corneey.com/w4LWeU
104.26.7.218200 OK 35 kB IP 104.26.7.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26943), with CRLF, LF line terminators
Hash 16f001b0154c817d06bdc9149a6757d9
1b3e76dae23120f463bf55bc7ca6a481e65b58a1
16e05474fd44edc6006ff07cba6aee13e5cdfbee780031b45a932b0b64820043
GET /w4LWeU HTTP/1.1
Host: corneey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=enj4teh22jg00a5gmcid57r6f7; expires=Fri, 03-Feb-2023 08:42:27 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sat, 03-Feb-2024 07:42:27 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwA5J5q56CWHOOhG5aLtiGNT%2F%2B2mYnrBPjVAnrprL5tbubFgWTmMclOjogfvhwoGcDikkpa2v%2B0QIak8ydV4bEvtAAtPokgCj0zzdssQX3zxtK6dsycW9WGSoxGLqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987ab699e0b39-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20857
Expires: Fri, 03 Feb 2023 13:30:04 GMT
Date: Fri, 03 Feb 2023 07:42:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4067
Expires: Fri, 03 Feb 2023 08:50:14 GMT
Date: Fri, 03 Feb 2023 07:42:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 06:43:34 GMT
content-type: application/json
age: 3533
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17012
Expires: Fri, 03 Feb 2023 12:25:59 GMT
Date: Fri, 03 Feb 2023 07:42:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pLGXeOEv8LH5Go9gNjvY/mEQuacefKWdMgygT+5KcuPQ5iuq6ZyVfMOj79UiGjhs9Zc9icS0lpw=
x-amz-request-id: 3SV5HZEWQD354459
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 07:23:27 GMT
age: 1140
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:27 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
104.26.6.218200 OK 25 kB URL HTTP/1.1 static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP 104.26.6.218:0
File type Unicode text, UTF-8 text, with very long lines (20454)
Hash f7baccd666678569795749f591a8a75a
f3d8c85e9290ec755535df4edd5a91de44f3dc2c
553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc
GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Fri, 03 Feb 2023 17:23:54 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 51513
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4Zy7uPmyS9iVgd%2Fz9ge45twdJnGrpE6%2BLZFJB%2BhjQtNi6ntPipfyqhaSlOZo7ICqJpH6P5RSgwWP5JrGqarK4QlGoUJ7r2hdinlqOwgGfCFvhIdyNIl5SM8Sn%2F3QA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987ae2dc5b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0e8ef8844b15e58304b6123a883bf183
a30506d7d46d446d16f7fed09051c75beb589ba7
9c28822efb2aef4a9bbb796f05d3d97a825bc2f7e7e7abf482ac42b411ca1628
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C28822EFB2AEF4A9BBB796F05D3D97A825BC2F7E7E7ABF482AC42B411CA1628"
Last-Modified: Wed, 01 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15291
Expires: Fri, 03 Feb 2023 11:57:18 GMT
Date: Fri, 03 Feb 2023 07:42:27 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.46200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.46:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://corneey.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 04-Feb-2023 07:42:27 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sat, 04-Feb-2023 07:42:27 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1cff07532b68bc31cb6906ce22169fe0
64a29384ecc1b7abe70a4e5145940bb4c1a8ec60
897b84954caa1003fecee3c8fc9cc0d7d6abc7a4598e6e76e10d47553b91402e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "897B84954CAA1003FECEE3C8FC9CC0D7D6ABC7A4598E6E76E10D47553B91402E"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11329
Expires: Fri, 03 Feb 2023 10:51:16 GMT
Date: Fri, 03 Feb 2023 07:42:27 GMT
Connection: keep-alive
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
104.26.6.218200 OK 6.2 kB URL HTTP/1.1 static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP 104.26.6.218:0
File type PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Fri, 03 Feb 2023 11:27:03 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 72924
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkYEaK3JBPGVbmf5bFZHEjl6bVXQLIT0OaglISXuhvKHzGi0hnlqemQRrsGLbr5GnHbVGVVdx0nfFwYXtSf6pMctpOu3LQFCvS1e8%2B9x1tJ1JIQf2LJjLgEwRZlOGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793987aece73b521-OSL
alt-svc: h2=":443"; ma=60
ubbfpm.com/ms/1102360/inpage.js
95.216.206.230200 OK 138 kB URL HTTP/1.1 ubbfpm.com/ms/1102360/inpage.js
IP 95.216.206.230:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Size 138 kB (137912 bytes)
Hash 99e208c838a5513d8568c9a3b82a416c
b843da609313bd2d29c7844b42b8bf34ea26a880
e565ce67598a3280ea703bb99ca05ff2b9ad590545e7df27e8957698a501a95d
GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: application/javascript
Content-Length: 137912
Last-Modified: Sat, 28 Jan 2023 16:24:48 GMT
Connection: keep-alive
ETag: "63d54c50-21ab8"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
corneey.com/bundles/advertisement/img/tracking.gif?test=7f69d700759378107d66a628806065b93d7db915
104.26.7.218200 OK 0 B URL HTTP/1.1 corneey.com/bundles/advertisement/img/tracking.gif?test=7f69d700759378107d66a628806065b93d7db915
IP 104.26.7.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/advertisement/img/tracking.gif?test=7f69d700759378107d66a628806065b93d7db915 HTTP/1.1
Host: corneey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/w4LWeU
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hMdB%2F805iKQqAuQQNBvOfxAesN11yAJf7m3oNToKBSgH2RgFstTQmepuV2qB%2BvO5Wb%2Fy7C53mxun4yBHyMzv0FhYMEmPdI6yjaOHSaDLsT2CnzbntIav1xElP1uyg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987aecc020b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
corneey.com/bundles/smeweb/img/tracking-1.gif?t=1675410147
104.26.7.218200 OK 43 B URL HTTP/1.1 corneey.com/bundles/smeweb/img/tracking-1.gif?t=1675410147
IP 104.26.7.218:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/tracking-1.gif?t=1675410147 HTTP/1.1
Host: corneey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/w4LWeU
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtUJ3mXlqGgFzYba68%2Bla6OGSywgqX6xlCnb70ntzT2hhPDZB2%2BEwD6sLAB2J8LrT0mnNIi%2BiZkbI8H6ID%2BAkpifBK4kgNJm1eYrc24CDDQg%2BquE1hLeeJ888NIJiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987aec9330b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
104.26.6.218200 OK 84 kB URL HTTP/1.1 static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP 104.26.6.218:0
File type PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Hash 0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 04 Feb 2023 00:26:21 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 26166
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17AetwAffMQ1kcYTojGmPMjBMlfcycKq%2FmERyRvav5UDFfxZqNgv4wtiRWTHUUncvbiRE8GJ5XB%2FSeZNLVHimVLxPBqOsgMwT0L3IK5EcHEeqi%2B5VnSUWdWTQnP%2Frg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793987af1ed1b521-OSL
alt-svc: h2=":443"; ma=60
corneey.com/bundles/smeweb/img/advertisement-tracking-1.gif?t=1675410147
104.26.7.218200 OK 43 B URL HTTP/1.1 corneey.com/bundles/smeweb/img/advertisement-tracking-1.gif?t=1675410147
IP 104.26.7.218:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/advertisement-tracking-1.gif?t=1675410147 HTTP/1.1
Host: corneey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/w4LWeU
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn08
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdjDyqpF3lTAj%2FlVT5S5aS9s5k0xX9c2CGY2BB9wTLFD4p3a6IG0Xw5he9A%2BO37pPQ5tHsepM7kOD2TMwQwPKDI5s3cWjX56VtnkUtBbeY0feibqxXcrxxKYfHOeTg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987aec808b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
142.250.74.163200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://corneey.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 21:26:02 GMT
expires: Thu, 01 Feb 2024 21:26:02 GMT
cache-control: public, max-age=31536000
age: 123385
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
173.233.137.36200 OK 21 kB URL HTTP/1.1 endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (60205), with no line terminators
Hash 1dfd3df2b20e1292cd7f190d8acd5d70
dd55116be91f4ec0449dc16a8998208d41c9e10b
ee4e50a3349c670ae66e104e4aa36e20eb77fcfd51c3afbf520370cd71e24bdd
Analyzer Verdict Alert quad9 Sinkholed
GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1bcedb6236eee1d95a6264e614f52f6d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
142.250.74.168200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash e748c6e4f01051fd28d18ecea540cd58
70e216934a208a9f8feab53bb6991987a81b1563
fa3487ff82eafd62a89301bbce03a539c4dd74e9ce8c504aab0fda103936f9b1
GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Feb 2023 07:42:27 GMT
expires: Fri, 03 Feb 2023 07:42:27 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.46200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.46:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://corneey.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 04-Feb-2023 07:42:28 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sat, 04-Feb-2023 07:42:28 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 06:49:06 GMT
age: 3202
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 3f11c62617c2bee07a8ed3cf82151243
ba58aa99e6fda4e73216a5b6a382dfd4f1f5b33a
a0b39826bd54ed8244e2c90f71d51146feaba0b9100446256479344837c50228
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 03 Feb 2023 07:42:28 GMT
Last-Modified: Fri, 03 Feb 2023 07:40:23 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JyIR7O6-pVwa-ufOOt-8C3zIDKFehcR_qQPRmOCWrjdzBZ_Liuqvdg==
Age: 125
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=corneey.com&var=&ymid=&var_3=
139.45.197.250200 OK 733 B URL HTTP/2 ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=corneey.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (732)
Hash de583fdbb34e774881c0254c23ba0b56
30b2925ca23148b66c717ceb53b8afc2f2ce7219
d6953d253a154cd68bf37b34f880dd90cca4c2c81c9b06042bf25313b42c50b4
GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=corneey.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: ac275eec44d4300052c5b6ec0bf4ab08
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
subscribestormyapprobation.com/pixel/purst?dl=0&th=0&sc=0&rs=810&rd=810&fd=422&bv=22.10.v.9&tmpl=70
173.233.137.52200 OK 0 B URL HTTP/1.1 subscribestormyapprobation.com/pixel/purst?dl=0&th=0&sc=0&rs=810&rd=810&fd=422&bv=22.10.v.9&tmpl=70
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=810&rd=810&fd=422&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash d3d4f68ed8b5acf14f48a43873d16e61
7868d3773ec36d25962ab1498570f2750f2f0c3f
d56ce593f4b4c6141e26bd24fe76389b1c1da06fa01dedc64c3c54b895a3401b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
set-cookie: uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1; expires=Mon, 31 Jan 2033 07:42:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
subscribestormyapprobation.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 subscribestormyapprobation.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37129), with no line terminators
Hash 2e2dd13c50438e4339321f450e13492f
169135c6959faa9b5f2d81fc6c7e54d478090ff5
768306e79c2e68d2e221eef0a4677c5cd04febc11e720f7a0444bc8917129892
Analyzer Verdict Alert quad9 Sinkholed
GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3d1b933d321a1e071efa5173675d7aa8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nvcm5lZXkuY29tL3c0TFdlVQ==&inc=0
185.162.85.2200 OK 0 B URL HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nvcm5lZXkuY29tL3c0TFdlVQ==&inc=0
IP 185.162.85.2:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nvcm5lZXkuY29tL3c0TFdlVQ==&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14597
Expires: Fri, 03 Feb 2023 11:45:45 GMT
Date: Fri, 03 Feb 2023 07:42:28 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Fri, 03 Feb 2023 05:43:18 GMT
Expires: Fri, 03 Feb 2023 07:43:18 GMT
Cache-Control: public, max-age=7200
Age: 7150
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash d3d4f68ed8b5acf14f48a43873d16e61
7868d3773ec36d25962ab1498570f2750f2f0c3f
d56ce593f4b4c6141e26bd24fe76389b1c1da06fa01dedc64c3c54b895a3401b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Cookie: uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1675410178015&cv=11&fst=1675410178015&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2099665.1675410178&data=event%3Dgtag.config&rfmt=3&fmt=4
216.58.207.194200 OK 921 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1675410178015&cv=11&fst=1675410178015&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2099665.1675410178&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2025), with no line terminators
Hash 68eceb4d09fa66d6c3fdb88e6aa3fb39
7d6ab8f20c8ce104a1880b49786c4a5a2efc7328
69a9a436b68de923a94e507e8c7f640ebfb17a3f0b6266a81e0a040a6b85b50c
GET /pagead/viewthroughconversion/997869120/?random=1675410178015&cv=11&fst=1675410178015&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2099665.1675410178&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 07:42:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 921
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 03-Feb-2023 07:57:28 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Content-Type: application/json
Origin: http://corneey.com
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d467e4f07942103a98dc4e84279a4fd6
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
104.26.4.107200 OK 2.7 kB URL HTTP/2 static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
IP 104.26.4.107:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 03e8158011a73d60ec162610d6609ec1
39f54f50eae1c70c02a650e330e83e47aac0dc11
0dc63c778688453c3df1fc3903c5620e1d6aed9eeb1020c24e1cd0790b5ef3bb
GET /bundles/smeweb/img/favicon.ico?2022-06-29.0 HTTP/1.1
Host: static.shorte.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: image/x-icon
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: W/"62bc13d5-a07"
x-server-id: shn09
x-ua-compatible: IE=Edge
expires: Fri, 03 Feb 2023 18:53:12 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 46156
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGJ2A5BhoyRnkp%2BDaFK4CeSp6%2FjzKDau1ZGAIh0JGriWhVDudQPNZBCg5oG5ET%2FgP4JVxRQXzAu8Jo03ndmRcE1SIqJwFPnOAlnvmYfkTzB1wwyzwYu4GKaxOxk2qe1QvPU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987b268e50b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=b0fe64b5281d48269600c946920b94bb&zoneId=4157053&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=b0fe64b5281d48269600c946920b94bb&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 632eb6e002fb788efc044f72c8d7cc89
6fea0461c3f3b599a9ddce30a9cb9ac58c7b95da
bf8230f5e6c5439a058897dab820c80a0128af2b287dbfd4ef518ec266f199e7
GET /gid.js?pub=0&userId=b0fe64b5281d48269600c946920b94bb&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://corneey.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b0fe64b5281d48269600c946920b94bb; expires=Sat, 03 Feb 2024 07:42:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.20200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be920be0f51a0efd8c474f0fd7cfb7cc
Strict-Transport-Security: max-age=0; includeSubdomains
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: dbb710bdef05e4efb774c445600a64b1
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 03 Feb 2023 07:42:28 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2FJfTJYKSk9dpKppUz8xtRn74iIhK5IG1aZwd1petCpC44kYH5A9VQJSf7CfonErA5TQevtZOdSb%2BdgJZWa8a4AES38E3vyvK2WEPfjaqjs49UVi%2BBlf%2F6dzuWSRtEI5TCMhKUg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793987b2ad368873-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=1996528538&t=pageview&_s=1&dl=http%3A%2F%2Fcorneey.com%2Fw4LWeU&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=441097126&gjid=1435415258&cid=1930559974.1675410178&uid=1&tid=UA-42296749-1&_gid=2121460205.1675410178&_r=1&_slc=1&cd2=2022-06-29.0&cd7=1&cd5=0&z=439789339
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1996528538&t=pageview&_s=1&dl=http%3A%2F%2Fcorneey.com%2Fw4LWeU&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=441097126&gjid=1435415258&cid=1930559974.1675410178&uid=1&tid=UA-42296749-1&_gid=2121460205.1675410178&_r=1&_slc=1&cd2=2022-06-29.0&cd7=1&cd5=0&z=439789339
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=1996528538&t=pageview&_s=1&dl=http%3A%2F%2Fcorneey.com%2Fw4LWeU&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=441097126&gjid=1435415258&cid=1930559974.1675410178&uid=1&tid=UA-42296749-1&_gid=2121460205.1675410178&_r=1&_slc=1&cd2=2022-06-29.0&cd7=1&cd5=0&z=439789339 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://corneey.com
date: Fri, 03 Feb 2023 07:42:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 07:42:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.148.87.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.87.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: N7RUoMBpDR25XK7/15KJlg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /dbJ6SlIO38IdBXB4n5nRrNP5SY=
www.google.no/pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1675410178015&cv=11&fst=1675407600000&bg=ffffff&guid=ON&async=1>m=45be3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fcorneey.com%2Fw4LWeU&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2677135112&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 07:42:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Content-Type: application/json
Origin: http://corneey.com
Content-Length: 593
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9621a32633de933f58e3775a4dd19739
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
js-agent.newrelic.com/859.95d4308d-1222.js
151.101.130.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/859.95d4308d-1222.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (6657), with no line terminators
Hash 364ac85aef21ab784eeec8f55116dff7
82089547d57defc88e114832b7eb9919a8876e31
255295be519de9a2d1040b1c547c25756b63310e2d7234bcf252ed41d5278c0b
GET /859.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PAOkWJ6WiOdnSUVZHZQv79Edy7uPwU81uM9fUJQx6T8UpQupKV3O9whnAR+3HGoYTBPmehtRe7k=
x-amz-request-id: WFN4FJZ1XN6DZ8EG
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "b087387593417c0b63259918da3584e3"
x-amz-version-id: GtNmis6Y3zB4SbtciuRtabFzp3T7wBIy
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 07:42:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 221
x-timer: S1675410149.605726,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2975
X-Firefox-Spdy: h2
js-agent.newrelic.com/41.95d4308d-1222.js
151.101.130.137200 OK 439 B URL HTTP/2 js-agent.newrelic.com/41.95d4308d-1222.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 46946da829a2257cd8bdeb75bc6f8ff9
bfb81d0ebb2c5a2c0fe666f6a9c4c09cc5a545b3
50e164f0b5274f88ecc28c833729663593b3380aed5a4ac3a06d29106332a544
GET /41.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2TG7kVMnt5x5EwbcjDgF/pAaH/jmgGXStlMFEbvOUPNYaRTe14pFRmwb0VQGFJQN7uXfEncHoqkNLs4TYWl92Q==
x-amz-request-id: MFEHG5GPGK6ZYQVP
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "29dd8aef66100e4c69e07fd60fc88b12"
x-amz-version-id: 6FOFyXAonMoqJqLGEMhx7HWIp32cv4MT
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 07:42:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 224
x-timer: S1675410149.648436,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 439
X-Firefox-Spdy: h2
js-agent.newrelic.com/569.95d4308d-1222.js
151.101.130.137200 OK 3.2 kB URL HTTP/2 js-agent.newrelic.com/569.95d4308d-1222.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (7513), with no line terminators
Hash 8d0953404ce6fdf0926ef6bf37d7e041
8cec9d9883f8b7720721bb33bffb4afe45193b1d
83966eef1899edd421692b78cda8df58dfb9b0b2b27a7485183c5b4cb44a336d
GET /569.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: v+E2uK5EOShfz1aeDzYcwNWitGv9mKnF6hMwgfWjfoR/qfIZPK6AF+v3z+by8JUQg3fSUYcltK4=
x-amz-request-id: WFNFJ5TESSHD3FE6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "e97726ab932639fed09971b1d682788c"
x-amz-version-id: umZj.yHws5JPiBHG1j096ELWHEKx7rh0
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 07:42:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 226
x-timer: S1675410149.649464,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3173
X-Firefox-Spdy: h2
js-agent.newrelic.com/620.95d4308d-1222.js
151.101.130.137200 OK 1.3 kB URL HTTP/2 js-agent.newrelic.com/620.95d4308d-1222.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (2989), with no line terminators
Hash 7094c3f93699a846fe91edd766391f01
25e8c79409acc2bb73a728c0768e1eda66019255
85eb01219e8aaa7c7968aa175c2421454f99615ae66350b15c60465f4616826f
GET /620.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: QggJtv+14rx8wEd4C6ZTDmmxUSe6+8jiYhTGnWcIRu6DC5pRiaL5fPRx8/lgChduQ7GqRSlO6xY=
x-amz-request-id: WFN5FXFSJTZYM7K6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "ca9b029ff66dd9146273984d16e20abc"
x-amz-version-id: HYguQMwVKEHCmodKuQRUzW1qxlElK9Xr
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 07:42:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 226
x-timer: S1675410149.649621,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1342
X-Firefox-Spdy: h2
js-agent.newrelic.com/457.95d4308d-1222.js
151.101.130.137200 OK 2.0 kB URL HTTP/2 js-agent.newrelic.com/457.95d4308d-1222.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (4809), with no line terminators
Hash 09c0cca8d2a9fd69f1892a1c2d1319b9
b46f4fe3b0adc98785d22a092818b74145a91cc0
593022809e272793157f8280bae176bfa74a02f9f9a6d3269384e2dd434be046
GET /457.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 6YLQBRWWkaavoi6QR5dS+9cRhXVrpaQK5v3G9/iqQ5oKPUxxFI0Uv2tN9ar51sQUG2xwVmTWBnY=
x-amz-request-id: WFN1Z9NXJZGF8XE5
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "c16abc7fa2e34cbb7baf3e290120ad5a"
x-amz-version-id: qROfxBD9CF8WXmbywdhvCmImuu9HvRNA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 07:42:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 230
x-timer: S1675410149.649799,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1953
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Content-Type: application/json
Origin: http://corneey.com
Content-Length: 361
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 43b9fca963d40222f80e26e272be3262
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b93d5a1dc5f2873f39580eac7dab7514
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8ea8a229-11da-420f-beee-d39ee7b665f2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 07:42:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14715b9e90b3043650eabb100163e1b1
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 282d6132e7d6e1c8aae030543ebb8ad4
3f0e12f89adeda9af0ae6065c810b216359b7581
6de5dfbdd3884f6505bebd5469c2cadc701bdee16ae542d87ea7204cf25be344
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4192
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:29 GMT
Last-Modified: Fri, 03 Feb 2023 06:32:37 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/a2f5b84c90?a=3488588&v=1222.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=1662&ck=0&s=26338c7c8358aeb4&ref=http://corneey.com/w4LWeU&ap=82&be=397&fe=1105&dc=541&perf=%7B%22timing%22:%7B%22of%22:1675410176920,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-4,%22c%22:-4,%22ce%22:-3,%22rq%22:62,%22rp%22:227,%22rpe%22:257,%22dl%22:381,%22di%22:928,%22ds%22:937,%22de%22:942,%22dc%22:1501,%22l%22:1501,%22le%22:1516%7D,%22navigation%22:%7B%7D%7D&fcp=681&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/a2f5b84c90?a=3488588&v=1222.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=1662&ck=0&s=26338c7c8358aeb4&ref=http://corneey.com/w4LWeU&ap=82&be=397&fe=1105&dc=541&perf=%7B%22timing%22:%7B%22of%22:1675410176920,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-4,%22c%22:-4,%22ce%22:-3,%22rq%22:62,%22rp%22:227,%22rpe%22:257,%22dl%22:381,%22di%22:928,%22ds%22:937,%22de%22:942,%22dc%22:1501,%22l%22:1501,%22le%22:1516%7D,%22navigation%22:%7B%7D%7D&fcp=681&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/a2f5b84c90?a=3488588&v=1222.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=1662&ck=0&s=26338c7c8358aeb4&ref=http://corneey.com/w4LWeU&ap=82&be=397&fe=1105&dc=541&perf=%7B%22timing%22:%7B%22of%22:1675410176920,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-4,%22c%22:-4,%22ce%22:-3,%22rq%22:62,%22rp%22:227,%22rpe%22:257,%22dl%22:381,%22di%22:928,%22ds%22:937,%22de%22:942,%22dc%22:1501,%22l%22:1501,%22le%22:1516%7D,%22navigation%22:%7B%7D%7D&fcp=681&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:29 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 793987b79af2b4ee-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18133
Expires: Fri, 03 Feb 2023 12:44:42 GMT
Date: Fri, 03 Feb 2023 07:42:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18133
Expires: Fri, 03 Feb 2023 12:44:42 GMT
Date: Fri, 03 Feb 2023 07:42:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d6ea028ef77181355868bb36e11a7b88
158bbc1deaf9becfab7a022140881c7cdfa569ba
639d95e5e0d47333b64456d10fdf58a6b08fc0534bdbefd0fbf1f95a3114aae2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13256
x-amzn-requestid: 80e76cde-e3b4-4561-9dd5-41ed978b5179
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpc79HgtoAMFnxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da0eb2-79750d82126858473cdaab70;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 07:03:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M8V4C2TS29wrxVDbhXjneMEOx7lAfv9vVklCosiY5gZLas-MaVuO5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 07:21:41 GMT
age: 1248
etag: "158bbc1deaf9becfab7a022140881c7cdfa569ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 35668
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe87e986c62630127a7fdd979c802947
28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf
770a765c927c0f81d0c41acd45a7a24f5799f9497fcc73489cab4fafbf994bdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5256
x-amzn-requestid: b0455eb8-b10c-4328-8abe-65c5184f6654
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frx7uFcooAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dafd17-553139816e1fb7b65e683dc6;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 00:00:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pwRBB72InX8OP4KXpQKTs9T4iMY0E3hPX8Nko9gd7m1BOm8_DqbRaA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:37:24 GMT
age: 25505
etag: "28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 34955
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflRBHU4IAMFnsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 03:08:32 GMT
age: 16437
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 34106
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a08deb23a1a3fc9750743c73ef28869f
059679628116d2e54f0d6e2da629a1b0ce745d01
89b7d731d17a2aadea74386b5ca8ddc92e0e38ba0a8f3e0159a6a8648f2f3306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89B7D731D17A2AADEA74386B5CA8DDC92E0E38BA0A8F3E0159A6A8648F2F3306"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9203
Expires: Fri, 03 Feb 2023 10:15:56 GMT
Date: Fri, 03 Feb 2023 07:42:33 GMT
Connection: keep-alive
choreinevitable.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8ea8a229-11da-420f-beee-d39ee7b665f2%3A1%3A1
173.233.137.36200 OK 3.9 kB URL HTTP/1.1 choreinevitable.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8ea8a229-11da-420f-beee-d39ee7b665f2%3A1%3A1
IP 173.233.137.36:0
File type JSON data\012- , ASCII text, with very long lines (5565), with no line terminators
Hash 0375c9f169fae7a5d06643ec3f481e70
e05b9c1539f9198d9ac05381c6f8c876c49256ac
ca2937260f49ffd01c33e3302335385b3513770fd8ff302c85edf00861ec7d91
GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8ea8a229-11da-420f-beee-d39ee7b665f2%3A1%3A1 HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:33 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://corneey.com
Access-Control-Allow-Origin: http://corneey.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Sat, 04 Feb 2023 07:42:33 GMT; secure; SameSite=None
uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1; expires=Fri, 10 Feb 2023 07:42:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 07:42:33 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 07:42:33 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 Feb 2023 07:42:33 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 Feb 2023 07:42:33 GMT; secure; SameSite=None
slec0826667673c6afa9f85340ed4fc8ef57=[3855423]; expires=Fri, 03 Feb 2023 07:42:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e302d829f111aca8bfd7bdb6e7013b67
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 535ce6dadd844002ae0b807970c884a8
e8abe99cfe19d65641e4de444b41bdf9371f5232
13ae259a09da181ef330490c3dd2a9d469a32f3b91365572045dbbbcd406496d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2786
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 07:42:33 GMT
Etag: "63dc0009-116"
Last-Modified: Fri, 03 Feb 2023 06:56:07 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278
choreinevitable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnVT3TM9PcgjGuGExbpYkskeprqqeLbemq6nqnp4dL4sRyXEED%2BKp95vdLKshmJsIQpj1IouHjIIs6IJHz4InDzKzA6MPut979b3D933vfbqbnxKKnJ2sv2cGSmt2OazSyusbKhGmcJW1exWfVunVyoZKGvWrlf70Z3tXfBpW6RuVm5JvmcsB9Sn1qV9ZUVbGpn95hkKlj9p%2BtU2r9aDqh3X07f97l3twzIPonZIXocTkwuaPT6D4GEn3mxvSbWUmffOdbq5ZZix64uD9ZCsxRYLuooythzg5mE%2FDuAkhX5yDSQ7mCmB6e1MFiNSEeL%2F6iJKDOU1Evf0zppGGTBCJ51H0xpB6DMXG4OY%2BlHhGAC6wdhtJ9%2BGasQXbPkPZFJ2Qpb%2F%2FgiomZOn3i0i6j69r1a%2FcNTrPlEkc%2BnEJ1R9DdcZI8yNkAw%2BqOALPPoYSBEm3hBInr7Uka7EgaC%2F7vmDL9YDGy5GUclnU2lI2o0YjjIOZNUqNoeIxtByCOQ%2F59FMe8thDnnroipMKC9sxpc04imu1Vp1zXqtxHrYaIhS1eiumyPmU%2BxBZOgTXQ3C7g9TuYEsNYfOncJslnPDgMoKeKFFIgsIRFIygUARFRlD0yn2hXeDKh0K7PPLnOZjnWjkyWWeX7ZusIxOym56SF6aGeUtfUmzJkwptBY1Go9lo1niDxawdt8JanUpRj3lLxmETTpVQ7txM5kBNyKXRU6RqQi58%2Bw8idgSnj8DVK2D5S2DFqBlQsM1RvUUxSA7dprGZrLoMwpRIsyVk296uPiWXZlu78ss1SH587fPBHzcfX%2FwI3JZIbYkP1Q8EHf1gdMcUZO%2BOKRx5cjvNVFcN2HSjdzOWyfNfvSu3C2PF6g03PHyLT4Fp%2BeiedNktlgiVdBz5%2BroSQtoVY7kk36%2B6DRmt527zem6TPL21%2FvbKaje10jllkjGYevZqAK4m5LnDD2a3%2BvInP0HZMWxeopsfk3lAmSPwdAcuXbB3hsDqxUyUeijycmSDaPGoFYGWi55FJdx%2F%2BmhR77oH6FgPLLs%2Fu9CeLdHTJZgewuXnR1lqj6%2F9XJsFIu2NIm29vUhb%2FdmZtU6dVGQY01jSQEZxO4qbjIp2XG9HrO3LZhQyH5mb8N%2B%2B%2B%2FNfAAAA%2F%2F8BAAD%2F%2F6BtN%2F6DBAAA
173.233.137.36200 OK 7 B URL HTTP/1.1 choreinevitable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnVT3TM9PcgjGuGExbpYkskeprqqeLbemq6nqnp4dL4sRyXEED%2BKp95vdLKshmJsIQpj1IouHjIIs6IJHz4InDzKzA6MPut979b3D933vfbqbnxKKnJ2sv2cGSmt2OazSyusbKhGmcJW1exWfVunVyoZKGvWrlf70Z3tXfBpW6RuVm5JvmcsB9Sn1qV9ZUVbGpn95hkKlj9p%2BtU2r9aDqh3X07f97l3twzIPonZIXocTkwuaPT6D4GEn3mxvSbWUmffOdbq5ZZix64uD9ZCsxRYLuooythzg5mE%2FDuAkhX5yDSQ7mCmB6e1MFiNSEeL%2F6iJKDOU1Evf0zppGGTBCJ51H0xpB6DMXG4OY%2BlHhGAC6wdhtJ9%2BGasQXbPkPZFJ2Qpb%2F%2FgiomZOn3i0i6j69r1a%2FcNTrPlEkc%2BnEJ1R9DdcZI8yNkAw%2BqOALPPoYSBEm3hBInr7Uka7EgaC%2F7vmDL9YDGy5GUclnU2lI2o0YjjIOZNUqNoeIxtByCOQ%2F59FMe8thDnnroipMKC9sxpc04imu1Vp1zXqtxHrYaIhS1eiumyPmU%2BxBZOgTXQ3C7g9TuYEsNYfOncJslnPDgMoKeKFFIgsIRFIygUARFRlD0yn2hXeDKh0K7PPLnOZjnWjkyWWeX7ZusIxOym56SF6aGeUtfUmzJkwptBY1Go9lo1niDxawdt8JanUpRj3lLxmETTpVQ7txM5kBNyKXRU6RqQi58%2Bw8idgSnj8DVK2D5S2DFqBlQsM1RvUUxSA7dprGZrLoMwpRIsyVk296uPiWXZlu78ss1SH587fPBHzcfX%2FwI3JZIbYkP1Q8EHf1gdMcUZO%2BOKRx5cjvNVFcN2HSjdzOWyfNfvSu3C2PF6g03PHyLT4Fp%2BeiedNktlgiVdBz5%2BroSQtoVY7kk36%2B6DRmt527zem6TPL21%2FvbKaje10jllkjGYevZqAK4m5LnDD2a3%2BvInP0HZMWxeopsfk3lAmSPwdAcuXbB3hsDqxUyUeijycmSDaPGoFYGWi55FJdx%2F%2BmhR77oH6FgPLLs%2Fu9CeLdHTJZgewuXnR1lqj6%2F9XJsFIu2NIm29vUhb%2FdmZtU6dVGQY01jSQEZxO4qbjIp2XG9HrO3LZhQyH5mb8N%2B%2B%2B%2FNfAAAA%2F%2F8BAAD%2F%2F6BtN%2F6DBAAA
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnVT3TM9PcgjGuGExbpYkskeprqqeLbemq6nqnp4dL4sRyXEED%2BKp95vdLKshmJsIQpj1IouHjIIs6IJHz4InDzKzA6MPut979b3D933vfbqbnxKKnJ2sv2cGSmt2OazSyusbKhGmcJW1exWfVunVyoZKGvWrlf70Z3tXfBpW6RuVm5JvmcsB9Sn1qV9ZUVbGpn95hkKlj9p%2BtU2r9aDqh3X07f97l3twzIPonZIXocTkwuaPT6D4GEn3mxvSbWUmffOdbq5ZZix64uD9ZCsxRYLuooythzg5mE%2FDuAkhX5yDSQ7mCmB6e1MFiNSEeL%2F6iJKDOU1Evf0zppGGTBCJ51H0xpB6DMXG4OY%2BlHhGAC6wdhtJ9%2BGasQXbPkPZFJ2Qpb%2F%2FgiomZOn3i0i6j69r1a%2FcNTrPlEkc%2BnEJ1R9DdcZI8yNkAw%2BqOALPPoYSBEm3hBInr7Uka7EgaC%2F7vmDL9YDGy5GUclnU2lI2o0YjjIOZNUqNoeIxtByCOQ%2F59FMe8thDnnroipMKC9sxpc04imu1Vp1zXqtxHrYaIhS1eiumyPmU%2BxBZOgTXQ3C7g9TuYEsNYfOncJslnPDgMoKeKFFIgsIRFIygUARFRlD0yn2hXeDKh0K7PPLnOZjnWjkyWWeX7ZusIxOym56SF6aGeUtfUmzJkwptBY1Go9lo1niDxawdt8JanUpRj3lLxmETTpVQ7txM5kBNyKXRU6RqQi58%2Bw8idgSnj8DVK2D5S2DFqBlQsM1RvUUxSA7dprGZrLoMwpRIsyVk296uPiWXZlu78ss1SH587fPBHzcfX%2FwI3JZIbYkP1Q8EHf1gdMcUZO%2BOKRx5cjvNVFcN2HSjdzOWyfNfvSu3C2PF6g03PHyLT4Fp%2BeiedNktlgiVdBz5%2BroSQtoVY7kk36%2B6DRmt527zem6TPL21%2FvbKaje10jllkjGYevZqAK4m5LnDD2a3%2BvInP0HZMWxeopsfk3lAmSPwdAcuXbB3hsDqxUyUeijycmSDaPGoFYGWi55FJdx%2F%2BmhR77oH6FgPLLs%2Fu9CeLdHTJZgewuXnR1lqj6%2F9XJsFIu2NIm29vUhb%2FdmZtU6dVGQY01jSQEZxO4qbjIp2XG9HrO3LZhQyH5mb8N%2B%2B%2B%2FNfAAAA%2F%2F8BAAD%2F%2F6BtN%2F6DBAAA HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Cookie: u_pl=17078832; uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2445945aaa2816380e0fada17f307c3c
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2223
Expires: Fri, 03 Feb 2023 08:19:37 GMT
Date: Fri, 03 Feb 2023 07:42:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2223
Expires: Fri, 03 Feb 2023 08:19:37 GMT
Date: Fri, 03 Feb 2023 07:42:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2223
Expires: Fri, 03 Feb 2023 08:19:37 GMT
Date: Fri, 03 Feb 2023 07:42:34 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/qr2.png
172.64.166.9200 OK 7.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/qr2.png
IP 172.64.166.9:0
File type PNG image data, 1160 x 1160, 8-bit/color RGB, non-interlaced\012- data
Hash 96bc1a4596b2dab3ce51232ef5daadef
8f032266c1b818ac9dbb3efeb06e7910a7f68f9d
39d99d4eee2bfa7b42e3ee095877935af95eaa139c30e0f9e864ceec5578862f
GET /sb/interstitial/default/qr/62/img/qr2.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: image/png
content-length: 7188
last-modified: Tue, 22 Nov 2022 17:47:47 GMT
etag: "637d0b43-1c14"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4474037
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zP4ahEop1AvhnneGucuc3snR9rg0wFrTFRB0hICtXj4UzhiDGJ2wJwYnB8yMljsh8mcs%2B24KyCYrCRdRU9y7l09RWA0T7EdE%2BI%2FFs7sa6ipLISbNGG3PW%2Bl23QKvt4VTO9thKvLzrTSF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da397575db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/1.png
172.64.166.9200 OK 50 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/1.png
IP 172.64.166.9:0
File type PNG image data, 980 x 980, 8-bit/color RGBA, non-interlaced\012- data
Hash 1143a7b3bc5051147099facc8dc1432e
3a01609fb60f785d3233a788dff4351a1d79d4c9
ff708dfd7d816c51832a47cebfaf051422ddd0ab0d96588b55a1a2b89c1f3f73
GET /sb/interstitial/default/qr/62/img/1.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: image/png
content-length: 49867
last-modified: Tue, 22 Nov 2022 11:33:40 GMT
etag: "637cb394-c2cb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4474037
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cq0XeyfB0uQhXtaGr6XrCOV0mVFzq%2B4AJEYllpSasWvtxzH3Q%2BYy11FgmhTPKfGLE5BcM%2BYbWYNSwPNIO0wXLmVjcuIk2xzHoKMM1P1G%2Fy986%2BqTVp4h%2B77z3vPxrMmztj1%2FJF7UKhEY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da497775db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
corneey.com/shortest-url/end-adsession?adSessionId=7f69d700759378107d66a628806065b93d7db915&adbd=0&callback=reqwest_1675410177543
104.26.7.218200 OK 173 B URL HTTP/1.1 corneey.com/shortest-url/end-adsession?adSessionId=7f69d700759378107d66a628806065b93d7db915&adbd=0&callback=reqwest_1675410177543
IP 104.26.7.218:0
File type ASCII text, with no line terminators
Hash f895d03ae65b16ba1798d32eefd9df2f
1ab2e2693f860a516c9c7339264253878a586c91
67b6656a72b65b33313f532776b7de521b514ed0aaa29d3c846d90408a69006b
GET /shortest-url/end-adsession?adSessionId=7f69d700759378107d66a628806065b93d7db915&adbd=0&callback=reqwest_1675410177543 HTTP/1.1
Host: corneey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://corneey.com/w4LWeU
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.2099665.1675410178; dom3ic8zudi28v8lr6fgphwffqoz0j6c=8ea8a229-11da-420f-beee-d39ee7b665f2%3A1%3A1; _ga=GA1.2.1930559974.1675410178; _gid=GA1.2.2121460205.1675410178; _gat=1; ppu_main_34c6b37755370ea4318f4ff4946df449=1; sb_main_0826667673c6afa9f85340ed4fc8ef57=1; sb_count_0826667673c6afa9f85340ed4fc8ef57=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=choreinevitable.com
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:42:34 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=v8hk90vqftg0am8uivv7vctpv5; expires=Fri, 03-Feb-2023 08:42:34 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fcorneey.com%2Fw4LWeU; expires=Sat, 04-Feb-2023 07:42:34 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuwiykxKWg6nwTcY8PH1ar38pdwb64Qy%2FQ55R%2B60WlTOqnt9gRIqGnCQj7UBrxAebf7YIDsnfQyj1RraRMWWbduL1nXTlwrhTjglhYPf%2BMYteabKxEV6BJPSQQnK5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793987da19770b02-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/close.svg
172.64.166.9200 OK 922 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/close.svg
IP 172.64.166.9:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 4d989be9c0fb270ebd77b31f2f2a9bfa
6793180a62555008bf4f465246bda47f21fa66a8
b5f0ae2043636bfc0b9c99ec32130a94e2c920ba093ebf86b31c2e07cde1a1bd
GET /sb/interstitial/default/qr/62/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Mar 2021 09:40:04 GMT
etag: W/"605865f4-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4474038
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skJfOBKtqbkUsWXyt1wpTLDWt5lF3lHLAGZReWXjLWdGAUyeu6Yc2JrOKOoIVfr7q0H0D8q3S3Fs2BTDkcZrS3wc4GJ3vvGg8bv4s2dI%2BlTjHef9xLWyd9UJxMBQXJBiQRSj3Lhsxzfo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da397075db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/js/script.js
172.64.166.9200 OK 310 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/js/script.js
IP 172.64.166.9:0
Hash 5006f9ba184c91d6e80ef0bbbba5f2b7
90a8fd72c4c712e6598405fb21e7b1f1094eaa9c
e2d9b2833523404f62b3cdf6d02def2099f514e9fe38318e8129576e34e8dec8
GET /sb/interstitial/default/qr/62/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: application/javascript
last-modified: Sun, 11 Dec 2022 21:20:02 GMT
etag: W/"63964982-2c4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=953X91%2B4ee8oAjOEW2rE4NNBROybfSaOAU7yxDcKO%2BguUI2DcP9RUkLwP00usnL2ac94YKwMj63MN%2BHOhl1O%2Bq45o5MxofbUluOnnCUvMt%2BrGztMqIL3rwi%2FYd75rEBiqeMr0CQulMKi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da296775db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
choreinevitable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnfTfzPQkh2CMGxbjZkkie5TqqurZcmu6mqru6dnxshiRHEfwIJ56v9nNshqCuYkghFkvsnjIKMiCLnj0LHjyIDM7MPqg%2B71X3zt83%2Ffep7vFKXFR0JP19%2FRAKkUvN%2Bpu7fUNmXJd2travZrn1t2rtQ2ZNsOrtf70Z3pXPLdRd9%2Bo3RRsS1%2F2Xc91PderrUgjEt2%2FPEMhs0dtr95266Ff9xoh%2Bub%2FvS0cWOqA907Ji5B8cmHzxyeQbIy0%2B80NYbdynb35TrdQNNcGPX7wfrqV6jJFd1EmxkGSHsynoe2EkC%2FOQacHcwXQvb2pAsRyQpxfPcTpwZwm4t7%2BGdNYQaSI%2BfMoe2MINYakYzB9H5I%2FIwDjWLuNtPtwTZuSbp%2BhdIpOyNLff0GWE7L0%2B0Wk3cfXlezX7mpV5FKnFv2kguyPITtjZMUR8oEDWR6B5R9DcoK0W0Hyk9ciQSPq%2B%2B1lz%2BN0OfTdZDkWQizzoC1EK242G4k%2Fs0bKMWQyhhJDUOugmH7SQZE4KDIHXX5So4124rqtJE6CIAoZY0HAWCNq8gYPwihxUbAp9yHybAimhmBmB5nZwZYcwhRPYTcrWO7A5gQ9XqEUBKUlKClBKQnKnKDsVftcWd9WD7myRezNsz%2FPQTXSeWeX7uu8I1Kym52SF6aGOUtfutgSJzU38pvNZqvZCliTJrSdRI0gdAUPExaJpNGClRWkPTeTOZATcmn0FJmckAvf%2FoOYHsGqIzD5CmjxEmg5avku6OYojFwM0kO7qU0u6jYH1xWyfAn5trOrTsml2dau%2FHINgh1f%2B3zwx83HFz8CMxUyU%2BFD%2BQNBRz0Y3dEl2bujS0ue3M5y2ZUDOt3o3Zzm4vxX74rtUhu%2BesMOD99iU2BaPronbH6LplymHUu%2Bvi45F2ZFGybI96t2Q8Trhd28Xpi0yG6tv72y2s2MsFbqdAwqn73qg8kJee7wg9mtvvzJT5BmDFNU6BbHZB6Q%2Bggs24HNFuytJjBqMRNnDsqiGhk%2FXjwqSaDEoqdxBfufPl7Uu%2FYBOsYBze%2FPLrRnKvRUBaqGsMX5UZ6Z42s%2FB7NArJxRrIyzFyujPjuz1sqTWsMLRRRHLcZ5LBj3Wn4QBa7rcx622sJrI7cT9tt3f%2F4LAAD%2F%2FwEAAP%2F%2FtGW5GIMEAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 choreinevitable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnfTfzPQkh2CMGxbjZkkie5TqqurZcmu6mqru6dnxshiRHEfwIJ56v9nNshqCuYkghFkvsnjIKMiCLnj0LHjyIDM7MPqg%2B71X3zt83%2Ffep7vFKXFR0JP19%2FRAKkUvN%2Bpu7fUNmXJd2travZrn1t2rtQ2ZNsOrtf70Z3pXPLdRd9%2Bo3RRsS1%2F2Xc91PderrUgjEt2%2FPEMhs0dtr95266Ff9xoh%2Bub%2FvS0cWOqA907Ji5B8cmHzxyeQbIy0%2B80NYbdynb35TrdQNNcGPX7wfrqV6jJFd1EmxkGSHsynoe2EkC%2FOQacHcwXQvb2pAsRyQpxfPcTpwZwm4t7%2BGdNYQaSI%2BfMoe2MINYakYzB9H5I%2FIwDjWLuNtPtwTZuSbp%2BhdIpOyNLff0GWE7L0%2B0Wk3cfXlezX7mpV5FKnFv2kguyPITtjZMUR8oEDWR6B5R9DcoK0W0Hyk9ciQSPq%2B%2B1lz%2BN0OfTdZDkWQizzoC1EK242G4k%2Fs0bKMWQyhhJDUOugmH7SQZE4KDIHXX5So4124rqtJE6CIAoZY0HAWCNq8gYPwihxUbAp9yHybAimhmBmB5nZwZYcwhRPYTcrWO7A5gQ9XqEUBKUlKClBKQnKnKDsVftcWd9WD7myRezNsz%2FPQTXSeWeX7uu8I1Kym52SF6aGOUtfutgSJzU38pvNZqvZCliTJrSdRI0gdAUPExaJpNGClRWkPTeTOZATcmn0FJmckAvf%2FoOYHsGqIzD5CmjxEmg5avku6OYojFwM0kO7qU0u6jYH1xWyfAn5trOrTsml2dau%2FHINgh1f%2B3zwx83HFz8CMxUyU%2BFD%2BQNBRz0Y3dEl2bujS0ue3M5y2ZUDOt3o3Zzm4vxX74rtUhu%2BesMOD99iU2BaPronbH6LplymHUu%2Bvi45F2ZFGybI96t2Q8Trhd28Xpi0yG6tv72y2s2MsFbqdAwqn73qg8kJee7wg9mtvvzJT5BmDFNU6BbHZB6Q%2Bggs24HNFuytJjBqMRNnDsqiGhk%2FXjwqSaDEoqdxBfufPl7Uu%2FYBOsYBze%2FPLrRnKvRUBaqGsMX5UZ6Z42s%2FB7NArJxRrIyzFyujPjuz1sqTWsMLRRRHLcZ5LBj3Wn4QBa7rcx622sJrI7cT9tt3f%2F4LAAD%2F%2FwEAAP%2F%2FtGW5GIMEAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTjYXPSm55CAO6kHBnfTfzPQkh2CMGxbjZkkie5TqqurZcmu6mqru6dnxshiRHEfwIJ56v9nNshqCuYkghFkvsnjIKMiCLnj0LHjyIDM7MPqg%2B71X3zt83%2Ffep7vFKXFR0JP19%2FRAKkUvN%2Bpu7fUNmXJd2travZrn1t2rtQ2ZNsOrtf70Z3pXPLdRd9%2Bo3RRsS1%2F2Xc91PderrUgjEt2%2FPEMhs0dtr95266Ff9xoh%2Bub%2FvS0cWOqA907Ji5B8cmHzxyeQbIy0%2B80NYbdynb35TrdQNNcGPX7wfrqV6jJFd1EmxkGSHsynoe2EkC%2FOQacHcwXQvb2pAsRyQpxfPcTpwZwm4t7%2BGdNYQaSI%2BfMoe2MINYakYzB9H5I%2FIwDjWLuNtPtwTZuSbp%2BhdIpOyNLff0GWE7L0%2B0Wk3cfXlezX7mpV5FKnFv2kguyPITtjZMUR8oEDWR6B5R9DcoK0W0Hyk9ciQSPq%2B%2B1lz%2BN0OfTdZDkWQizzoC1EK242G4k%2Fs0bKMWQyhhJDUOugmH7SQZE4KDIHXX5So4124rqtJE6CIAoZY0HAWCNq8gYPwihxUbAp9yHybAimhmBmB5nZwZYcwhRPYTcrWO7A5gQ9XqEUBKUlKClBKQnKnKDsVftcWd9WD7myRezNsz%2FPQTXSeWeX7uu8I1Kym52SF6aGOUtfutgSJzU38pvNZqvZCliTJrSdRI0gdAUPExaJpNGClRWkPTeTOZATcmn0FJmckAvf%2FoOYHsGqIzD5CmjxEmg5avku6OYojFwM0kO7qU0u6jYH1xWyfAn5trOrTsml2dau%2FHINgh1f%2B3zwx83HFz8CMxUyU%2BFD%2BQNBRz0Y3dEl2bujS0ue3M5y2ZUDOt3o3Zzm4vxX74rtUhu%2BesMOD99iU2BaPronbH6LplymHUu%2Bvi45F2ZFGybI96t2Q8Trhd28Xpi0yG6tv72y2s2MsFbqdAwqn73qg8kJee7wg9mtvvzJT5BmDFNU6BbHZB6Q%2Bggs24HNFuytJjBqMRNnDsqiGhk%2FXjwqSaDEoqdxBfufPl7Uu%2FYBOsYBze%2FPLrRnKvRUBaqGsMX5UZ6Z42s%2FB7NArJxRrIyzFyujPjuz1sqTWsMLRRRHLcZ5LBj3Wn4QBa7rcx622sJrI7cT9tt3f%2F4LAAD%2F%2FwEAAP%2F%2FtGW5GIMEAAA%3D HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Cookie: u_pl=17078832; uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 614d9023e10a02bf22f33565ae0f22d4
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.yourwebbars.com/sb/interstitial/default/qr/62/index.html
172.67.74.218200 OK 862 kB URL HTTP/2 cdn.yourwebbars.com/sb/interstitial/default/qr/62/index.html
IP 172.67.74.218:0
File type HTML document, ASCII text, with very long lines (1857)
Size 862 kB (861949 bytes)
Hash a792dd1106f24d66283fb558fab4ab39
9d087606188f57bc1a798a4b9ceed271d889eea6
333c2309b7d2d984f020ea6eb617230bb08d0c9f3dd0398354307bd53f8c4259
GET /sb/interstitial/default/qr/62/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: text/html
last-modified: Mon, 12 Dec 2022 08:31:58 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OteQ7oLpGOpvNQs7Yr5CpqXZNYwO%2FLlDAfFCuP5lrgKw4fFdyCGFIs2Cl3jwCyLeUnNWb1SVB2PnfdahaTbJE7rh6LOw5x%2FX5JQ1ps%2BanZay5Jx87otyrrTpKPj8VdceOhphW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987d57f7cb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
choreinevitable.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 choreinevitable.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbs?c=1 HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Cookie: u_pl=17078832; uid_id2=8ea8a229-11da-420f-beee-d39ee7b665f2:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 07:42:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/new_free.svg
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/new_free.svg
IP 172.64.166.9:0
GET /sb/interstitial/default/qr/62/img/new_free.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:33:42 GMT
etag: W/"637cb396-609"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4474038
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ul%2BWymcJdSHYhqUVFbOARqQRHqasPo1zlZr711NHlOv5DLFKCUeoeGest%2B05g7M7qYbHN8k%2BdHCjNjhG48GZ%2BkolF9ejX5KUTsaBtcmDaLPGylvCMS5QKs4WjK9zhLxb2ULwN6jkQh31"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da397275db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/loading.svg
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/loading.svg
IP 172.64.166.9:0
GET /sb/interstitial/default/qr/62/img/loading.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:33:42 GMT
etag: W/"637cb396-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4474037
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1h8so5HGHIPdwgBDB%2B91DpWyTEPGmvcXgcLMLO5%2Bv9VJntjDlYcZXDij5TjD%2FEoUbsrcnvUShK2Ri%2Fx%2FWX7d08pE58TubZlAy5pgmwhr%2BCvCp2ajqkIJjCsm0G4I7gLn1yyk163IJ1p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da397475db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:27 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.415
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/universal.min.js?v=3.1.415
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-18c6c"
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/defaultSkin.min.js
IP 139.45.197.250:0
Analyzer Verdict Alert fortinet Phishing
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://corneey.com/
Origin: http://corneey.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 07:42:28 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-df63"
access-control-allow-origin: http://corneey.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,700
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,700
IP 142.250.74.138:0
GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 07:42:27 GMT
date: Fri, 03 Feb 2023 07:42:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/style.css
IP 172.64.166.9:0
GET /sb/interstitial/default/qr/62/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://corneey.com
Connection: keep-alive
Referer: http://corneey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 07:42:34 GMT
content-type: text/css
last-modified: Mon, 12 Dec 2022 08:30:46 GMT
etag: W/"6396e6b6-202e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5j%2BKJjjxqjDIC74EWDY%2BWR75rAWJHCtJgoOs7W5msOPOXYKM%2BonEGKgvVvrdmOUKSaN9yrrFzrmeUR%2Bsowl6FynW1NYiWSsJnTmg2cUBQrgui0X8%2FGHBeWVTveIk20KQIWa3eIKSy5%2BS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793987da296475db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2