r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4845
Expires: Wed, 01 Feb 2023 17:52:47 GMT
Date: Wed, 01 Feb 2023 16:32:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8036
Expires: Wed, 01 Feb 2023 18:45:58 GMT
Date: Wed, 01 Feb 2023 16:32:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2352
Expires: Wed, 01 Feb 2023 17:11:15 GMT
Date: Wed, 01 Feb 2023 16:32:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 15:43:25 GMT
content-type: application/json
age: 2918
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TNqTPGX4hVhSrzfpm44TLUTGvaxz6+OS1oWyvq9frcOuzYASh8QfNAs6YWNob9FiJgi8Fm/b57A=
x-amz-request-id: GD3D84V67DXQH3JF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 15:51:37 GMT
age: 2426
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
en.tube-dl.click/v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3E
103.83.158.181200 OK 7.3 kB URL HTTP/1.1 en.tube-dl.click/v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3E
IP 103.83.158.181:0
ASN #17831 8 Burn Road# 15-13, Trivex
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (17437), with CRLF line terminators
Hash 3f0cef683da854f585cbae0fdc84f6f3
e3cb47952e57652bc5ebf4feb44f3b8d12b684ae
39ce84cd8c61ca8b2d0ee0c7861ab86431feedfd41ca974a60638058e3c84a7d
GET /v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3E HTTP/1.1
Host: en.tube-dl.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 16:32:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-en.tube-dl.click127.0.0.1-myhost-en.tube-dl.click127.0.0.1/v/://anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3E
phost: en.tube-dl.click
line1066: notjp-nojp-myhost-en.tube-dl.click-filteron-
pdo106: feedvid-, cachefileb-cacpdo3/e9/6b/4fa565, lfm-1-5487, lmd-5487, lud-2470751, xfvlen-2042793, fsize-1018377, played-489
pdophp-line408: -; cachetime- 49924.511730194; ctime- 20220628000830
line1403: yhkey-
line1514: method-5: ik- li|||ttl|||e b|||rot|||her||| ge|||ts |||fir|||st |||blo|||wjo|||b f|||rom||| si|||ste|||r ||| se|||x |||- w|||atc|||h b|||eau|||tif|||ul |||and||| ex|||cit|||ing||| l|||itt|||le |||bro|||the|||r g|||ets||| fi|||rst||| bl|||owj|||ob |||fro|||m s|||ist|||er ||| po|||rn |||at |||any|||bun|||ny.|||com|||->||||||little|||brother|||gets|||first|||blowjob|||from|||sister|||sex|||watch|||beautiful|||and|||exciting|||little|||brother|||gets|||first|||blowjob|||from|||sister|||porn|||at|||anybunny|||com||| little brother gets first blowjob from sister sex - watch beautiful and exciting little brother gets first blowjob from sister porn at anybunny.com->: vidlang-jp11451
line1528: method-5: ik-e b|||b f|||r |||x ||| l|||r g|||m s|||->||||||exciting|||at||| little brother gets first blowjob from sister sex - watch beautiful and exciting little brother gets first blowjob from sister porn at anybunny.com->: vidlang-jp
pdoline1599: sarray-599jp8080
pdoline1662: notjp-nojp: fvkwcnt-11441
pdoline1666: notjp-nojp: fvkwcnt-599
pdo-line1950: $i-62$load-0.803125
line2128: poster-https://pic.anybunny.org/imgr/a/d/a/x/h/brother_gets_first_blowjob_from_sister-4_tmb.jpg
Cache-Control: max-age=536044, public
genre: genre=
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: MISS
Xkey-5950: en./v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister-AB-en.tube-dl.click-en.tube-dl.click-cacpdo0---yes
X-Proxy-Cache-la: HIT
Xkey-la: en.tube-dl.click/v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3EBno
Xkeylog: en.tube-dl.click/v/:/anybunny.com/itm/little_brother_gets_first_blowjob_from_sister/title/%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Free%20Sex%20Videos%20-%20Watch%20Beautiful%20and%20Exciting%20%20Little%20Brother%20Gets%20First%20Blowjob%20From%20Sister%20%20Porn%20at%20anybunny.com-%3EB-en.tube-dl.click
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:32:03 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 99b14409585b1777b1f8cb23331e68ce
bdb588961774dbc7a5e490c496a485dc596e87d5
9a70a6ff6608b9dd9589a215b14123a9e58d5dc8aec508f742751fde61f77797
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6100
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:03 GMT
Last-Modified: Wed, 01 Feb 2023 14:50:24 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 99b14409585b1777b1f8cb23331e68ce
bdb588961774dbc7a5e490c496a485dc596e87d5
9a70a6ff6608b9dd9589a215b14123a9e58d5dc8aec508f742751fde61f77797
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5563
Cache-Control: max-age=119617
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:03 GMT
Etag: "63d9ae89-117"
Expires: Fri, 03 Feb 2023 01:45:40 GMT
Last-Modified: Wed, 01 Feb 2023 00:12:57 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6329452d36180b395b4d3d1295f68bfa
7e9d4822a6bdcb4aeac514a4cf1c6dc6a8781e22
6307a4f6f8faf6b3cc4fd5df0e7aa891e785b8408ca8fb2c8461b03447bab2c0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6307A4F6F8FAF6B3CC4FD5DF0E7AA891E785B8408CA8FB2C8461B03447BAB2C0"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7578
Expires: Wed, 01 Feb 2023 18:38:21 GMT
Date: Wed, 01 Feb 2023 16:32:03 GMT
Connection: keep-alive
jsjs.gazo.space/index.php?js=av4&advertisement&
172.64.99.28200 OK 37 kB URL HTTP/2 jsjs.gazo.space/index.php?js=av4&advertisement&
IP 172.64.99.28:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (6476), with CRLF, CR line terminators
Hash 4290649c9086f880c8946f00e39e2cf8
1f944b5c6656898415c3a894aa9d925939fb579a
c139af6db04f63d9adba03575902d8a1783d49d923a19db4f07ca9e1c4012f93
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.tube-dl.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:03 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--GB-rm2400cb003771024ac465ba2/index.php?js=av4&advertisement&
55nloadrate: 0.655
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 1752
last-modified: Wed, 01 Feb 2023 16:02:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4bqsVAfR9kL95xEubKB3rm1Xo0sI0IMxUdHuArAnLabSRhO7O2hNJIBHmJF9MoEkrgq6aJcvj8oKcyyl7Nh%2FRSBTqY5VW2vN99yJGVvHrzCj4bJPXf%2FDH2PCNr%2B5uWUoBg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c14b47d5f7187-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 15:41:42 GMT
age: 3021
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
pic.anybunny.org/imgr/a/d/a/x/h/brother_gets_first_blowjob_from_sister-4_tmb.jpg
45.82.65.253200 OK 6.8 kB URL HTTP/1.1 pic.anybunny.org/imgr/a/d/a/x/h/brother_gets_first_blowjob_from_sister-4_tmb.jpg
IP 45.82.65.253:0
ASN #49981 WorldStream B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0a91acbc520fea36eda93049c542d60e
605b3a8370fc2efcafc745a364743a16938ca0cd
45894198f32b83f35f1aacbbe9d44917870b1fb53ed1787b1c5da9709d159274
GET /imgr/a/d/a/x/h/brother_gets_first_blowjob_from_sister-4_tmb.jpg HTTP/1.1
Host: pic.anybunny.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.tube-dl.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:32:03 GMT
Content-Type: image/jpeg
Content-Length: 6815
Last-Modified: Sun, 26 Apr 2015 06:30:24 GMT
Connection: keep-alive
ETag: "553c8600-1a9f"
Expires: Fri, 03 Mar 2023 16:32:03 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3469
Expires: Wed, 01 Feb 2023 17:29:52 GMT
Date: Wed, 01 Feb 2023 16:32:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 95e04cb73dd58d99b286142e80d282d1
fef54784c3d7fdd5c2ee152708bdce7fa474dcd1
f191853a6d5e7b6fad57afdee77a5445c809bde170c7d5efb81edb2e50f78223
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F191853A6D5E7B6FAD57AFDEE77A5445C809BDE170C7D5EFB81EDB2E50F78223"
Last-Modified: Tue, 31 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6190
Expires: Wed, 01 Feb 2023 18:15:13 GMT
Date: Wed, 01 Feb 2023 16:32:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9004ba4b34f1ae3498b3afeccc240e8c
ee465f20e9365246ef0e90b5349df5d0ec7afc31
e75b585711a65a09bb8188ef1a592d6c8708bfb3f1fa395befa9643974b0a680
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E75B585711A65A09BB8188EF1A592D6C8708BFB3F1FA395BEFA9643974B0A680"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4564
Expires: Wed, 01 Feb 2023 17:48:08 GMT
Date: Wed, 01 Feb 2023 16:32:04 GMT
Connection: keep-alive
push.services.mozilla.com/
34.208.13.28101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.13.28:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OwYMs4pcAE2Srd4T8pkfCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B96RBphCsbYuQQmPNpZAWkt6pH0=
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.tube-dl.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 01 Feb 2023 16:37:04 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 99b14409585b1777b1f8cb23331e68ce
bdb588961774dbc7a5e490c496a485dc596e87d5
9a70a6ff6608b9dd9589a215b14123a9e58d5dc8aec508f742751fde61f77797
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5564
Cache-Control: max-age=119617
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:04 GMT
Etag: "63d9ae89-117"
Expires: Fri, 03 Feb 2023 01:45:41 GMT
Last-Modified: Wed, 01 Feb 2023 00:12:57 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
jp.co-vid.win/tags/nonvNO
148.72.246.38200 OK 19 kB URL HTTP/1.1 jp.co-vid.win/tags/nonvNO
IP 148.72.246.38:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (52754), with CRLF line terminators
Hash 0c7b8fe1ba0f8ae6169b605dccf5f672
b8b65260ef3575548cf8f4d03054af8dc062330e
3fc290eb2eb6c664d5c7fba8c3113db32c10b6af2fa70a79452d68b7000459b2
GET /tags/nonvNO HTTP/1.1
Host: jp.co-vid.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.tube-dl.click/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 16:32:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-jp.co-vid.win127.0.0.1-myhost-jp.co-vid.win127.0.0.1/tags/nonvNO
phost: jp.co-vid.win
line1066: notjp-jp-myhost-jp.co-vid.win-filteron-
line2430: notjp-/tags/nonvNO-myhost-jp.co-vid.win-filteron-
line2438: tag--kw--filteron-
Cache-Control: max-age=1800, public
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: jp./tags/nonvNO-A-jp.co-vid.win-jp.co-vid.win-cacpdo0---yes
X-Proxy-Cache-g-jp: HIT
Xkey-g-jp2: jp./tags/nonvNO-A-jp.co-vid.win--my_zone
cacrip.nakadashi.pw/AV4.us.jpg
172.64.128.21200 OK 8.7 kB URL HTTP/1.1 cacrip.nakadashi.pw/AV4.us.jpg
IP 172.64.128.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3\012- data
Hash edfe007a6e5b3d268b2528f564b60b43
1644c8ef97c871079e07e5079d613af5cb94052f
bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
suricata low ET INFO HTTP Request to a *.pw domain
GET /AV4.us.jpg HTTP/1.1
Host: cacrip.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Content-Type: image/jpeg
Content-Length: 8741
Connection: keep-alive
etag: "2225-5499bcea176c0"
access-control-allow-origin: *
cache-control: public, max-age=360000
CF-Cache-Status: HIT
Age: 72370
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caCJAjtUiXnBg1VUqJHNYB5j0qgw8pJv2zh3wDC5orCvkRoqKKAoo5NoGdWXp0KGtZlveCroSgL5Iw0JZbCaELy46fGRhjSWcY5T6LuwJeCEH0bv9Vcv9s7JWyts3FIwmxY7EfAg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c14bf58f875c5-LHR
alt-svc: h2=":443"; ma=60
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
104.17.25.14200 OK 4.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (10613)
Hash 9653b380e66b38af571efdafa5763f0d
835aa2c117b6b3156a3b439ec302ffa268466c55
3181b9ecf39cca87ae50e71c715a2accc9787ac8655edf1d0fc5195bd688b38f
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1726133
expires: Mon, 22 Jan 2024 16:32:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrCkXXCrAmkZfc8pIfV8ivHqa0%2BSp2OFyjgFaXqOXBi6KVWzL5BgtJ17dHmpC13TVSfPsjgW7%2Ba2YQdcVxqdj29tl6YbVd3jHgpgatH1%2BxHy6V1bdixTax9bNPOh0mdAOJIzEGZa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 792c14bf8d8fb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
comments.gazo.space/comments/embed.js?37
172.64.99.28200 OK 6.7 kB URL HTTP/1.1 comments.gazo.space/comments/embed.js?37
IP 172.64.99.28:0
File type ASCII text, with very long lines (14022)
Hash 352c889af2cf2163a866e7e381ae9252
dba161ee742e83c96891e1c3fa8e9a6ecd88ab55
aca3691a6709b371e3dedde66943ed3a1b9a8d2b67734123916d74c1a82e510c
Analyzer Verdict Alert fortinet Phishing
GET /comments/embed.js?37 HTTP/1.1
Host: comments.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=360000
Cf-Bgj: minify
Cf-Polished: origSize=20813
ETag: W/"514d-5e998fd344edc"
X-Proxy-Cache-Rip: HIT
XkeyRip: jcomments./comments/embed.js?37-A-comments.gazo.space--my_zone-yes
CF-Cache-Status: HIT
Age: 141359
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SxjDipoMcrNXyiFT6aOR4tf3OdXDNW9xeDoaIRqOvgTkjHNOCCOPdNqHy6UxcdsEqfUqprwueGw0VAeb4NThTQdsEgvQFijpeweRkbFafq7Hy7jPk4YKyg2h9M1wekn0fcr4sVBz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c14bfa92d7768-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 84a619e9e5fe473391cba1166025d292
f91ce28271b76787d9fb3dae7a6aa0e5ae92f7bc
83280d0d6e15e7784bb091374dca46094441d678fe5afc386bcae98c0a463cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83280D0D6E15E7784BB091374DCA46094441D678FE5AFC386BCAE98C0A463CAC"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5017
Expires: Wed, 01 Feb 2023 17:55:42 GMT
Date: Wed, 01 Feb 2023 16:32:05 GMT
Connection: keep-alive
jsjs.gazo.space/mycss/av4.css?3
172.64.99.28200 OK 1.3 kB URL HTTP/1.1 jsjs.gazo.space/mycss/av4.css?3
IP 172.64.99.28:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 55d39b2d0155f6d4ef3be034128f27bb
e21c9b2e878a57898ec2883cf334c057ecdb927c
6650b9e1cbcfe327a56bfefef2bec6ec0aa756ffa3d7ceb2e901dc828d42843d
GET /mycss/av4.css?3 HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"f05-5ef068d702bfd"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Cake
Cache-Control: public, max-age=3600000
CF-Cache-Status: HIT
Age: 1048392
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hN3kXeTnhiqPYEZWEm6GE%2FbxVESBDl3GFu9dGB3mU30pwBPInqRdoFFHPCwyNlY6dDmu2ljk%2BK5LfjEBraRhOjNJt8UERctmUdP1pRyD0n4qamJ4jnP5UM7lum%2BpW%2F8si6A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c14bfada623d6-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
jsjs.gazo.space/index.php?js=av4&advertisement&
172.64.99.28200 OK 104 kB URL HTTP/2 jsjs.gazo.space/index.php?js=av4&advertisement&
IP 172.64.99.28:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (6476), with CRLF, CR line terminators
Size 104 kB (104021 bytes)
Hash b6f71c0b9bf766e913a8c7b9769a9a98
60fdf82ee093250514e859c379d76ff6c650a8e6
fd09501620d11f3a712c026c6e3493c75b9869ee1b880e64653cb85f8c991e14
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:04 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--GB-rm2400cb003761024ac46553b/index.php?js=av4&advertisement&
55nloadrate: 0.7921875
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 42
last-modified: Wed, 01 Feb 2023 16:31:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5oilh3S9OkllP0KjwCMeYt3sWcGiFBxotFjtXnJCO2eM7KIQP%2Fxmfh%2B4KH73CcAk9VCED7%2FAmznT0ug3J9CsD0oVvJd80H6ICkoyxL5LearisKbx8t5Yb9LyICzF7Z9uxS4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c14bc4d227792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 97ff1773b7e2d54d2df8553c827c457c
4403cb2790b79155a1490b65311f0269bae663f4
0050485f496d5f1ad50e37215415e2d327ce11942a9a548245e993b3b9109230
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "41C4C5A124C52A7822CD6FD3E297AB1A40D78BEB"
Expires: Thu, 02 Feb 2023 03:00:00 GMT
Last-Modified: Wed, 01 Feb 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2082
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c14c0481f1c0a-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6204
Expires: Wed, 01 Feb 2023 18:15:29 GMT
Date: Wed, 01 Feb 2023 16:32:05 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=UA-620120-3
142.250.74.40200 OK 503 B URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-620120-3
IP 142.250.74.40:0
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 16:32:05 GMT
expires: Wed, 01 Feb 2023 16:32:05 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43887
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6204
Expires: Wed, 01 Feb 2023 18:15:29 GMT
Date: Wed, 01 Feb 2023 16:32:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6204
Expires: Wed, 01 Feb 2023 18:15:29 GMT
Date: Wed, 01 Feb 2023 16:32:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6204
Expires: Wed, 01 Feb 2023 18:15:29 GMT
Date: Wed, 01 Feb 2023 16:32:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:57:00 GMT
age: 12905
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 32664
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _xCzARAxn6PB9wrQAL98hWvnUxQOocZFqMoS2l_CoIzOJC18bXQuSQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:53:32 GMT
age: 67113
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
jsjs.gazo.space/index.php?js=very
172.64.99.28200 OK 9.6 kB URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 172.64.99.28:0
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:04 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003761024ac465607/index.php?js=very
55nloadrate: 0.684375
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBUmQPNZ27UTfClZC%2BiS7rAS1ESfrY%2FvaU%2F63D8xp2Aum9ij03NguXA4ptJwXDQvlGMb8debDqtPFRU24ZG7q%2BtwMSQuPaUheuooE133JVcZuBK4sX2jX5ixUCO8v5HDdX4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c14bc2cdf7792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
34.120.237.76200 OK 24 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
IP 34.120.237.76:0
Hash 0e5efc08eb2dc2e832ee32c3829cbeac
82061f239243142534e7a2e2f9748ea7e5de516c
e58acdd44f2c3b1db2d1fe95f5b31e166d3009165e6607edc6d608bef9732451
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7628
x-amzn-requestid: 29c70d62-ed3a-4c90-8f32-2dc0c1caf5e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcDSnG4RIAMF5eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4b276-0267c928110be13d26906bed;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 05:28:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: temaq_TJ35QzsVDLMotam8rNea4vwiE7Zo7i8wlqQJr0JIXdL1_Iww==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 20:27:56 GMT
age: 72249
etag: "257963245f14742bf9cd90e71ca748066d5495c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c83dcdb618756ebbfeb69a8bff6d38c
5f909182ab6847690e7ebd100e3f0d2798e36192
2e29d0747fb973908228501178465ac09f6553ef8e50dd70ee617f3379eb733c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7049
x-amzn-requestid: bc6522f2-eb6b-4e59-9912-0c03d145f021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk31LGE2IAMF8rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839ba-67477ed1260c27f67e28043d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q_aVbWJKMbX1_bjggzbdnWbgmfooGvXj76t55QGGXRr_y6ZgW2gctw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:23:45 GMT
age: 14900
etag: "5f909182ab6847690e7ebd100e3f0d2798e36192"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 43e63b8b519d676a778472be4d3c8156
02942d46ceb9d52b3d4d723e4e3ccacfa4a3fb99
2dfec0e109061d404883b68e4e04155d6bfa89534ffd69603c0d4263399a68ba
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 05 Feb 2023 13:10:02 GMT
ETag: "02942d46ceb9d52b3d4d723e4e3ccacfa4a3fb99"
Last-Modified: Wed, 01 Feb 2023 13:10:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1502
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c14c1c9f21c0a-OSL
mc.yandex.ru/watch/48140495/1?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2Fen.tube-dl.click%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A202828072088%3Ahid%3A320483233%3Az%3A0%3Ai%3A20230201163227%3Aet%3A1675269147%3Ac%3A1%3Arn%3A238402448%3Arqn%3A1%3Au%3A1675269147734449499%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A67%2C243%2C244%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675269146010%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675269148%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
77.88.21.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/48140495/1?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2Fen.tube-dl.click%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A202828072088%3Ahid%3A320483233%3Az%3A0%3Ai%3A20230201163227%3Aet%3A1675269147%3Ac%3A1%3Arn%3A238402448%3Arqn%3A1%3Au%3A1675269147734449499%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A67%2C243%2C244%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675269146010%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675269148%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash bf35fe7f1c6fddf7bea55fd348859545
3c86300b4bf389780a4f12203e7a261726627c16
9a7bbc062b85d3f479014671057ed0131957b0884052758359c68289adddda24
GET /watch/48140495/1?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2Fen.tube-dl.click%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A202828072088%3Ahid%3A320483233%3Az%3A0%3Ai%3A20230201163227%3Aet%3A1675269147%3Ac%3A1%3Arn%3A238402448%3Arqn%3A1%3Au%3A1675269147734449499%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A67%2C243%2C244%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675269146010%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675269148%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Referer: http://jp.co-vid.win/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Wed, 01 Feb 2023 16:32:05 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://jp.co-vid.win
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 01-Feb-2023 16:32:05 GMT
last-modified: Wed, 01-Feb-2023 16:32:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e4f3da3434c6dfe896da45c4a622abbd
51feb2216cfee2b4aa7755ad20d78afa204cab64
ff22d07e1009fbf6faeb3d2dfa5467d7a8a9a6e135a077b147d6562cf51cc11d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3418
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:32:07 GMT
Last-Modified: Wed, 01 Feb 2023 15:35:09 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 313
www.w3schools.com/w3css/4/w3.css
192.229.133.221200 OK 5.3 kB URL HTTP/2 www.w3schools.com/w3css/4/w3.css
IP 192.229.133.221:0
File type Unicode text, UTF-8 (with BOM) text
Hash cfa5fd76f66a5f917b87ddd80b75b3fa
c0d7265855205d77acc0f1154172070a8680ab19
38ae41c45eedd4f190a8ddbda2a2dc69e2a4d75a6ff8cb0bb35d4a521724ee98
GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 14371
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Wed, 01 Feb 2023 16:32:07 GMT
etag: "0d39b39a234d91:0"
last-modified: Mon, 30 Jan 2023 11:58:54 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5250
X-Firefox-Spdy: h2
twitter.com/favicon.ico
104.244.42.1200 OK 1.2 kB IP 104.244.42.1:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 630d203cdeba06df4c0e289c8c8094f6
eee14e8a36b0512c12ba26c0516b4553618dea36
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
GET /favicon.ico HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:07 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A167526912745536528; Max-Age=34214400; Expires=Sun, 03 Mar 2024 16:32:07 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: efc6d9189ea9fbb5
strict-transport-security: max-age=631138519
x-response-time: 105
x-connection-hash: 599e2aaff1cda86f8c6b25501005b8c427c0a018db8d5e23fd63ca6fd5d8fb5c
X-Firefox-Spdy: h2
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:32:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 01 Feb 2023 16:32:10 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Wed, 01 Feb 2023 17:32:10 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 95e04cb73dd58d99b286142e80d282d1
fef54784c3d7fdd5c2ee152708bdce7fa474dcd1
f191853a6d5e7b6fad57afdee77a5445c809bde170c7d5efb81edb2e50f78223
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F191853A6D5E7B6FAD57AFDEE77A5445C809BDE170C7D5EFB81EDB2E50F78223"
Last-Modified: Tue, 31 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6183
Expires: Wed, 01 Feb 2023 18:15:13 GMT
Date: Wed, 01 Feb 2023 16:32:10 GMT
Connection: keep-alive
dde280e15f.5608bd4f7e.com/d6c37f8b5d81f1fbc29c7becbcbf7232/23782?version_name=b
45.133.44.25200 OK 3.2 kB URL HTTP/2 dde280e15f.5608bd4f7e.com/d6c37f8b5d81f1fbc29c7becbcbf7232/23782?version_name=b
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 65aba46e39ea12678b53fd5ff8f14d98
19ac1c8a3f29fb9b203dbac0964658dc67d523bf
a3a0e66a0548cfc4a25a2e0fb8cdb77beff9e624c9d3203482591660b29310af
Analyzer Verdict Alert quad9 Sinkholed
GET /d6c37f8b5d81f1fbc29c7becbcbf7232/23782?version_name=b HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Wed, 01 Feb 2023 16:37:11 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
45.133.44.25200 OK 35 kB URL HTTP/2 dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 0b636f0d027d3a7361e3c01fbb921fed
44440763ad294b24398dffc41db36728ff16cea3
4cb5545cec6551eddab964586f7cab93876289a9f7686731a1f0e6a00995ac44
Analyzer Verdict Alert quad9 Sinkholed
GET /c0c3a5692bf79b818cec35ce6cc43ad7.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://jp.co-vid.win/
Origin: http://jp.co-vid.win
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 16:32:11 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://jp.co-vid.win
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=b
78.47.199.218200 OK 2.6 kB URL HTTP/2 notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=b
IP 78.47.199.218:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (2643), with no line terminators
Hash bf302c542f31517e319468f0f84a52a0
54760c86f7dfa7fc8154d6f7ce13b950987d75f8
d24b104435ad454083443653e91cfc67a5b5730c236395c4cad72e3cf9814702
GET /tags?tag_id=23782&timezone_olson=UTC&version_name=b HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/json
content-length: 2643
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22282
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 16:32:11 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://jp.co-vid.win
Set-Cookie: id=4911046773878485761; Expires=Thu, 01 Feb 2024 16:32:11 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48237dc866d6f2387b67ad0ba335689d
766b9034cf7cb4d04ce8cb76107834772611cdfa
f7e4b65ebd6a99bcd51f95bd777025d00fe3947654a3c58ac06708ecf9f53f03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7E4B65EBD6A99BCD51F95BD777025D00FE3947654A3C58AC06708ECF9F53F03"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6854
Expires: Wed, 01 Feb 2023 18:26:25 GMT
Date: Wed, 01 Feb 2023 16:32:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ebc5267a43e35d9874d2d70ed8e7f4c9
f8d59e7a7641c1c665cda79c908aa05c68b95f47
0f5c4b99130d094313f8d8126489693e7fdd8e7e2dbd8dd0f331a8ed5d59839f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F5C4B99130D094313F8D8126489693E7FDD8E7E2DBD8DD0F331A8ED5D59839F"
Last-Modified: Tue, 31 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10726
Expires: Wed, 01 Feb 2023 19:30:57 GMT
Date: Wed, 01 Feb 2023 16:32:11 GMT
Connection: keep-alive
f5523cd9a7.c1249041fb.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTM5NzU0Mjk1NDA1NjI1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0=
45.133.44.24200 OK 0 B URL HTTP/2 f5523cd9a7.c1249041fb.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTM5NzU0Mjk1NDA1NjI1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTM5NzU0Mjk1NDA1NjI1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0= HTTP/1.1
Host: f5523cd9a7.c1249041fb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 25a5e0592d78de71c1b4e4ca86f612af
7491a00e4557fa720891ab2698c9eccbd9557a68
41aadcba3e339bb2f7add1ebc57a5cea863e2b92841e09a4ccad9c4f984d2224
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41AADCBA3E339BB2F7ADD1EBC57A5CEA863E2B92841E09A4CCAD9C4F984D2224"
Last-Modified: Tue, 31 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7807
Expires: Wed, 01 Feb 2023 18:42:18 GMT
Date: Wed, 01 Feb 2023 16:32:11 GMT
Connection: keep-alive
nereserv.com/in/dip?site=native-push&wl=1&event_id=77683b07-d1e7-49bd-af3c-01446f84b3e5&subid=809032184&sid=985449331&spot_id=17050&created_at=2023-02-01&timezone=0&ver=8.23.0&is_native=1
157.90.84.246200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=77683b07-d1e7-49bd-af3c-01446f84b3e5&subid=809032184&sid=985449331&spot_id=17050&created_at=2023-02-01&timezone=0&ver=8.23.0&is_native=1
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=77683b07-d1e7-49bd-af3c-01446f84b3e5&subid=809032184&sid=985449331&spot_id=17050&created_at=2023-02-01&timezone=0&ver=8.23.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 01 Feb 2023 16:32:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 25a5e0592d78de71c1b4e4ca86f612af
7491a00e4557fa720891ab2698c9eccbd9557a68
41aadcba3e339bb2f7add1ebc57a5cea863e2b92841e09a4ccad9c4f984d2224
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41AADCBA3E339BB2F7ADD1EBC57A5CEA863E2B92841E09A4CCAD9C4F984D2224"
Last-Modified: Tue, 31 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7807
Expires: Wed, 01 Feb 2023 18:42:18 GMT
Date: Wed, 01 Feb 2023 16:32:11 GMT
Connection: keep-alive
428fcb314a.5ae63880d1.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 428fcb314a.5ae63880d1.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: 428fcb314a.5ae63880d1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://jp.co-vid.win/
Origin: http://jp.co-vid.win
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:32:11 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.24200 OK 27 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 0065cdeb83d33217bff7b1e11b5ffa27
e39f9f061c03395b3b7f392495b5fc27073fc2b5
a0fccfa5e4b3ee5df5385f430c6012f0875aa8760c05c0236f5089c9a4b346d2
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/remotesub.js
45.133.44.24200 OK 3.0 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push/remotesub.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (7861), with no line terminators
Hash cf7958e99d65ab5d7de038f5fdada81b
7a01c32910c2def3a317124497a2aad38c8428e4
8199bf96b8a0493c36a60c821c3c6dd48f8063292f7a2c5cc8e88d4a4de15f34
GET /npc/sdk/push/remotesub.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 23 Jul 2020 11:17:23 GMT
etag: W/"5f1971c3-1eb5"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
b82b8671db.262e88b9b0.com/get/
94.130.197.134200 OK 232 B URL HTTP/2 b82b8671db.262e88b9b0.com/get/
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 52cbff09e94a4359728c1a2a57b587a0
880937b743c893401851b52b30441fb67bdcf1ee
6a8dc9a3111e79d0950c3b823266e2624eb811c158a2aed59a34587cbed61a85
POST /get/ HTTP/1.1
Host: b82b8671db.262e88b9b0.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: http://jp.co-vid.win
Content-Length: 618
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/json
content-length: 232
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
jsjs.gazo.space/index.php?js=very
172.64.99.28200 OK 0 B URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 172.64.99.28:0
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.tube-dl.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:03 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003771024ac465a96/index.php?js=very
55nloadrate: 0.7059375
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UkkyUNbUeGLsWGHh%2Fjc0ooFK4BzvIi7gypW6dPsL8z685A48al%2BZ4Kfmg5E35fTYiBP4QoPoIZySnUmFTI20QGEZp5eCRCiKi01beiFCCrQbYKRoGLOPXXWQP2sCwIPxcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c14b47d547187-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
45.133.44.25200 OK 0 B URL HTTP/2 dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /c0c3a5692bf79b818cec35ce6cc43ad7.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.tube-dl.click
Connection: keep-alive
Referer: http://en.tube-dl.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
dde280e15f.5608bd4f7e.com/652e0c493ca942f5a3ab77e71399004a.js
45.133.44.25200 OK 0 B URL HTTP/2 dde280e15f.5608bd4f7e.com/652e0c493ca942f5a3ab77e71399004a.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /652e0c493ca942f5a3ab77e71399004a.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
dde280e15f.5608bd4f7e.com/01c530e7dd26aab5df2480cf03ae89a0.js
45.133.44.25200 OK 0 B URL HTTP/2 dde280e15f.5608bd4f7e.com/01c530e7dd26aab5df2480cf03ae89a0.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /01c530e7dd26aab5df2480cf03ae89a0.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 31 Jan 2023 13:11:15 GMT
etag: W/"63d91373-4dbb1"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
dde280e15f.5608bd4f7e.com/4fa5588105e6f7d99dca72640360025f.js
45.133.44.25200 OK 0 B URL HTTP/2 dde280e15f.5608bd4f7e.com/4fa5588105e6f7d99dca72640360025f.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /4fa5588105e6f7d99dca72640360025f.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 25 Jan 2023 09:48:07 GMT
etag: W/"63d0fad7-b577"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js?para=6hYoDL
45.133.44.25200 OK 0 B URL HTTP/2 sw.wpush.org/ps/sw.js?para=6hYoDL
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js?para=6hYoDL HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:32:05 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Wed, 01 Feb 2023 16:37:05 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2