r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e1e94f036b0e677a492e4238b9443034
862ebeb19164d77b65229976b12338c399ce0bd9
1875033f6e187cdb371b497b6640a3c9625283b6a4b12de5bbc5be326365b6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1875033F6E187CDB371B497B6640A3C9625283B6A4B12DE5BBC5BE326365B6A9"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12352
Expires: Tue, 14 Feb 2023 06:06:32 GMT
Date: Tue, 14 Feb 2023 02:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3534c46dafa4e959cb5f4aba0b1d8cd7
f4aa8774355b04bf1f074aeb73c56c52b32568ab
68b7b6679046611b607c073416e818c6d0391e2953ecc8781b02e57a9b5af306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68B7B6679046611B607C073416E818C6D0391E2953ECC8781B02E57A9B5AF306"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12540
Expires: Tue, 14 Feb 2023 06:09:40 GMT
Date: Tue, 14 Feb 2023 02:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b39c3955aa73765d5c9cbe0d4c52f83
b13bf774f0189207d90d846b86b68fcf2f64f868
f6fea261b800d26e329ced17006c9f5d10b6c490dac3b2276cc7b0e2aa38316c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6FEA261B800D26E329CED17006C9F5D10B6C490DAC3B2276CC7B0E2AA38316C"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5737
Expires: Tue, 14 Feb 2023 04:16:17 GMT
Date: Tue, 14 Feb 2023 02:40:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ag5J7I/fm1etDhj2PQ97q77DZ39XDRuEYV3YRitnGQYj0TklUsu8LV5XKORBXtgI7PUDbbjZyn4=
x-amz-request-id: 8W3EKVQ0SJP679FP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Feb 2023 01:48:20 GMT
age: 3140
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Feb 2023 01:49:00 GMT
content-type: application/json
age: 3100
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
classactionlawsuitcenter.com/wp-admin/ass/amexnew.zip
69.16.215.169403 Forbidden 329 B URL HTTP/1.1 classactionlawsuitcenter.com/wp-admin/ass/amexnew.zip
IP 69.16.215.169:0
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash e731999b57ab53521af3746eb560930c
33aa359845ed30ffc034fb70f89547183396e390
2c81552949a7948a4844f6f957e9492648c5bd40f8250c434e30780652f95897
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/ass/amexnew.zip HTTP/1.1
Host: classactionlawsuitcenter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Date: Tue, 14 Feb 2023 02:40:40 GMT
Server: Apache
X-Powered-By: PHP/7.0.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 329
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Feb 2023 02:40:40 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, Pragma, Expires, Cache-Control, Retry-After, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Feb 2023 02:14:53 GMT
age: 1548
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a1bb15ab1d462a8d42634fa3770311f6
1296a2888bc7ce2454bdb6a9c5c0f0d5ce06ee8e
4c02117d1e50f834e691c8270a985132614dccdaed24330db55891dc3fd605e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C02117D1E50F834E691C8270A985132614DCCDAED24330DB55891DC3FD605E5"
Last-Modified: Sun, 12 Feb 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19119
Expires: Tue, 14 Feb 2023 07:59:20 GMT
Date: Tue, 14 Feb 2023 02:40:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 188e06be43a4f1b02aa98f1762147970
5e6b7e3a172fb7327331fd8c7f74559d079bd4fb
89bd97cff26b8d656f26db21b59b02fbc3f671ac903e1e44735c7472ebd05090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89BD97CFF26B8D656F26DB21B59B02FBC3F671AC903E1E44735C7472EBD05090"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16928
Expires: Tue, 14 Feb 2023 07:22:49 GMT
Date: Tue, 14 Feb 2023 02:40:41 GMT
Connection: keep-alive
oo.coffee/Gxu0r2
190.115.26.9302 Found 0 B IP 190.115.26.9:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /Gxu0r2 HTTP/1.1
Host: oo.coffee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://classactionlawsuitcenter.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=yi50NgYLfPwYENlJiP87; Domain=.oo.coffee; HttpOnly; Path=/; Expires=Wed, 14-Feb-2024 02:40:41 GMT
date: Tue, 14 Feb 2023 02:40:41 GMT
location: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAkQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&usg=AOvVaw3jzxWN4CgVK52zZWXUVnKV
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 704848873afb62f820c1b194e3620519
6b5dc73daf065a51ee2364b34f0e488902663d3d
19c8c76bb1c818f85ff5aafdf3d0bdd9e7ee2a4ec0753954d220eb2f23a234a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAkQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&usg=AOvVaw3jzxWN4CgVK52zZWXUVnKV
216.58.207.228200 OK 606 B URL HTTP/2 www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAkQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&usg=AOvVaw3jzxWN4CgVK52zZWXUVnKV
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1135)
Hash 82aaf9a038f24c1740d89459b15973b7
cb23ff1ceddaf4752745c5a1df4f7ef97242ed4e
d94a0b6c7c46b3ccb852f2dc3efdb21c0eda80b2a1734a59e4df103a465fcd67
GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAkQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&usg=AOvVaw3jzxWN4CgVK52zZWXUVnKV HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://classactionlawsuitcenter.com/
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 02:40:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 606
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.129.99101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.129.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DQtrIDtlDXVuDzo9DEwEsw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qtut3qK5C7D0AkJq5agFRGXQq8A=
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 37b45c4ebc1145728f780e4cd1bf2a29
ca3c2184e79f92b82174361ab66d1395623dfa10
32aa9ba294cd3d43d0efa444111f7a623e06d0720d553e1ccbb663c378e44779
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 800ec6bffdddcd7337471358635c43db
c86c717bc28a45fd314aae83aa3e25079fc9dab5
5b2381c5a9dadf59c7c020049ea2cf085187ebd8e332f76396951baf5fb9a0f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5B2381C5A9DADF59C7C020049EA2CF085187EBD8E332F76396951BAF5FB9A0F1"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2918
Expires: Tue, 14 Feb 2023 03:29:19 GMT
Date: Tue, 14 Feb 2023 02:40:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 800ec6bffdddcd7337471358635c43db
c86c717bc28a45fd314aae83aa3e25079fc9dab5
5b2381c5a9dadf59c7c020049ea2cf085187ebd8e332f76396951baf5fb9a0f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5B2381C5A9DADF59C7C020049EA2CF085187EBD8E332F76396951BAF5FB9A0F1"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2917
Expires: Tue, 14 Feb 2023 03:29:19 GMT
Date: Tue, 14 Feb 2023 02:40:42 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 93f72e129e7ce75b3543e87b83883d80
882f195240b34d160182dd34d265bb522f5b078d
bc7bdf1e4173bed0bab6368071615629292c13c4aba42159f5152bf619590d0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-62733008-16
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-62733008-16
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash 95491ea36a01c5d10ee83c0367d1d859
e222a87efb94712f7ec1b988b4b98bef0e855845
f4a5d3476bb7abca05512bebd099b6744a09478b2a7a6b5cf7351211415afa9a
GET /gtag/js?id=UA-62733008-16 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 14 Feb 2023 02:40:42 GMT
expires: Tue, 14 Feb 2023 02:40:42 GMT
cache-control: private, max-age=900
last-modified: Tue, 14 Feb 2023 00:12:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44117
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 93f72e129e7ce75b3543e87b83883d80
882f195240b34d160182dd34d265bb522f5b078d
bc7bdf1e4173bed0bab6368071615629292c13c4aba42159f5152bf619590d0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10359
Expires: Tue, 14 Feb 2023 05:33:21 GMT
Date: Tue, 14 Feb 2023 02:40:42 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10359
Expires: Tue, 14 Feb 2023 05:33:21 GMT
Date: Tue, 14 Feb 2023 02:40:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd366980e-ad23-4d6b-8dd7-adc8309568fd.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd366980e-ad23-4d6b-8dd7-adc8309568fd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 262b43386e404cb3d320c47c4cf792c1
87f304f8583fe6b6e942a9dbcb5efb5ee94987f2
ca0f72005920b2b2f49c387314540f3cd2f3d7808f0365dfb1c491500e8a8714
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd366980e-ad23-4d6b-8dd7-adc8309568fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8065
x-amzn-requestid: cd663372-92d4-4e6f-b89f-f5855ce61bec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_y6EwloAMFmkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaacdf-0a38848661ced8615f95f6ab;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yX_eEo0HW0deZTidEOAosqqYTc4gJ4Zt8kMq9Ft1OEZW74aCRIOWJg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:31:34 GMT
age: 14948
etag: "87f304f8583fe6b6e942a9dbcb5efb5ee94987f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48c61999-a2a2-438f-8c0e-f38b9e51567f.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48c61999-a2a2-438f-8c0e-f38b9e51567f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b302287f861b1e046f86b902e08b6edd
1574004bac64d367279cc0b253d9678ecd3a6fe8
1f6fc77a1a273c5fa5430e98f0166758d9b3ecd910ee012bdedcc2b695ef27c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48c61999-a2a2-438f-8c0e-f38b9e51567f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3012
x-amzn-requestid: 6d3d36a0-d4a1-475b-bf0e-b0cde61f1001
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_x5HTGoAMF0Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaacd8-58f5a5bb64eed8cc7ce7c670;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CLBI0E5eIiwNjIGFNAYE3dqt3cCSUf2qnylqzzkdQ0N135aHsyde6w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:14:59 GMT
age: 15943
etag: "1574004bac64d367279cc0b253d9678ecd3a6fe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 14 Feb 2023 01:45:20 GMT
expires: Tue, 14 Feb 2023 03:45:20 GMT
cache-control: public, max-age=7200
age: 3322
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 504b69ec2b6350345c36777959b0765a
c302824325b8f0839c7de54af9c5bd02541e4269
6e3a5b1cd7d17a9f448b8189d5683567269b3b3d461838770482283898008f39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14477
x-amzn-requestid: 2544b5cc-3fb0-4536-88ec-8cb9044fb612
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANtsXFBYoAMF6tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e88fe8-452901f67af9f5d95ccc61c3;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 07:06:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hy4pKD0EX3RY8ayeOzmZvNG-K7qwaVP4VPjPOxcpUGmk2x09fKFFRg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 07:20:10 GMT
age: 69632
etag: "c302824325b8f0839c7de54af9c5bd02541e4269"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74073173-a5a0-46f8-b23e-201ea802ab67.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74073173-a5a0-46f8-b23e-201ea802ab67.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dfbb7efa6627641ed50ee7738b2e2561
a759d26d6c811f964125ccba6e11498bca6b64c8
d1b2ea74eb288c5530c761830023830e43a6e8441594252736d6aa130dfd6520
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74073173-a5a0-46f8-b23e-201ea802ab67.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8419
x-amzn-requestid: d19bc4f6-4174-4563-a1ef-c27ba0a9e3ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_zuHdGIAMFQlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace4-5e914df75bfda625564e1142;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e0GAkTbo83Kf6PvNKGWEeTfnGeFsgaNYwkTj6wLZcvSY_Ax4cW8jjA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:14:48 GMT
age: 15954
etag: "a759d26d6c811f964125ccba6e11498bca6b64c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37b2975c3f6a43a2e17affd8aa40ac68
b3db997a3f6ba6805cff0a6267db09adb97531ce
af996382d9c1c02b1e4b22fe6e2f5ff94d9d2c2a5ea972c01e68eb97ff4db1a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4498
x-amzn-requestid: a8ca66bd-e43c-42c7-9215-a2adc943237d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_1RHYFoAMFajg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaacee-730337f0135fe0ee6ea2f9ef;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ocy9Z9NB8C2YzwMQDKN1fygOLWC66SHU9-JkWuvpusYhMtJjO9W-Jg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:31:30 GMT
etag: "b3db997a3f6ba6805cff0a6267db09adb97531ce"
content-type: image/jpeg
age: 14952
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa801374a-514c-45d6-b314-1b177300684c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa801374a-514c-45d6-b314-1b177300684c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 798c45b6ff58fbda19c7e927267cf234
fc569c547b361ff3fe3d28e362bb09546d0e75f5
d35b11adf84262c8aa485fa1a93d485c71f1a68a68cfedb142946ccc3bf809ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa801374a-514c-45d6-b314-1b177300684c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: ed7c343b-63cf-4294-8dd1-c0f619c7a305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_0hEpKIAMF6-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace9-22bc96ba036f73575f3b8d30;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SMHjJzrBytie2Xe4KVVpP7oL6Wlzwr0us4bIhcJLMbEHrhOcE5lb3g==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:14:55 GMT
age: 15947
etag: "fc569c547b361ff3fe3d28e362bb09546d0e75f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=230418668&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20SEC%20has%20denied%20Bitcoin%20ETF%20applications%20from%20Ark%20and%2021%20Shares%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=418206794&gjid=414794924&cid=383076543.1676342523&tid=UA-62733008-16&_gid=1760383454.1676342523&_r=1>m=457e32d0&z=1818147198
142.250.74.46200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=230418668&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20SEC%20has%20denied%20Bitcoin%20ETF%20applications%20from%20Ark%20and%2021%20Shares%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=418206794&gjid=414794924&cid=383076543.1676342523&tid=UA-62733008-16&_gid=1760383454.1676342523&_r=1>m=457e32d0&z=1818147198
IP 142.250.74.46:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=230418668&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6057%2Fthe-sec-has-denied-bitcoin-etf-applications-from-ark-shares&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20SEC%20has%20denied%20Bitcoin%20ETF%20applications%20from%20Ark%20and%2021%20Shares%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=418206794&gjid=414794924&cid=383076543.1676342523&tid=UA-62733008-16&_gid=1760383454.1676342523&_r=1>m=457e32d0&z=1818147198 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://en.rawafedpor.com
date: Tue, 14 Feb 2023 02:40:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018
142.250.74.34200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018
IP 142.250.74.34:0
File type ASCII text, with very long lines (3649)
Hash b49c2f68a147974b024ae6be5ed7bc99
279789168e4ba0351051b86467df2e01d76cb5ad
0563027afb801b4507fb1c52b56c9c49503d59ec1932aa11e8e09200fd31dd53
GET /pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 14 Feb 2023 02:40:42 GMT
expires: Tue, 14 Feb 2023 02:40:42 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 2566109986135661270
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49764
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/html/r20230209/r20190131/zrt_lookup.html
216.58.207.226200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230209/r20190131/zrt_lookup.html
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20230209/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Mon, 13 Feb 2023 09:08:51 GMT
expires: Mon, 27 Feb 2023 09:08:51 GMT
cache-control: public, max-age=1209600
age: 63112
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 289c721a8d4c809119c8015f7b9e2f57
6473ff534c0d3ffc6873ef4884ff2f335f0323fa
108552f1aad2695468046727ad48f1ebd565de267daf033abd9c5f4e3fe79cff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 3ecda6402bed3bfe73c74062dd44d91c
c7f05151380acd68a277aef01b008d67c3281499
2aba9f429c1e0ac0e3dccadd60c9a0bc71310f703c262eb0a1dfd43e12613cfa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=en.rawafedpor.com
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=en.rawafedpor.com
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.rawafedpor.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 14 Feb 2023 02:40:43 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 37b45c4ebc1145728f780e4cd1bf2a29
ca3c2184e79f92b82174361ab66d1395623dfa10
32aa9ba294cd3d43d0efa444111f7a623e06d0720d553e1ccbb663c378e44779
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 289c721a8d4c809119c8015f7b9e2f57
6473ff534c0d3ffc6873ef4884ff2f335f0323fa
108552f1aad2695468046727ad48f1ebd565de267daf033abd9c5f4e3fe79cff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=en.rawafedpor.com
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=en.rawafedpor.com
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.rawafedpor.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 14 Feb 2023 02:40:43 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f48f404b096233d450cf335d9f40f24e
18ce733026e09526ffba5f79822902bffcbbd4e1
547f22d026f56991f3b61db25c1331a88a3728276bed76b89619cb738c195547
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env
142.250.74.34200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env
IP 142.250.74.34:0
File type JSON data\012- , ASCII text, with very long lines (14737), with no line terminators
Hash 735186cb68cb4ed4a63f750d10e94585
1daa9192bca39ecf5bb46b1672e4e7fa4813c239
63acd3c39b4bf673a1b9bbe84ae10cde5b07e68953c7f71817b33e3cad13fcce
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Tue, 14 Feb 2023 02:40:43 GMT
server: cafe
content-length: 11127
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 484e53a930dca698bd7dcec23cdc891e
d90ba836c73496656d393bfaf2ba43aece47c660
d5e78fab358c361c979e404a310b5d9bc1ea1e402dccd9e6de21835e814b3aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.211.1200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 14 Feb 2023 02:40:43 GMT
expires: Tue, 14 Feb 2023 02:40:43 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.211.1200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.211.1:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 13 Feb 2023 08:45:21 GMT
expires: Tue, 13 Feb 2024 08:45:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 64522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js
142.250.74.34200 OK 14 kB URL HTTP/2 pagead2.googlesyndication.com/bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (36261)
Hash fe7434f1fad140d4ebf214920cbe9fa6
b8c2950deef5e55aef9abeec4e98723efcb9eece
9f85f155715202d6a416b775cc86f1cdd60db35bffaed2a1d86445893c44bc11
GET /bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 13 Feb 2023 15:09:31 GMT
expires: Tue, 13 Feb 2024 15:09:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 41472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 704848873afb62f820c1b194e3620519
6b5dc73daf065a51ee2364b34f0e488902663d3d
19c8c76bb1c818f85ff5aafdf3d0bdd9e7ee2a4ec0753954d220eb2f23a234a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 02:40:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.207.228200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 6a78d283c0448ebe6e217d2ff8780426
165bf73607c4cfe0cf37b2e58e120a89ea857957
5cd5cc834e9e8dfbc10159c58c10859b053c9c2b9d82dc1e6c8a8539da1e52ad
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 14 Feb 2023 02:40:43 GMT
date: Tue, 14 Feb 2023 02:40:43 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-LAwMAvgc6gjQnfuYdWv2PQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1266029803828655&rc=
142.250.74.34204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1266029803828655&rc=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1266029803828655&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 02:40:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1266029803828655&bg=!i4iliNzNAAYuhb89DoU7ADkAdvg8WvY-jXmVQMHzuCj3a7rQTdt9LETvo_yQJDduV2SJO6FLja8tK5QZ3Vhh8TKumYbVqOsovSUCAAAAeVIAAAAFaAEHCgAGthNc3d4UmQKIxAgVxAeAR4Dw3TCW93LHGdtpwFKPU3jV_YYwgS8PcNIquOvnpTkBR9WsFXGxY-IVFd2oiZTuTSaQ6sK39xuTxCSfbjJM7x43KRTSPYAW3Uu4Q-MFKdP4Y1JSrDvV9AJeGTnCfrHCDHQHEwzr7rlCRCE1DlqKc6vgnv7AJ-QE3DSHfJbY_2Biqy2YvdE2IdZuKhXIcQZmxSWhw6FlRDg5nP8gPeGyiEgfyIYsFnu8rCYoVcN0vlJMtXnrw2plXLn7MpBCI7ImT6wqqL-QIjL_QXnTOfLsfQxrj9LRU0EySKQB9pkQwKFbtFIFq3F-tVsp_GKiCL4ou81ex31eckvFcOoa7u7052rxi878M7TYyd1Yy2I5qxo77oKDyv-37c65OnbVir45nwddpCGOlSm0M7lnCXr0PStVVCckSjOMlmdZlvxV--4B0Miksa6MNLSg_-OIRlqfd5jJwAds_0wVOxbPFLtMgX-MakJhHmGxuOgi_bDyG_CKWIeKvBQsck6mw_S-_wsVePaGNYgV_IINvsDWh4H0rqvXfA_6t8ENf9UoMHPbXfLQ2_z-RguNSn-k4Ak5JBeyBvZuwzZSA8V0kXhP83jviPbRI3FtH6Rg1_ziNWCsSLfQ-DNe7hMA_Di3phODAGKaq2peWy34KFNByDwAk8rRcAiYlz9n3g7YLTCnkOceb7YwKvqMLZq1RNZpUEGkHFBYRoCfWmdUHnlMG4mAZqAw4lsBcJcUe162HjlyiP1UrOHbW4ChGOxd4TVRdo23c1EhTKP-5aQgecyIzrjnLOrdNOt-XjyDyzpDUQuGzqP2X7zwTEbIuaq_iMPHjzd4t2rWQz2pmM_5u3JocTQ43toeUiAi
142.250.74.34204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1266029803828655&bg=!i4iliNzNAAYuhb89DoU7ADkAdvg8WvY-jXmVQMHzuCj3a7rQTdt9LETvo_yQJDduV2SJO6FLja8tK5QZ3Vhh8TKumYbVqOsovSUCAAAAeVIAAAAFaAEHCgAGthNc3d4UmQKIxAgVxAeAR4Dw3TCW93LHGdtpwFKPU3jV_YYwgS8PcNIquOvnpTkBR9WsFXGxY-IVFd2oiZTuTSaQ6sK39xuTxCSfbjJM7x43KRTSPYAW3Uu4Q-MFKdP4Y1JSrDvV9AJeGTnCfrHCDHQHEwzr7rlCRCE1DlqKc6vgnv7AJ-QE3DSHfJbY_2Biqy2YvdE2IdZuKhXIcQZmxSWhw6FlRDg5nP8gPeGyiEgfyIYsFnu8rCYoVcN0vlJMtXnrw2plXLn7MpBCI7ImT6wqqL-QIjL_QXnTOfLsfQxrj9LRU0EySKQB9pkQwKFbtFIFq3F-tVsp_GKiCL4ou81ex31eckvFcOoa7u7052rxi878M7TYyd1Yy2I5qxo77oKDyv-37c65OnbVir45nwddpCGOlSm0M7lnCXr0PStVVCckSjOMlmdZlvxV--4B0Miksa6MNLSg_-OIRlqfd5jJwAds_0wVOxbPFLtMgX-MakJhHmGxuOgi_bDyG_CKWIeKvBQsck6mw_S-_wsVePaGNYgV_IINvsDWh4H0rqvXfA_6t8ENf9UoMHPbXfLQ2_z-RguNSn-k4Ak5JBeyBvZuwzZSA8V0kXhP83jviPbRI3FtH6Rg1_ziNWCsSLfQ-DNe7hMA_Di3phODAGKaq2peWy34KFNByDwAk8rRcAiYlz9n3g7YLTCnkOceb7YwKvqMLZq1RNZpUEGkHFBYRoCfWmdUHnlMG4mAZqAw4lsBcJcUe162HjlyiP1UrOHbW4ChGOxd4TVRdo23c1EhTKP-5aQgecyIzrjnLOrdNOt-XjyDyzpDUQuGzqP2X7zwTEbIuaq_iMPHjzd4t2rWQz2pmM_5u3JocTQ43toeUiAi
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1266029803828655&bg=!i4iliNzNAAYuhb89DoU7ADkAdvg8WvY-jXmVQMHzuCj3a7rQTdt9LETvo_yQJDduV2SJO6FLja8tK5QZ3Vhh8TKumYbVqOsovSUCAAAAeVIAAAAFaAEHCgAGthNc3d4UmQKIxAgVxAeAR4Dw3TCW93LHGdtpwFKPU3jV_YYwgS8PcNIquOvnpTkBR9WsFXGxY-IVFd2oiZTuTSaQ6sK39xuTxCSfbjJM7x43KRTSPYAW3Uu4Q-MFKdP4Y1JSrDvV9AJeGTnCfrHCDHQHEwzr7rlCRCE1DlqKc6vgnv7AJ-QE3DSHfJbY_2Biqy2YvdE2IdZuKhXIcQZmxSWhw6FlRDg5nP8gPeGyiEgfyIYsFnu8rCYoVcN0vlJMtXnrw2plXLn7MpBCI7ImT6wqqL-QIjL_QXnTOfLsfQxrj9LRU0EySKQB9pkQwKFbtFIFq3F-tVsp_GKiCL4ou81ex31eckvFcOoa7u7052rxi878M7TYyd1Yy2I5qxo77oKDyv-37c65OnbVir45nwddpCGOlSm0M7lnCXr0PStVVCckSjOMlmdZlvxV--4B0Miksa6MNLSg_-OIRlqfd5jJwAds_0wVOxbPFLtMgX-MakJhHmGxuOgi_bDyG_CKWIeKvBQsck6mw_S-_wsVePaGNYgV_IINvsDWh4H0rqvXfA_6t8ENf9UoMHPbXfLQ2_z-RguNSn-k4Ak5JBeyBvZuwzZSA8V0kXhP83jviPbRI3FtH6Rg1_ziNWCsSLfQ-DNe7hMA_Di3phODAGKaq2peWy34KFNByDwAk8rRcAiYlz9n3g7YLTCnkOceb7YwKvqMLZq1RNZpUEGkHFBYRoCfWmdUHnlMG4mAZqAw4lsBcJcUe162HjlyiP1UrOHbW4ChGOxd4TVRdo23c1EhTKP-5aQgecyIzrjnLOrdNOt-XjyDyzpDUQuGzqP2X7zwTEbIuaq_iMPHjzd4t2rWQz2pmM_5u3JocTQ43toeUiAi HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 02:40:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
en.rawafedpor.com/6057/the-sec-has-denied-bitcoin-etf-applications-from-ark-shares
104.21.22.59200 OK 0 B URL HTTP/2 en.rawafedpor.com/6057/the-sec-has-denied-bitcoin-etf-applications-from-ark-shares
IP 104.21.22.59:0
Analyzer Verdict Alert fortinet Malware
GET /6057/the-sec-has-denied-bitcoin-etf-applications-from-ark-shares HTTP/1.1
Host: en.rawafedpor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 02:40:42 GMT
content-type: text/html; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=dee2e1e21d2693bc5e5d73bc46e7d820; path=/
qa_key=bih23llwep5s748jz0iufm2jy71i38ej; expires=Thu, 16-Feb-2023 02:40:42 GMT; Max-Age=172800; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=236x4zcFfJlCsHCKozZ0Mv%2FJ7W%2BSVgqB2a5PFUue9llSzmCMA3JYDPqqiAVS9U38%2FeORAZkE%2F3w3La692lC3LKleousORrTQPnRuEdEeq2phfqM9lqpsMfuHReMjw7lUMvSOqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 799270c59864b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2