb4kJcyDZBDJAPi793Hxf3tP3VPm6Izw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:01:01 GMT
age: 62027
etag: "c08733caed5383a2790e0760a889a6e545753105"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2aa4702768ef600fa142d8c3c743b98f
76b13f7b79c4aa480f200fccfb560ab53ecd5bb9
4b1b434fe5cf4433f64c8db09c23e5e277376340b02d5d5525240e945c7fc566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7769d88f-5b32-4bd3-9075-31a91dd2c80f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4401
x-amzn-requestid: 6f371237-3ff4-4203-a494-3681af1f7e6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BjaoCFtRoAMFp0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ad7cc-7d39790a70491a7552a5967d;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 07:10:04 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: YG-NKd9EMHuwSpE2Wxegff2Dqx_16JWrzqnI5KCEaTq0IVq9ey35Pw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 07:18:51 GMT
age: 28557
etag: "76b13f7b79c4aa480f200fccfb560ab53ecd5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6a4d6ee7d459e2a9b742d0dbca932998
eada4a4de40e5035173bb18ee51aacd624b8b169
2e6eef4f452ef3700d4c9d06e8c3bf8999e077e24c332ab4670edd0884839d38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6053
x-amzn-requestid: 5f306311-ac84-4ce2-b9c2-6af31c110062
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosb-FD5oAMFwJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf44c-61fea28e45516fad0d30cf65;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: gE_WoxZmuEc9mzbWmh3tMo_UshbjeTGIdbA8xew7ZB44sigj9fR3cw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:09:20 GMT
age: 61528
etag: "eada4a4de40e5035173bb18ee51aacd624b8b169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26033b42139d27c847cf9881a17e0332
b196fbef36c2a5242abfc5d7115f1efd39499453
028dd1c86eaab6b991ad3dcb7fda21cdcfe8f9b22155c6bcb9363fbe379096ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4512
x-amzn-requestid: e9ba0dc3-3e1a-4ff5-8d0d-57386ced2fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotIeGZ-IAMFmBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf569-1a45fa73148fb01f3822ee29;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:40:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: wkfdSY68kDN6OsZ-rUHVYuqwBOHFh2lupX6GUYdmi25d3Ae2CEl6vw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:40:57 GMT
age: 63231
etag: "b196fbef36c2a5242abfc5d7115f1efd39499453"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:25 GMT
age: 63143
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fd5c28821c8bf2d62d0c4332f06bd71
6e2c08457854437b2b851340277d31439e5ab470
86725a37e80a10c5b0b52a10e498225d97565752ec25303cb159a34386a49523
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: b556bc0e-9cf5-4062-9df4-0ccee00cbab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoswFH5soAMF2SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cd-0ba8e60549c78f9d3b720a20;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: NkwWf1xpGvLrLBG0HbYXV5VH69eG_pxwZtI2-Kp_pilWEmUywXihGQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:15:44 GMT
etag: "6e2c08457854437b2b851340277d31439e5ab470"
content-type: image/jpeg
age: 61144
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
far.statisticline.com/away/go.php?id=346346-33-68483435
162.55.76.206302 Found 0 B URL HTTP/1.1 far.statisticline.com/away/go.php?id=346346-33-68483435
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /away/go.php?id=346346-33-68483435 HTTP/1.1
Host: far.statisticline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 12 Mar 2023 15:14:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=217
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb61ff2469fdf4ffc6f7f99c9277d1f8
b87e2deea6ca0122c7d65587f58dc3a348038cb7
8ddf47dcdf42f8f5e461603956331ee8591718673947a792aeae71babc152541
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8DDF47DCDF42F8F5E461603956331EE8591718673947A792AEAE71BABC152541"
Last-Modified: Sat, 11 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5810
Expires: Sun, 12 Mar 2023 16:51:39 GMT
Date: Sun, 12 Mar 2023 15:14:49 GMT
Connection: keep-alive
come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=217
162.55.76.206200 OK 470 B URL HTTP/1.1 come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=217
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash e3f7bff77ddf1989115f24d8fddfeed9
35fa135c85644d4bff34f5308e427f33e66b1e2e
86dd8d5b2c9ce662c34bee39e5e61cec3780d8e5091fa1c0b0bc2d9df49cb0de
Analyzer Verdict Alert quad9 Sinkholed
GET /away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=217 HTTP/1.1
Host: come.sortyellowapples.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staging.camersoftware.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Mar 2023 15:14:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c908192f9c23e8a88e3e63a80afd922c
c876f71ebaff3f752e57ea660d75e67fd0a476e9
82baa040dd0bd036bc4e5ea273f3e7c1eb5ce7c3ec133b1ac444fff131df941e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82BAA040DD0BD036BC4E5EA273F3E7C1EB5CE7C3EC133B1AC444FFF131DF941E"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12112
Expires: Sun, 12 Mar 2023 18:36:41 GMT
Date: Sun, 12 Mar 2023 15:14:49 GMT
Connection: keep-alive
fr7kb.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 fr7kb.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: fr7kb.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fr7kb.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:49 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
fr7kb.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 fr7kb.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: fr7kb.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fr7kb.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:49 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1190911&wd=434353&d=shbzek.com&tpl=4&rnd=0.4711475887619593&sbid=dreans02&sbid2=
185.162.85.14200 OK 0 B URL HTTP/2 azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1190911&wd=434353&d=shbzek.com&tpl=4&rnd=0.4711475887619593&sbid=dreans02&sbid2=
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rpe?a=1&s=1&act=17&src=2&p=1054030&st=1190911&wd=434353&d=shbzek.com&tpl=4&rnd=0.4711475887619593&sbid=dreans02&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr7kb.shbzek.com
Connection: keep-alive
Referer: https://fr7kb.shbzek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 12 Mar 2023 15:14:49 GMT
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
oexlc.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 oexlc.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: oexlc.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oexlc.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=2
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
oexlc.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 oexlc.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: oexlc.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oexlc.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=2
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
t7v8h.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=3
185.56.234.205200 OK 22 kB URL HTTP/2 t7v8h.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 45198db77237e69b3598429ee760a58a
76792f6321408600de1d0a08e3a209f3509def27
99f0535cba16bdf1ebbd32021a9b58ba74d8a8ffa6a0bd93ebb7b921f9dffcaf
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=3 HTTP/1.1
Host: t7v8h.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oexlc.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
t7v8h.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 t7v8h.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: t7v8h.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t7v8h.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=3
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
7f3uz.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 7f3uz.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: 7f3uz.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7f3uz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=4
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
7f3uz.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 7f3uz.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: 7f3uz.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7f3uz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=4
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
8fd2s.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 8fd2s.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: 8fd2s.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8fd2s.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=5
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
8fd2s.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 8fd2s.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: 8fd2s.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8fd2s.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=5
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
8ngzp.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 11 kB URL HTTP/2 8ngzp.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 2108d85fbbc757084f7ee894d335a443
7e37538db2211f190642c8200baa359e38924713
cbf7e644d8ac663963141e5ca8fc283ec64f9f9e56fcbe45ef9f8a49b1a918b2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: 8ngzp.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8ngzp.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=6
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
8ngzp.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 8ngzp.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: 8ngzp.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8ngzp.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=6
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
buody.shbzek.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 buody.shbzek.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: buody.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buody.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=7
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 7572
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-1d94"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
buody.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 buody.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: buody.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buody.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=7
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
1ck47.shbzek.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 1ck47.shbzek.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: 1ck47.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1ck47.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=8
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:52 GMT
content-type: image/png
content-length: 35511
last-modified: Wed, 01 Mar 2023 08:11:24 GMT
etag: "63ff08ac-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
8ngzp.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=6
185.56.234.205200 OK 38 kB URL HTTP/2 8ngzp.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=6
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash e7fb3ed9c1c89d22d9122db576dd7629
900aa39f3fe47657d4564eed9757fdb431fde054
d7edbc2d410379d4d5bf10d83bbc6d28bf9d45d1ba0b7cfcc4d122b96404ba77
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=6 HTTP/1.1
Host: 8ngzp.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8fd2s.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
8fd2s.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=5
185.56.234.205200 OK 19 kB URL HTTP/2 8fd2s.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=5
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 7cbec06ea5549f8ac26b6b4d9e0e9666
44685a9c657a1942ff2b88e5fcda665bb24e7486
6e7d16db106f06d5c66bb5eed459c6937e5a28ad0d101d0734a13200cc94b112
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=5 HTTP/1.1
Host: 8fd2s.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7f3uz.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
oexlc.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=2
185.56.234.205200 OK 47 kB URL HTTP/2 oexlc.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=2
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 58a3b68d43e411438c96217d59ff852b
b042de2289a31f98092891b83c6ff48b9f65f805
edb6d5f8ebdedb454ac8bfff7f0a1bd0fa05744c5f39b22827a90175a2c062a9
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=2 HTTP/1.1
Host: oexlc.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fr7kb.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTN9
185.162.85.4200 OK 5.0 kB URL HTTP/2 ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTN9
IP 185.162.85.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 6cf993f77ca654645bc704029a613cff
3e143e38be3c9743cd268845e9b72dc165799f7f
f02f685c04f1f4c37f3349e37c6c346341055022b1674c5f654e6f06a2f83194
GET /phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTN9 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrmvz.shbzek.com/
Origin: https://nrmvz.shbzek.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 12 Mar 2023 15:14:52 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e5e2c9d00256d4afd9d02d329198a7fb
d4decaeee8910c8a152d8b83e33d153e65c22822
b629e20f5644ba2395c3a1abefda8e27726e3029882957dc6ac323eb4c0a6a3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B629E20F5644BA2395C3A1ABEFDA8E27726E3029882957DC6AC323EB4C0A6A3A"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8820
Expires: Sun, 12 Mar 2023 17:41:53 GMT
Date: Sun, 12 Mar 2023 15:14:53 GMT
Connection: keep-alive
goto.trackpshgoto.win/15GTfe?camp=638762&site=1417798788876843&category=1560&cost=0.0012&external_id=cnv1b90df06bd2f4b6628dcf1611fed940b
20.113.188.243302 Found 4.1 kB URL HTTP/1.1 goto.trackpshgoto.win/15GTfe?camp=638762&site=1417798788876843&category=1560&cost=0.0012&external_id=cnv1b90df06bd2f4b6628dcf1611fed940b
IP 20.113.188.243:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 176c4788c6981f018f968d205e49c916
d92197c26676ba335574fcea710377fc0299cba4
67df8f4403cadbde7ca3d2ac945f974266118c12a3b2ef49a732a1bd71a26e2f
GET /15GTfe?camp=638762&site=1417798788876843&category=1560&cost=0.0012&external_id=cnv1b90df06bd2f4b6628dcf1611fed940b HTTP/1.1
Host: goto.trackpshgoto.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Sun, 12 Mar 2023 15:14:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 320
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GTfeo=20230312181678634796745; domain=.goto.trackpshgoto.win; path=/;expires=Mon, 13 Mar 2023 15:14:53 GMT; httpOnly=true;
_pc_lc_id=15GTfe; domain=.goto.trackpshgoto.win; path=/;expires=Mon, 13 Mar 2023 15:14:53 GMT; httpOnly=true;
peerclickcid=4523b79ae593704d2c26cb915a54d255-42510-0312; domain=.goto.trackpshgoto.win; path=/;expires=Mon, 13 Mar 2023 15:14:53 GMT; httpOnly=true;
_norg=1; domain=.goto.trackpshgoto.win; path=/;expires=Mon, 13 Mar 2023 15:14:53 GMT; httpOnly=true;
Location: https://alvsx.cloudpsh.top/?pl=ilQCmFnYrkuT1vv7YSUY4Q&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843
Vary: Accept
alvsx.cloudpsh.top/?pl=ilQCmFnYrkuT1vv7YSUY4Q&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843
5.75.133.219302 Found 0 B URL HTTP/2 alvsx.cloudpsh.top/?pl=ilQCmFnYrkuT1vv7YSUY4Q&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843
IP 5.75.133.219:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=ilQCmFnYrkuT1vv7YSUY4Q&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843 HTTP/1.1
Host: alvsx.cloudpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 12 Mar 2023 15:14:53 GMT
content-length: 0
location: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
set-cookie: ilQCmFnYrkuT1vv7YSUY4Q=19; max-age=345600; path=/; samesite=lax
__pl=e7813a6a-a7de-4cd3-bca3-abb4fe51b754; expires=Wed, 12 Mar 2025 15:14:53 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/thumb-big.jpg
116.202.184.109200 OK 83 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/thumb-big.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Hash cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788
GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-142bf"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-1.jpg
116.202.184.109200 OK 18 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-1.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
Hash 541857fd23f98f35923ff0addc9b2453
364d64e932503a313f34312673b331b5aff83691
6c18914cf6632f5a906631325584f91b24a647b26de12b0402cbaa40533e435a
GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3844"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-2.jpg
116.202.184.109200 OK 11 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-2.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7
GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2a8a"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-3.jpg
116.202.184.109200 OK 15 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-3.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996
GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3b71"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-4.jpg
116.202.184.109200 OK 8.9 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-4.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483
GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-22c4"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-5.jpg
116.202.184.109200 OK 13 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-5.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02
GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-335d"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-6.jpg
116.202.184.109200 OK 16 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-6.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773
GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3e74"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-7.jpg
116.202.184.109200 OK 14 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-7.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc
GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-368b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/rec-8.jpg
116.202.184.109200 OK 13 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/rec-8.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940
GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-32c0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/1.jpg
116.202.184.109200 OK 14 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/1.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47
GET /ph-new/assets/1.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3844"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/2.jpg
116.202.184.109200 OK 21 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/2.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763
GET /ph-new/assets/2.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-5305"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/3.jpg
116.202.184.109200 OK 11 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/3.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a
GET /ph-new/assets/3.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2b56"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/4.jpg
116.202.184.109200 OK 14 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/4.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd
GET /ph-new/assets/4.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-352b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/5.jpg
116.202.184.109200 OK 12 kB URL HTTP/2 new.lightfoot.top/ph-new/assets/5.jpg
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1
GET /ph-new/assets/5.jpg HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2dc1"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
js.pushssp.top/ps/pl.js
5.75.133.219200 OK 1.1 kB IP 5.75.133.219:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2586), with no line terminators
Hash 64c8a9a615be6839ea40be91974ebe51
165ac2bc4fb1637c2cada98e2406236f3401110a
3cc8c138b06a7e8811e6524e136b77e2be3daa8ab0aed2848e97e69418fb8930
GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 15:14:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.cdnpsh.com/ps/ps.js?pl=true&id=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843
5.75.133.219200 OK 15 kB URL HTTP/2 js.cdnpsh.com/ps/ps.js?pl=true&id=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843
IP 5.75.133.219:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (21587), with CRLF, LF line terminators
Hash 650117f78e2544b0d89d36eac7905659
49200ff09a140f273b10484c8c2363d4ef3281e1
70dee13ffc1f9606f57e5f04f81293820bc854cef2fc66531d71550c89487369
GET /ps/ps.js?pl=true&id=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843 HTTP/1.1
Host: js.cdnpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:55 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: __psu=26e3c06e-921b-408f-a96c-b19aefbeaf2e; expires=Wed, 12 Mar 2025 15:14:55 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
142.250.74.35200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40976)
Hash 65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 Mar 2023 18:19:24 GMT
expires: Sat, 09 Mar 2024 18:19:24 GMT
cache-control: public, max-age=31536000
age: 161731
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 15:14:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
staging.camersoftware.com/wp-content/maintenance/assets/styles.css
82.165.73.164200 OK 0 B URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/styles.css
IP 82.165.73.164:0
GET /wp-content/maintenance/assets/styles.css HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: text/css
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: W/"63d1b4ab-b54"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fr7kb.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=1
185.56.234.205200 OK 0 B URL HTTP/2 fr7kb.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=1 HTTP/1.1
Host: fr7kb.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shbzek.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNpMSI6ImRyZWFuczAyIiwiaSI6IjEifQ==eyJwaWQ
172.67.200.90200 OK 0 B URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNpMSI6ImRyZWFuczAyIiwiaSI6IjEifQ==eyJwaWQ
IP 172.67.200.90:0
GET /v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNpMSI6ImRyZWFuczAyIiwiaSI6IjEifQ==eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fr7kb.shbzek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 12 Mar 2023 15:14:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://shbzek.com
etag: W/"onvGBGX3pyCmCbLwxvwWeYLaZQI"
x-zone: eu
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bzRSBpWWmbDxGxTfu%2FQ59QGaJ%2FJLsR3XyM4wFxSr5wPabK%2B1GLUKsiE8TN32gnez67TJU%2BSqsnJAkzh80%2FvEyiYOwvjHwPyJpD0RYOWTDtHpETzGcBmtPyJLTGz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a6cfd353d70b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
7f3uz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=4
185.56.234.205200 OK 0 B URL HTTP/2 7f3uz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=4
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=4 HTTP/1.1
Host: 7f3uz.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t7v8h.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
s.viisaqyw.com/h/1524/npwhsxfjvjoxtgoc7vbed67m43nyrzvlgb7co63fnbubi3lqji455dxy5nttqf6mkpgefqjttleuhukrudxvbaci5gznnt73utzo4vm2heqism24u5fnhdos7ri4qsg3576ooshbkku6rj63wklm3knqjlyve6x6ka5aojuckrtymy22v53w32clndbfitvtmnmlqv4pw3xm6meejrfgbcd3t334la3m2jk54smjkn45ivwushpjeuhnj54gcttdnihhuxicn56xsudajrswec33kabwo6d7k5s4quctybgxtostjnm6outq7du4es3ztcugsu3aobiaywcyv5qvvp2i4nqincc44i4yl3z2xzhj3ekyqjkxcwzhd4bti5t3au3eqyrqlr5q6brupf6vg2a4g42as72yamycul2ymrednur2jdqtb6xuwfr4q6sa545f5xxdn2fetyxyqnwioos633rw5p2jy6h4jshnrk4p475ujtcgaoamearaezsgku4twjcpeqfdkmkthenfumjah4hh4dz5hqlxqxdvaius4xrtde4sebl7lifgc6lzi4rrcibxav4f2a3bpbzfsz2anrva672razswskaaeqotgpkkgbkagy3zpndtgfzheycxsrycmz7hsrzvaaqdosrhbbpasjrplqzrmitdljyfsvrqp56qgnckgjtfu727abxcwkahmfhgky26fqgqwyt7ff5wc4s6meahqxaemz7hquldndm33r4z6czmbeubmb4praf24jgdtnw5qdfgmchy73n7kqqjvpuzpulchb5xmvbq2fsqfp2imnrwbfem4wme6uyylzhfhn5aob2j5psbirqb7uxrktl3wbtiafewsmqwmxrdf3zzuj5gjjqzniohaa3vabwa====?u=
31.220.27.155200 OK 0 B URL HTTP/2 s.viisaqyw.com/h/1524/npwhsxfjvjoxtgoc7vbed67m43nyrzvlgb7co63fnbubi3lqji455dxy5nttqf6mkpgefqjttleuhukrudxvbaci5gznnt73utzo4vm2heqism24u5fnhdos7ri4qsg3576ooshbkku6rj63wklm3knqjlyve6x6ka5aojuckrtymy22v53w32clndbfitvtmnmlqv4pw3xm6meejrfgbcd3t334la3m2jk54smjkn45ivwushpjeuhnj54gcttdnihhuxicn56xsudajrswec33kabwo6d7k5s4quctybgxtostjnm6outq7du4es3ztcugsu3aobiaywcyv5qvvp2i4nqincc44i4yl3z2xzhj3ekyqjkxcwzhd4bti5t3au3eqyrqlr5q6brupf6vg2a4g42as72yamycul2ymrednur2jdqtb6xuwfr4q6sa545f5xxdn2fetyxyqnwioos633rw5p2jy6h4jshnrk4p475ujtcgaoamearaezsgku4twjcpeqfdkmkthenfumjah4hh4dz5hqlxqxdvaius4xrtde4sebl7lifgc6lzi4rrcibxav4f2a3bpbzfsz2anrva672razswskaaeqotgpkkgbkagy3zpndtgfzheycxsrycmz7hsrzvaaqdosrhbbpasjrplqzrmitdljyfsvrqp56qgnckgjtfu727abxcwkahmfhgky26fqgqwyt7ff5wc4s6meahqxaemz7hquldndm33r4z6czmbeubmb4praf24jgdtnw5qdfgmchy73n7kqqjvpuzpulchb5xmvbq2fsqfp2imnrwbfem4wme6uyylzhfhn5aob2j5psbirqb7uxrktl3wbtiafewsmqwmxrdf3zzuj5gjjqzniohaa3vabwa====?u=
IP 31.220.27.155:0
ASN #39572 DataWeb Global Group B.V.
GET /h/1524/npwhsxfjvjoxtgoc7vbed67m43nyrzvlgb7co63fnbubi3lqji455dxy5nttqf6mkpgefqjttleuhukrudxvbaci5gznnt73utzo4vm2heqism24u5fnhdos7ri4qsg3576ooshbkku6rj63wklm3knqjlyve6x6ka5aojuckrtymy22v53w32clndbfitvtmnmlqv4pw3xm6meejrfgbcd3t334la3m2jk54smjkn45ivwushpjeuhnj54gcttdnihhuxicn56xsudajrswec33kabwo6d7k5s4quctybgxtostjnm6outq7du4es3ztcugsu3aobiaywcyv5qvvp2i4nqincc44i4yl3z2xzhj3ekyqjkxcwzhd4bti5t3au3eqyrqlr5q6brupf6vg2a4g42as72yamycul2ymrednur2jdqtb6xuwfr4q6sa545f5xxdn2fetyxyqnwioos633rw5p2jy6h4jshnrk4p475ujtcgaoamearaezsgku4twjcpeqfdkmkthenfumjah4hh4dz5hqlxqxdvaius4xrtde4sebl7lifgc6lzi4rrcibxav4f2a3bpbzfsz2anrva672razswskaaeqotgpkkgbkagy3zpndtgfzheycxsrycmz7hsrzvaaqdosrhbbpasjrplqzrmitdljyfsvrqp56qgnckgjtfu727abxcwkahmfhgky26fqgqwyt7ff5wc4s6meahqxaemz7hquldndm33r4z6czmbeubmb4praf24jgdtnw5qdfgmchy73n7kqqjvpuzpulchb5xmvbq2fsqfp2imnrwbfem4wme6uyylzhfhn5aob2j5psbirqb7uxrktl3wbtiafewsmqwmxrdf3zzuj5gjjqzniohaa3vabwa====?u= HTTP/1.1
Host: s.viisaqyw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrmvz.shbzek.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sun, 12 Mar 2023 15:14:53 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Width, Viewport-Width, DPR, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
content-encoding: gzip
X-Firefox-Spdy: h2
new.lightfoot.top/sw-f0c29d81b6c597f64bd2ea06c44824e1.js
116.202.184.109200 OK 0 B URL HTTP/2 new.lightfoot.top/sw-f0c29d81b6c597f64bd2ea06c44824e1.js
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
GET /sw-f0c29d81b6c597f64bd2ea06c44824e1.js HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:55 GMT
content-type: application/javascript
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
vary: Accept-Encoding
etag: W/"620e4c7d-954"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
116.202.184.109200 OK 0 B URL HTTP/2 new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
GET /ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393 HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:53 GMT
content-type: text/html
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
vary: Accept-Encoding
etag: W/"63b80e80-f3de"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/trls.js
116.202.184.109200 OK 0 B URL HTTP/2 new.lightfoot.top/ph-new/assets/trls.js
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
GET /ph-new/assets/trls.js HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:53 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
vary: Accept-Encoding
etag: W/"63b80e80-27bd"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
shbzek.com/gosl/InNpZCI6MTE5MDkxMSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=dreans02
185.56.234.205302 Found 0 B URL HTTP/2 shbzek.com/gosl/InNpZCI6MTE5MDkxMSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=dreans02
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /gosl/InNpZCI6MTE5MDkxMSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=dreans02 HTTP/1.1
Host: shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://come.sortyellowapples.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:49 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
max-age: 0
location: https://shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&si2=
x-zone: eu4
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/timer.js
82.165.73.164200 OK 0 B URL HTTP/2 staging.camersoftware.com/wp-content/maintenance/assets/timer.js
IP 82.165.73.164:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/maintenance/assets/timer.js HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:46 GMT
content-type: application/javascript
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: W/"63d1b4ab-502"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
nrmvz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=9
185.56.234.205200 OK 0 B URL HTTP/2 nrmvz.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=9
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=9 HTTP/1.1
Host: nrmvz.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1ck47.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
buody.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=7
185.56.234.205200 OK 0 B URL HTTP/2 buody.shbzek.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=7
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5MDkxMSwid2lkIjo0MzQzNTMsInNyYyI6Mn0=eyJ&si1=dreans02&i=7 HTTP/1.1
Host: buody.shbzek.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8ngzp.shbzek.com/
Cookie: truniq=1; prompt=1; ufp2=fc62c74fb85a5530c781fbea2a8d03283170b9a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 12 Mar 2023 15:14:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
new.lightfoot.top/shared-js/assets/fnr.js
116.202.184.109200 OK 0 B URL HTTP/2 new.lightfoot.top/shared-js/assets/fnr.js
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
GET /shared-js/assets/fnr.js HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:53 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-165c"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
new.lightfoot.top/ph-new/assets/style.css
116.202.184.109200 OK 0 B URL HTTP/2 new.lightfoot.top/ph-new/assets/style.css
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
GET /ph-new/assets/style.css HTTP/1.1
Host: new.lightfoot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.lightfoot.top/ph-new/?pl=ilQCmFnYrkuT1vv7YSUY4Q&sm=ph-new&click_id=4523b79ae593704d2c26cb915a54d255-42510-0312&sub_id=1417798788876843&hash=cbyGzr-z7M4V_bh2ljJKrw&exp=1678634393
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:14:54 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
vary: Accept-Encoding
etag: W/"63b80e80-5f33"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2