r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6288
Expires: Fri, 25 Nov 2022 00:08:06 GMT
Date: Thu, 24 Nov 2022 22:23:18 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5070
Cache-Control: max-age=135143
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 22:23:18 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:55:41 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3867
Expires: Thu, 24 Nov 2022 23:27:45 GMT
Date: Thu, 24 Nov 2022 22:23:18 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 22:17:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 358
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sFFvu8r93HvyA/T3y1i4+fcrvDuqPxj3+tv3fwGntDE350pPjqbePrFNkYXY8nJobIkCGpeDJ2M=
x-amz-request-id: WM80MTPG1Q470N36
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 21:40:33 GMT
age: 2565
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
neexulro.net/-1IWGP/YW8ng%5C74br?rndad=1806887089-1669328590
104.21.0.99302 Found 0 B URL HTTP/1.1 neexulro.net/-1IWGP/YW8ng%5C74br?rndad=1806887089-1669328590
IP 104.21.0.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /-1IWGP/YW8ng%5C74br?rndad=1806887089-1669328590 HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 24 Nov 2022 22:23:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=bu6da85v5133kh0ocv18adh4ht; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: /not-found.php
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3F1AEwVlQA9bjjz4jJaffAdNsA99yKCEpkx7pBjSilMd9TzKoSzk8bRDA5U%2B59rlclCl%2FmCd04soby44Cjht9NFx%2Bayx30ZeovgLurjDik67tidgJtnKuGkuiCohnQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f58c5acf21b500-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 22:23:18 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
neexulro.net/not-found.php
104.21.0.99404 Not Found 2.9 kB URL HTTP/1.1 neexulro.net/not-found.php
IP 104.21.0.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6710)
Hash def70654c48068836d6b06bd11c5388a
6c677742845eef2be19a84f7a0c6bbf37223d121
9df1ba236dbf1167ebf9061a439190d11c3777931ac60cb149d33f30557209b3
GET /not-found.php HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: FLYSESSID=bu6da85v5133kh0ocv18adh4ht
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Thu, 24 Nov 2022 22:23:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I49avxi62twXUfNThvZGlhz0TfAopJop75EL7yNb7bZI4sFFVqPkM2CXmMamr3boO0%2FbRCu9Gt8OifqjqvL1aN05HvkWKOrGzjdrgxq2KNECw%2Faq83Ck%2Fvs7rXXuVIs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f58c5c9953b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 22:08:53 GMT
cache-control: public,max-age=3600
age: 865
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9f70c4115712ce5aec9fee04fec7d381
28b80bdd50a03c8938d327cba8f1386eb9165bbb
85c64ea82e508e53de40a97576ae7870c5ee47912f759375b9f0d41881639b0a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2293
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 22:23:18 GMT
Etag: "637fa79e-117"
Last-Modified: Thu, 24 Nov 2022 21:45:05 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3927
Cache-Control: max-age=128938
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 22:23:18 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:12:16 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
cdn.ay.gy/static/image/logo.png
172.67.194.125200 OK 11 kB URL HTTP/2 cdn.ay.gy/static/image/logo.png
IP 172.67.194.125:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.ay.gy/static/css/static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: image/png
content-length: 10726
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 22:07:02 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCzPotTz2zy684itYC1r09xZrQkxWlJ2kVoBYznjKiN392Roqlzm8qD23Oc85TMuyXr4zbbMCKD4RA2kXH5vV0RqvGPvhMOQDYdqwd3xbNT0%2BFJiuHm1Ebeg4wE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f58c604b28b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.51.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.51.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4os+Md4mNuv0jMzXBfC4aQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PCl60Vc0HQ6THH2dMNTtL4N+yYY=
d1nmxiiewlx627.cloudfront.net/?ixmnd=709056
54.230.245.47200 OK 36 kB URL HTTP/1.1 d1nmxiiewlx627.cloudfront.net/?ixmnd=709056
IP 54.230.245.47:0
File type Unicode text, UTF-8 text, with very long lines (15478)
Hash 4b0a9fad1e7854e252f821da8e5d383b
1c52f0ff9968b9c4b02c72e96ddfcb57a7c6ecd6
9508a531b482099518715d7e2d18907920a850be9a4b37a493c8f179b1d1872b
Analyzer Verdict Alert fortinet Malware
GET /?ixmnd=709056 HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Content-Length: 36042
Connection: keep-alive
Date: Thu, 24 Nov 2022 22:23:19 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Fez777KkmfeoQXmHYZK6G4XyVJHuI1jxDuL21F0ZwooxgfguZEZrEA==
fbcdn2.com/script/compatibility.js
104.16.218.20200 OK 4.9 kB URL HTTP/1.1 fbcdn2.com/script/compatibility.js
IP 104.16.218.20:0
File type ASCII text, with very long lines (14461), with no line terminators
Hash dfc1ef193e722034b53ecdad122950eb
0bc2035e46a7ebc8e22f06f7f4d8e6aa646c7f19
35c379bfbbac999a2ca7542c1ce9c3796f5e51ca5896b06e84fb8ddf41e0870d
GET /script/compatibility.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 22:23:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdsYVeUqe7zrRqV9IyOO_psrQuR4iDA0NR-6PK01KvOg0NXVo2O8vjjzn9sBnSfZcDuPEy3IFbekew1tYfQiLjZ2tw
x-goog-generation: 1655802523449377
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14461
x-goog-hash: crc32c=COVK0Q==, md5=lGu5GSoU5trQNansgXjwcw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Fri, 25 Nov 2022 02:23:19 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:43 GMT
ETag: W/"946bb9192a14e6dad035a9ec8178f073"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f58c605f44b4f4-OSL
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cd68ca69e11ea523173f643d774c0b8f
a2f89f2e07b69cafc41efa2bc4548a04c5b81d95
8094b372e49f5ab920ef260ab9706d07b3ee6ea036813ad6f332254a4a2a3e9c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8094B372E49F5AB920EF260AB9706D07B3EE6EA036813AD6F332254A4A2A3E9C"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16356
Expires: Fri, 25 Nov 2022 02:55:55 GMT
Date: Thu, 24 Nov 2022 22:23:19 GMT
Connection: keep-alive
cdn.ay.gy/static/image/header_gradient.jpg
172.67.194.125200 OK 8.9 kB URL HTTP/2 cdn.ay.gy/static/image/header_gradient.jpg
IP 172.67.194.125:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x370, components 3\012- data
Hash fb59af58265bb1390fb680a13aa401bd
bd8ea333c27936aa02250d4e5258d71c3faf5d14
31046d9e08a11c69776b85464fbb52bd99e83950b368c556a280cbad09e164b4
GET /static/image/header_gradient.jpg HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.ay.gy/static/css/static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: image/jpeg
content-length: 8872
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 22:23:19 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "22a8-5faa60e6-8ab4b5241d6b4a64;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIwrTzVOoGdzfbApQR0Q6PFkbEJ1UcHSSOD63q0OP35gx%2BwPzPIxDNO4V2z6hj%2FpS9BMGaMdWBRNmjGegDWU1ADln7YTIBUX81BsL1mBHfwo62%2FoJfTpt0Vk7xo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f58c604b26b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pemainedperio.com/czBxOGESUhJVXhINEx4UAVxMHVM1FUN+BUJeHEAIGlUGVBlFAkYWAh9fBFwHAV8fTE8dVQUdUzV8KFUZR38lcSMySCteJSFpN3AgInYkVDc6dDBqJDFXBW85MXojdjcAczAJVRJRMGIwIFcJfDcfCRJgDSVkNXkVNXhAWyw3ACRxJzJ9OH8GIncjegY6Zh1UBzVyQGwwC3kSfQ0hdzIIDj1nMAAxMkc7aTkUBD9gMAcAJwgrOngwejIhcUhpOTJpNXxRHGgkfhYkZCNcMCt1GnIpNXo7a1IAaCR+FiNlN0A0JHZBcwI2VBRrJDZ1J1MNP1UJXDArcVxIMTUBNEwyIls5bCcLYjl5IyBzCQkAJGFAcjIdCDBtDUJ5MmkvIGgnCC0yVyB+Ih9IJHwzIVQyCzMnaDQIOTJbIGIzIldXUhIcXgEFLBEAEAoDIgRD
54.230.111.124200 OK 1.2 kB URL HTTP/1.1 pemainedperio.com/czBxOGESUhJVXhINEx4UAVxMHVM1FUN+BUJeHEAIGlUGVBlFAkYWAh9fBFwHAV8fTE8dVQUdUzV8KFUZR38lcSMySCteJSFpN3AgInYkVDc6dDBqJDFXBW85MXojdjcAczAJVRJRMGIwIFcJfDcfCRJgDSVkNXkVNXhAWyw3ACRxJzJ9OH8GIncjegY6Zh1UBzVyQGwwC3kSfQ0hdzIIDj1nMAAxMkc7aTkUBD9gMAcAJwgrOngwejIhcUhpOTJpNXxRHGgkfhYkZCNcMCt1GnIpNXo7a1IAaCR+FiNlN0A0JHZBcwI2VBRrJDZ1J1MNP1UJXDArcVxIMTUBNEwyIls5bCcLYjl5IyBzCQkAJGFAcjIdCDBtDUJ5MmkvIGgnCC0yVyB+Ih9IJHwzIVQyCzMnaDQIOTJbIGIzIldXUhIcXgEFLBEAEAoDIgRD
IP 54.230.111.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash a08c124c8d24c7c566bf9d7bd10be9f3
ed17abdba177c44e0850d8d629c9af2294f8af59
a15a2ee5c8a9fc24ce3ec3937606d426c8ac1f4676c5a94a9fd4b43caa3ade93
GET /czBxOGESUhJVXhINEx4UAVxMHVM1FUN+BUJeHEAIGlUGVBlFAkYWAh9fBFwHAV8fTE8dVQUdUzV8KFUZR38lcSMySCteJSFpN3AgInYkVDc6dDBqJDFXBW85MXojdjcAczAJVRJRMGIwIFcJfDcfCRJgDSVkNXkVNXhAWyw3ACRxJzJ9OH8GIncjegY6Zh1UBzVyQGwwC3kSfQ0hdzIIDj1nMAAxMkc7aTkUBD9gMAcAJwgrOngwejIhcUhpOTJpNXxRHGgkfhYkZCNcMCt1GnIpNXo7a1IAaCR+FiNlN0A0JHZBcwI2VBRrJDZ1J1MNP1UJXDArcVxIMTUBNEwyIls5bCcLYjl5IyBzCQkAJGFAcjIdCDBtDUJ5MmkvIGgnCC0yVyB+Ih9IJHwzIVQyCzMnaDQIOTJbIGIzIldXUhIcXgEFLBEAEAoDIgRD HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1183
Connection: keep-alive
Date: Thu, 24 Nov 2022 22:23:19 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fRCKrVQGFzBNDaMjDuIozlYzO7PO-MQqNBv1IqFBMV5Lco0_PtaTrA==
engingsecondu.com/bXA4T2hCT1s8VQkcUzUKXDpoLQ8dFWJ/PhwyVHYCPzd5CD8qIR47AQlND39RXUUOaRgEFAV9UUsDTC4cGAMFfk4EHl4gVUsGBX5GXV4Of0ZcVk1yWUsESC4PUEEePxwZHAV+XltJC31QWEkAd15b
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/bXA4T2hCT1s8VQkcUzUKXDpoLQ8dFWJ/PhwyVHYCPzd5CD8qIR47AQlND39RXUUOaRgEFAV9UUsDTC4cGAMFfk4EHl4gVUsGBX5GXV4Of0ZcVk1yWUsESC4PUEEePxwZHAV+XltJC31QWEkAd15b
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bXA4T2hCT1s8VQkcUzUKXDpoLQ8dFWJ/PhwyVHYCPzd5CD8qIR47AQlND39RXUUOaRgEFAV9UUsDTC4cGAMFfk4EHl4gVUsGBX5GXV4Of0ZcVk1yWUsESC4PUEEePxwZHAV+XltJC31QWEkAd15b HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 22:23:19 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qRoQmyzn%2FJJXQ%2B6rLPxbHwSnjeMYkVwka5syq8CZCakXbRQzXboBhW1lIf4vyFEc%2FEeolnWg8N6fT%2B64pBHisFxK5%2B84FaLhnInhlIKw57ANezYKX8Hb%2Bwu96yDZJxxJhfDyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f58c61caf2fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cd68ca69e11ea523173f643d774c0b8f
a2f89f2e07b69cafc41efa2bc4548a04c5b81d95
8094b372e49f5ab920ef260ab9706d07b3ee6ea036813ad6f332254a4a2a3e9c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8094B372E49F5AB920EF260AB9706D07B3EE6EA036813AD6F332254A4A2A3E9C"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16356
Expires: Fri, 25 Nov 2022 02:55:55 GMT
Date: Thu, 24 Nov 2022 22:23:19 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13374
Expires: Fri, 25 Nov 2022 02:06:13 GMT
Date: Thu, 24 Nov 2022 22:23:19 GMT
Connection: keep-alive
pemainedperio.com/utx?cb=SL3FAkt0pHmE&top=neexulro.net&tid=709056
54.230.111.124204 No Content 0 B URL HTTP/2 pemainedperio.com/utx?cb=SL3FAkt0pHmE&top=neexulro.net&tid=709056
IP 54.230.111.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SL3FAkt0pHmE&top=neexulro.net&tid=709056 HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 22:23:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 22:24:19 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9LFTMPtdzm-eMlezLONKmVqPmO4JoOSMAW4OuIZEHYYA1n3-LTxafA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13374
Expires: Fri, 25 Nov 2022 02:06:13 GMT
Date: Thu, 24 Nov 2022 22:23:19 GMT
Connection: keep-alive
d1nmxiiewlx627.cloudfront.net/LYmx4OTIBAxZfDRYFHAQFUlVIDAREBgtWXBJRNVsCA14aaAZQSgxDVl9cXlVTDAtFH1cMD0UIFAMIGgQGRBgIVllfFB1TQxIcElRGC0oNWA8PAwJQXg4NXQt0V0JIHABSRA9QXAYDD0oXUFwWTRdQXEkJHFJJS3sXUFwPUFxUWF0KcEdeSEEEVklLexdQXA-pPF1EtSQkHTFxRHABSCx1aWQ1JSn8AUl1ICQNSXV0LAgQFClxUDRRdC3RTXE0XAkQZRQg
54.230.245.47200 OK 456 B URL HTTP/1.1 d1nmxiiewlx627.cloudfront.net/LYmx4OTIBAxZfDRYFHAQFUlVIDAREBgtWXBJRNVsCA14aaAZQSgxDVl9cXlVTDAtFH1cMD0UIFAMIGgQGRBgIVllfFB1TQxIcElRGC0oNWA8PAwJQXg4NXQt0V0JIHABSRA9QXAYDD0oXUFwWTRdQXEkJHFJJS3sXUFwPUFxUWF0KcEdeSEEEVklLexdQXA-pPF1EtSQkHTFxRHABSCx1aWQ1JSn8AUl1ICQNSXV0LAgQFClxUDRRdC3RTXE0XAkQZRQg
IP 54.230.245.47:0
File type ASCII text, with very long lines (593), with no line terminators
Hash b792deafec37f5ec992b03f229ecac84
a8032a4d45a68c6610a5613da63611b7a1cf97aa
e57a2e702b342713cfd3352a51c536479f140cdfbe82e91b02b7c965dcdd54b0
Analyzer Verdict Alert fortinet Malware
GET /LYmx4OTIBAxZfDRYFHAQFUlVIDAREBgtWXBJRNVsCA14aaAZQSgxDVl9cXlVTDAtFH1cMD0UIFAMIGgQGRBgIVllfFB1TQxIcElRGC0oNWA8PAwJQXg4NXQt0V0JIHABSRA9QXAYDD0oXUFwWTRdQXEkJHFJJS3sXUFwPUFxUWF0KcEdeSEEEVklLexdQXA-pPF1EtSQkHTFxRHABSCx1aWQ1JSn8AUl1ICQNSXV0LAgQFClxUDRRdC3RTXE0XAkQZRQg HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pemainedperio.com/
HTTP/1.1 200 OK
Content-Length: 456
Connection: keep-alive
Date: Thu, 24 Nov 2022 22:23:19 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FsoICtz3LRN7-PgCzQl1PGb7lP0jrVrTYsp4UM45KbCjfEykps_ORw==
fbcdn2.com/script/firefox.js
104.16.218.20200 OK 3.7 kB URL HTTP/1.1 fbcdn2.com/script/firefox.js
IP 104.16.218.20:0
File type ASCII text, with very long lines (11758), with no line terminators
Hash 9cec94fe431f2a287a07b6ae67093935
77cfbdf64caeabaa890e537408e66d9c3fd80cde
f803761c68ac15eaad6f0ccd84b35ac312da397359f6badf8b8c40b5df068896
GET /script/firefox.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 22:23:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdvH-yqjXKyaHKUPK-aQKwedkGEubqC3QMOqF_XwP5SDPhN4By_4HctypCwXqOBx7LQKpL2ZiP3qSkpfNExP2kFHWw
Expires: Fri, 25 Nov 2022 02:23:19 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:59 GMT
ETag: W/"1461940cfd6093640b63b931682cce4d"
x-goog-generation: 1655802539797909
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11758
x-goog-hash: crc32c=BzbV2Q==, md5=FGGUDP1gk2QLY7kxaCzOTQ==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f58c636b76b4f4-OSL
Content-Encoding: gzip
onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.864413560432236&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
35.190.71.96200 OK 1.4 kB URL HTTP/1.1 onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.864413560432236&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
IP 35.190.71.96:0
File type ASCII text, with very long lines (5437)
Hash 6d9719272a5fe0c32056bb4bb93ddbfe
1e527757360d052cd1f2acd228c9b79e22620094
dfdd2db9a3d727fd3d75ed1ca0b0afd424d516eeea3277889e636d1b171b6bed
GET /script/suurl.php?r=2984815&cbrandom=0.864413560432236&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com HTTP/1.1
Host: onclickgenius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://neexulro.net/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 24 Nov 2022 22:23:19 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
pogothere.xyz/asd100.bin
172.64.172.27200 OK 102 kB IP 172.64.172.27:0
Size 102 kB (102458 bytes)
Hash 2e96d549342dbddc6004b6ea9e0819ab
4645c882a026a788884794cb0353cea0be82ac75
e3d71be6a7a2321afc5ec18a13286b8c2bfe6559baba29212c593da483d7c81d
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/
Origin: http://neexulro.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://neexulro.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3934
last-modified: Thu, 24 Nov 2022 21:17:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOJhywLV0FTg8Fwz9q2ctzyI97FYUInJKo6On%2FGq%2BSZiyyhaqTMcT0iLxKmZFi5EcPrdjQEjRZMP5oXHCfZb038uvc0prwjDo8an9q80LkK%2FqDdVCadaUjoadRFvoXVa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f58c6318f775c3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pemainedperio.com/multi?cs=dFkyTlNNbgt%2FZkdqB35iRmAHeWU&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2051407252855642&agec=1669328599&fs=1&mbkb=260.4166666666667&ref=http%3A%2F%2Fneexulro.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_jdL2=1669328599506&crc=1
54.230.111.124200 OK 1.5 kB URL HTTP/2 pemainedperio.com/multi?cs=dFkyTlNNbgt%2FZkdqB35iRmAHeWU&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2051407252855642&agec=1669328599&fs=1&mbkb=260.4166666666667&ref=http%3A%2F%2Fneexulro.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_jdL2=1669328599506&crc=1
IP 54.230.111.124:0
File type ASCII text, with very long lines (3167), with no line terminators
Hash 661141bf37593fb390badfa467e3f2ca
88171ced5f3654872b37b6954d006ed1fffd10ba
b26d4d976f6bc26c238c62160e5d99e60fe1cca87a4fa6b278c406b29108caa5
GET /multi?cs=dFkyTlNNbgt%2FZkdqB35iRmAHeWU&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2051407252855642&agec=1669328599&fs=1&mbkb=260.4166666666667&ref=http%3A%2F%2Fneexulro.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_jdL2=1669328599506&crc=1 HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://neexulro.net
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1489
date: Thu, 24 Nov 2022 22:23:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://neexulro.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=375522f1-b15f-4967-b794-cd57598c6014
csu=2051407252855642
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aL4H8kiYYmciZc462Vc8vbjQdA41FYhWHcz29KQEUN1J1cI71VUgwg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5879
Expires: Fri, 25 Nov 2022 00:01:19 GMT
Date: Thu, 24 Nov 2022 22:23:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5879
Expires: Fri, 25 Nov 2022 00:01:19 GMT
Date: Thu, 24 Nov 2022 22:23:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5879
Expires: Fri, 25 Nov 2022 00:01:19 GMT
Date: Thu, 24 Nov 2022 22:23:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5879
Expires: Fri, 25 Nov 2022 00:01:19 GMT
Date: Thu, 24 Nov 2022 22:23:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ve4q5FDkwMGhPK6ZVVVCZtoBTaGaz43r_PwINzwS5Nx5tcZeQkVIfw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:49:48 GMT
age: 2012
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 54478
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i-SR0Oc5IyCfMI-jrAMnnicCIZEQOL6BXBFWvEShF2TZo1DgqBUdwg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:03:56 GMT
age: 1164
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 54553
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:08 GMT
age: 2172
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ox9avQZ9Y6A9Lxmh5KTfvyhia9DMwfy-0eP-8AaMffegrLYUhAwzoQ==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:57:20 GMT
age: 1560
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.ay.gy/static/css/static.css
172.67.194.125200 OK 0 B URL HTTP/2 cdn.ay.gy/static/css/static.css
IP 172.67.194.125:0
GET /static/css/static.css HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 22:23:18 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: W/"1a4-5faa60e6-bc0e201398a2fd8f;gz"
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXF23M9QqDgcefNKUEehlvjOlQq%2Bet5uiHJguWkmdYv7neAENLOeepn8M4gOaGsWwaDv06qm0SjslODGiT6%2B5MKDlF8%2BUnl5m7WLYKK6AvwJSkyPXsszwr%2Fiqis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f58c5e782eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://neexulro.net/
Origin: http://neexulro.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: text/plain
set-cookie: csu=2051407252855642@1@1669328599; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://neexulro.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muIwBxfo7RZ0p4iH8tMflV06X3ky5m%2F4UYwBBeeyMlgtCOVf18jmS84xwzko4J2TXk1I48IzHTvEwJCSC0SAA%2B2XZP6P%2F8Sw9%2B4eNaaJ%2BS07sm7y2KSYSDWRBvjtP3Na"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f58c6328fb75c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ay.gy/static/image/favicon.ico
172.67.194.125200 OK 0 B URL HTTP/2 cdn.ay.gy/static/image/favicon.ico
IP 172.67.194.125:0
GET /static/image/favicon.ico HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://neexulro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 22:23:19 GMT
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 22:23:19 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: W/"47e-5faa60e6-656df8558f10c428;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BtZ9nOR0e6WLBPaXeM6biioxF80VKnrjC2tk3QjJ1nVmJg9q9VkaxEz1d4zJyXdK0KJtClFqapyqHneYb2vpNpK%2FbxkXIG3iJR%2Fn847Sg55wCe9hi%2FLBvdErrs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f58c629df7b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2