r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Mon, 12 Dec 2022 05:22:09 GMT
Date: Mon, 12 Dec 2022 04:38:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3190
Expires: Mon, 12 Dec 2022 05:31:14 GMT
Date: Mon, 12 Dec 2022 04:38:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 12 Dec 2022 04:33:40 GMT
content-type: application/json
age: 264
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16390
Expires: Mon, 12 Dec 2022 09:11:14 GMT
Date: Mon, 12 Dec 2022 04:38:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4gXr2pG5u4WokfJtEoxSgwVPqVbGrdtcXT9l4ctS2nR30/KElKVS/5l/7vMrRiab+NoQCGMge9s=
x-amz-request-id: WHWA3AAYF86GW8M3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 12 Dec 2022 03:49:27 GMT
age: 2917
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cuevana3.nu/ver-el-episodio/episodio-6-de-rick-y-morty-temporada-2/
188.114.97.1200 OK 17 kB URL HTTP/1.1 cuevana3.nu/ver-el-episodio/episodio-6-de-rick-y-morty-temporada-2/
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 6369f5b167ddf6536030e67ee795702f
0ebacc69d82785ed581ddec63a3c696f0bab8138
1bbee5e86b3d460eaf883102709f87d428b36156bac3a6e0e9489032b9858f69
GET /ver-el-episodio/episodio-6-de-rick-y-morty-temporada-2/ HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 12 Dec 2022 04:38:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-dns-prefetch-control: on
link: <https://cuevana3.nu/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9A87Ly8itSTV8azxFaRx0YJPIEf%2FxU%2B%2F1hT%2B71rTi7CYLMG3yIRavOv4e95BFDLkbR2uupwD7HFZTiXK7uMwZToam6qWkl%2B%2BZ%2Bzlem3K9EeKktyvreEWprJH%2BO6x7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7783c4b31eceb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
code.jquery.com/jquery-3.1.1.min.js?ver=3.1.1
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.1.1.min.js?ver=3.1.1
IP 69.16.175.10:0
File type ASCII text, with very long lines (32030)
Hash f7a4a283c6a5130b43ce8de3b7842078
ef243edbb67f9e50f8589885e4541f6c919ea8d7
aee9e5b2534ced87fe1e02a1a9e661468ba548e02edacbe9b68b3b247607dc4e
GET /jquery-3.1.1.min.js?ver=3.1.1 HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-encoding: gzip
content-length: 30070
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-152b5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670819884.dop230.sk1.t,1670819884.cds256.sk1.hn,1670819884.cds010.sk1.c
X-Firefox-Spdy: h2
whairtoa.com/5/4907445
139.45.197.238200 OK 24 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (63958), with no line terminators
Hash cbed6eabd410eaac0efeaf4652c9176c
1b5ee9578d67c716050f02eeea74cbac425c785a
da570cbd3294f8cc33187699fd7bb4a687e12bc2a74e448af1c809ddd806faef
Analyzer Verdict Alert quad9 Sinkholed
GET /5/4907445 HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: a658a33605fc798911039b14d92a3c99
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=2a54f9d6df0143ddb000cc307bc55d45; expires=Tue, 12 Dec 2023 04:38:04 GMT; path=/
oaidts=1670819884; expires=Tue, 12 Dec 2023 04:38:04 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
omfiydlbmy.com/lv/esnk/1955965/code.js
62.122.171.6200 OK 44 kB URL HTTP/1.1 omfiydlbmy.com/lv/esnk/1955965/code.js
IP 62.122.171.6:0
File type ASCII text, with very long lines (65530)
Hash 3505692818be9dd07e751bbe394ae502
6a759b7274dfbc29cbd8fd59587cc3420199d8f5
5601e3a5e2008c8b3a226c841ec0c5413493d7a06d14c57eba5fc652ae4efd6a
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1955965/code.js HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:04 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 12:20:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63738419-1aaa0"
Timing-Allow-Origin: *
Accept-CH: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
Content-Encoding: gzip
omfiydlbmy.com/lv/esnk/1955964/code.js
62.122.171.6200 OK 44 kB URL HTTP/1.1 omfiydlbmy.com/lv/esnk/1955964/code.js
IP 62.122.171.6:0
File type ASCII text, with very long lines (65530)
Hash b2d92c2efd1851dfb43c72e446ee493a
56fe95c44b4b0322a0806c66c19b687dc1a6ee5f
97d294561e514d5433bd0efc94e2635c058fbb31f295ca399e23929fbcbb12d8
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1955964/code.js HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:04 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 12:20:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63738419-1aaa0"
Timing-Allow-Origin: *
Accept-CH: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cuevana3.nu/wp-content/themes/cuevana/assets/js/void.js?ver=6.1.1
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/assets/js/void.js?ver=6.1.1
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/cuevana/assets/js/void.js?ver=6.1.1 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: application/javascript
content-length: 0
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 08:43:46 GMT
last-modified: Fri, 30 Sep 2022 02:06:30 GMT
cf-cache-status: HIT
age: 330858
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEWjgeT2H%2FVXpY2PfOgq29KNuB1gG%2FkIeppd%2BbIlkaTMBphssYWOi%2Fg31iqDMg9BOhztfT2sebFo6xta0ox%2B2DlzWwozBJaIsefeBszdg3r8ordKaZPIpNmjW3vDrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7783c4b858abb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4a0fd3db9b956e4376a6e05f9660609
14193a985fcebf3339712719d2f6cf3fa1b2c2ec
4ffbbc679e98eb9b9a334e14d7cedd00f162b988407e698ef39140f19b118d9a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FFBBC679E98EB9B9A334E14D7CEDD00F162B988407E698EF39140F19B118D9A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Mon, 12 Dec 2022 05:34:19 GMT
Date: Mon, 12 Dec 2022 04:38:04 GMT
Connection: keep-alive
cuevana3.nu/wp-content/uploads/2022/03/Cuevana-3-logo-oficial-1.png
188.114.97.1200 OK 4.7 kB URL HTTP/2 cuevana3.nu/wp-content/uploads/2022/03/Cuevana-3-logo-oficial-1.png
IP 188.114.97.1:0
File type PNG image data, 240 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 30ecf26d81b4d18a7a568d42e674705e
c846ca657d113edcdb68ae7e53b8ecede50a15cb
f856cb85a867ba1f60a337dbbb095142c0590b426b30c5d35dcbbbd158b79927
GET /wp-content/uploads/2022/03/Cuevana-3-logo-oficial-1.png HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: image/png
content-length: 4675
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 08:43:46 GMT
last-modified: Fri, 30 Sep 2022 02:06:43 GMT
cf-cache-status: HIT
age: 330858
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2F1Rf8RmjGekiK4xjtESbf03oJvzlGZikiIdxmsEvygiqIJU2PZ%2FS1fLmD7AJq6P66fJrxVmh%2F74DqJ11DgwJMpMmg1XWGAxJFpgaj1600%2FzyqJ2CSWWizpZaXSVWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7783c4b858acb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 12 Dec 2022 04:33:17 GMT
age: 287
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a33409f980e81b54f660035dd9c14cfb
8399645bbd14b6a968328c6552b837e3368948a3
9cf6b1845f29636c04e711a6bf1e7937773c6c4522e2ba66dd6c43bfef34b33b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/NeMHLpaAFpg
IP 142.250.74.131:0
Hash 2b43f32e12113d8228f70ec5ba1d9ab0
b5eed7927c8e8141fa736739c7bf97a457e0e814
45c6977b6e6d1386c00bfe1e27f121aa5eb43bb9e1c4d887ded00c7e81f9ca61
POST /s/gts1p5/NeMHLpaAFpg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-209818749-2
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-209818749-2
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 64593cc8a7045e9d277b13fec73b15f4
698e8761a51091ec523c3371b539bd1e4b7ad951
f0f08da9cf7ae38afc916e34050f7d999a7384470e5251e2f69af176b9d8d413
GET /gtag/js?id=UA-209818749-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Dec 2022 04:38:04 GMT
expires: Mon, 12 Dec 2022 04:38:04 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43631
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
image.tmdb.org/t/p/w342/5Yiep9EwcQgLolg013ETBVqHxuD.jpg
138.199.37.231200 OK 53 kB URL HTTP/2 image.tmdb.org/t/p/w342/5Yiep9EwcQgLolg013ETBVqHxuD.jpg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 342x513, components 3\012- data
Hash 2c54436fde7a27ea67cb1678b1beb07c
a6f0ac247443f86dfca652ec1835943e2a418bcf
02f6ffdd0753892680b40bd5c5c01d08a25270ab53f18b7441c2c43e2f310551
GET /t/p/w342/5Yiep9EwcQgLolg013ETBVqHxuD.jpg HTTP/1.1
Host: image.tmdb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: image/jpeg
content-length: 53362
server: BunnyCDN-DE1-863
cdn-pullzone: 775336
cdn-uid: 29af4e0e-bcbd-4fcb-8635-74ddc38a1ebf
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "6272bbd4-d072"
last-modified: Wed, 04 May 2022 17:45:56 GMT
cdn-storageserver: DE-51
cdn-requestpullsuccess: True
cdn-fileserver: 255
perma-cache: HIT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-cachedat: 08/20/2022 21:18:10
cdn-edgestorageid: 756
cdn-status: 200
cdn-requestid: 71fd3e0b792fdd78004c49b462dbf381
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cuevana3.nu/wp-content/themes/cuevana/assets/img/subtitulado.svg
188.114.97.1200 OK 1.4 kB URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/assets/img/subtitulado.svg
IP 188.114.97.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5704), with no line terminators
Hash 6b594597b04b035f0802b31965ffa5a2
a233981ea9f107d8feede1e21f4187abfc651495
1e441eae445c22f00eaf7594b7cba0805c790c0d5e0db419b8ea10caaa977318
GET /wp-content/themes/cuevana/assets/img/subtitulado.svg HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:34:42 GMT
last-modified: Fri, 30 Sep 2022 02:06:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 259404
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdQSXofiAPwdfsN47cqgM1lKAFtYcWtnIXUPSdubUAtAX8B4ZUya7osqacz%2Bck9T%2BV3QOmBXghbu9Ow4t5Oo3aqAkxXN3k5UtvRS3GPKE%2BuDDBHzw3Bb%2FR4l5m%2FCGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b858aeb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 628d5c3f0d7385aa40596462a6d1dd42
5005a3a41b59e19499d625d5cb23f752fed2b31a
40b203f5feba7d21a5ccc5fce5dcfcaae0f9049d032d94f4a8bf1edeebc43728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "40B203F5FEBA7D21A5CCC5FCE5DCFCAAE0F9049D032D94F4A8BF1EDEEBC43728"
Last-Modified: Sat, 10 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Mon, 12 Dec 2022 10:37:43 GMT
Date: Mon, 12 Dec 2022 04:38:05 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 628d5c3f0d7385aa40596462a6d1dd42
5005a3a41b59e19499d625d5cb23f752fed2b31a
40b203f5feba7d21a5ccc5fce5dcfcaae0f9049d032d94f4a8bf1edeebc43728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "40B203F5FEBA7D21A5CCC5FCE5DCFCAAE0F9049D032D94F4A8BF1EDEEBC43728"
Last-Modified: Sat, 10 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Mon, 12 Dec 2022 10:37:43 GMT
Date: Mon, 12 Dec 2022 04:38:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e12bb655426d080117693ba116f398cf
8fe1f7f8d0b191baed2decba3523656da97077f5
2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1535
Cache-Control: max-age=104066
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:05 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 09:32:31 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
threatenedorientalavailable.com/ea/4d/b7/ea4db7a0906f9808f09b5ff02c6aeb6a.js
192.243.61.225200 OK 21 kB URL HTTP/1.1 threatenedorientalavailable.com/ea/4d/b7/ea4db7a0906f9808f09b5ff02c6aeb6a.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60150), with no line terminators
Hash cd1ff0b75f7583be1969a5d2a5aca0da
2c75f09d8ddf250e6b9e196c840a3c0333f4d244
2c50175e8ba0473d7a9c37938f80c66733ddce5777e6193124374489cdfb31a1
Analyzer Verdict Alert quad9 Sinkholed
GET /ea/4d/b7/ea4db7a0906f9808f09b5ff02c6aeb6a.js HTTP/1.1
Host: threatenedorientalavailable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Dec 2022 04:38:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b739c61a86238b9bc675bbf3b5d6b2c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
push.services.mozilla.com/
34.208.31.97101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.31.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: L3y+SNR0d5rRHcHPSrgztg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qA+UpUGBAZXiAy8upnK14+fZtnw=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1f9e467d073d1bf7d74ca68fb367310a
7bb61953cf25af9e55f68d063d146632a1534b32
5ff2c6158c944aae069d6d62fd2a2aab46a496425e6e8cd7823e7659a59241fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5900
Cache-Control: max-age=119228
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:05 GMT
Etag: "6395c7dd-117"
Expires: Tue, 13 Dec 2022 13:45:13 GMT
Last-Modified: Sun, 11 Dec 2022 12:06:53 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
restorationpencil.com/pixel/purst?dl=0&th=0&sc=0&rs=1370&rd=1370&fd=770&bv=22.10.v.9&tmpl=70
173.233.139.164200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/purst?dl=0&th=0&sc=0&rs=1370&rd=1370&fd=770&bv=22.10.v.9&tmpl=70
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1370&rd=1370&fd=770&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Dec 2022 04:38:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
nanouwho.com/1?z=5014433
139.45.197.242200 OK 6.8 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (16471)
Hash 66611d4d38e0631a26aad69e33d3dc61
c17e6c6e776d718050a43f05ce6d49b4aee9ca8f
732787b400c6b8367215ac171239ed1722221d5f8f0e0d27fc926d9ebb06fcd1
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5014433 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:05 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
X-Trace-Id: 2fa000e60504188138377e9fb115281b
Access-Control-Expose-Headers: X-Sc
X-Sc: -sG7RdIRbquyxqONb_lRd0lm8WnYhcTfBwHtzIu1PiVsQvzC1cBGxSvoBzo0tUUWFLxZewwGkR3imEseE8P6zfwz1Pc=
Set-Cookie: scm=1; expires=Tue, 12 Dec 2023 04:38:05 GMT; secure; SameSite=None
OAID=4840d9464d6f4eb5b4d31eda975f5f32; expires=Tue, 12 Dec 2023 04:38:05 GMT; secure; SameSite=None
oaidts=1670819885; expires=Tue, 12 Dec 2023 04:38:05 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ff0076f6a3e06bd68745da6bc14eb3bb
7ca7ae7986041dd62858f40306a9fb389ccd1330
f3dd0098c27cc629a34a0f9c96eb0b8db9e63f4b85ef28526693f83532749304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3DD0098C27CC629A34A0F9C96EB0B8DB9E63F4B85EF28526693F83532749304"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9200
Expires: Mon, 12 Dec 2022 07:11:25 GMT
Date: Mon, 12 Dec 2022 04:38:05 GMT
Connection: keep-alive
cuevana3.nu/wp-content/themes/cuevana/assets/js/b.js?ver=0.84948900%201670819859
188.114.97.1200 OK 15 kB URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/assets/js/b.js?ver=0.84948900%201670819859
IP 188.114.97.1:0
File type ASCII text, with very long lines (44174)
Hash 53fdfd0da4fdde14a30ae5e6562102c2
dd9bc3cc80e61fd8efcdb7ddbbd2725c348480b0
a209c3e13767221a130a60119734bd0b539fe8e291ac944e837108e0ab72a7f6
GET /wp-content/themes/cuevana/assets/js/b.js?ver=0.84948900%201670819859 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 19 Dec 2022 04:38:07 GMT
last-modified: Fri, 30 Sep 2022 02:06:30 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfKGSyhkqegOWbu6d%2BFDBN%2B7thjXSaAlwtgt0m9xueNKhVqBAPy0C32jb02gcF0%2F1URaTCm9xMqzQfrjR95ngVaqo3gZ8jx57U782aw2D8KLF8jDn4Z5v044QEVF0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b858a9b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash f0b47065b11cbea51cb76d12a9bfa1fb
e4297c96b6395dd7d35cac31717d3153fb3d95a4
7e851c843752269d2e3efd2908be5074cdd273eb839bf91bb7fbf57dacba5855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Dec 2022 04:38:05 GMT
Last-Modified: Mon, 12 Dec 2022 02:50:31 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e84LUpmpbp-qYMqhIcwRudj1ZRX06esrEOg200gOOsxQyqgA1Vou7A==
Age: 6454
onvictinitor.com/apu.php?zoneid=5487080
139.45.197.238200 OK 30 kB URL HTTP/1.1 onvictinitor.com/apu.php?zoneid=5487080
IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash a353d8473670de53793a251ead3cf82d
5f659d427754053d9604b3e645d06d556a7432bb
f36af139fd6f276ba0967c39fed92dea7cc5521ec93bda87d4c46438b98eec4d
GET /apu.php?zoneid=5487080 HTTP/1.1
Host: onvictinitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 7207269c175f964e7e681b6bb064ca89
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=1618ffcd2ef1406e8b59a6d1b7116bf7; expires=Tue, 12 Dec 2023 04:38:05 GMT; path=/
oaidts=1670819885; expires=Tue, 12 Dec 2023 04:38:05 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
simplewebanalysis.com/stats
3.71.139.39200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.71.139.39:0
File type ASCII text, with no line terminators
Hash 71663297b72a4b760798f93321a70946
2d0677ea5328211a3c5daf7e9fe36b0b95f6102d
8a099a368b392687613535b894aba805d06caf0ea01916a0370d0ff2fe7a3a4d
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cuevana3.nu
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://cuevana3.nu
access-control-allow-credentials: true
set-cookie: uid_id2=09e0f1a7-56ac-40f0-949a-84d83c47b14a:1:1; expires=Thu, 09 Dec 2032 04:38:05 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
cdn.bncloudfl.com/bn/3ba/597/e3c/3ba597e3c9a0b7db96cca2f992a2c447bee8c220.gif
104.22.14.198200 OK 13 kB URL HTTP/2 cdn.bncloudfl.com/bn/3ba/597/e3c/3ba597e3c9a0b7db96cca2f992a2c447bee8c220.gif
IP 104.22.14.198:0
File type GIF image data, version 89a, 300 x 100\012- data
Hash d53e26ad181d72b32f0cb5a31add46fb
1761a4cbec8cfcfa6d2f613a1b2d2c6329f1328d
88092a71c5d1b72a29c4790c5111c6783ac7548e316d332e8530e0194444504c
GET /bn/3ba/597/e3c/3ba597e3c9a0b7db96cca2f992a2c447bee8c220.gif HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: image/gif
content-length: 12999
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=13660, status=webp_bigger
etag: f15c3998431758d68fdec94dc78a18a8
expires: Mon, 12 Dec 2022 07:22:05 GMT
last-modified: Mon, 01 Aug 2022 08:24:06 GMT
x-openstack-request-id: tx180a131e00fc45849b3ff-0062e78e8d
x-proxy-cache: HIT
x-timestamp: 1659342245.90988
x-trans-id: tx180a131e00fc45849b3ff-0062e78e8d
cf-cache-status: HIT
age: 162960
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 7783c4bf0a3cb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.bncloudfl.com/bn/4f6/e87/4e9/4f6e874e93d1c07b1d73effb32e0c0e1819600c0.gif
104.22.14.198200 OK 27 kB URL HTTP/2 cdn.bncloudfl.com/bn/4f6/e87/4e9/4f6e874e93d1c07b1d73effb32e0c0e1819600c0.gif
IP 104.22.14.198:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 342dcf9749773ce95a919f98f26c562e
ee78f55e5c541d8f686a13cb915154b8c049b814
5617564a418d258d86659d76a292e388b7a9b73b00ae75a4e8b7790081be84a2
GET /bn/4f6/e87/4e9/4f6e874e93d1c07b1d73effb32e0c0e1819600c0.gif HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: image/webp
content-length: 26992
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=27329
content-disposition: inline; filename="4f6e874e93d1c07b1d73effb32e0c0e1819600c0.webp"
etag: 766e8fd5157dde83eed7b19a5d98910d
expires: Wed, 14 Dec 2022 00:31:07 GMT
last-modified: Mon, 01 Aug 2022 08:24:11 GMT
vary: Accept
x-openstack-request-id: tx7302b660d9d0427697ef5-0062e78f6a
x-proxy-cache: HIT
x-timestamp: 1659342250.50371
x-trans-id: tx7302b660d9d0427697ef5-0062e78f6a
cf-cache-status: HIT
age: 14818
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7783c4bf0a3db527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 63c607a3394929877b72d08aaf7cc448
21bd5ee5b380421307e871c09beaee5851e8a173
92515d183818b7a1b9917b130323de2cfc56defe39c14720d3a3ca5b69cfa426
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92515D183818B7A1B9917B130323DE2CFC56DEFE39C14720D3A3CA5B69CFA426"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15757
Expires: Mon, 12 Dec 2022 09:00:42 GMT
Date: Mon, 12 Dec 2022 04:38:05 GMT
Connection: keep-alive
omfiydlbmy.com/chicken.gif?z=1955965&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=pGKhWloZ0d_CAlvQblzvkKtgbZpQeXJNqMUXxMXPRt3t3nhMAHEjWuKJzutGU_i7uzfmg6NFpfB9iXF87gprNJA1jWlpx4CoQ62rowYtH4dfJnWahPB9LWfrLE5hU92yf8UBm6vv28U9aZMcXdzkDezpOlJ9NdyKxleFPCByk59HhSb_v4XsPv6oR2ae4vt4G334uC4Ej9C4bDIyAo_OmkhvLQ7U20JFmgZmkRfIXzNYV2oAt2XWyApugZDOKe6EZToxzy0TU6WeZIOKDCnqcCit3F7RMTiD5dk0SyTVD18ZdOdPaA9-6fUWqpNZL-aVca_VpcAAoJ4Vxad98AU-h59_1MYWiM4JBYplPC1OzCBwCJoK_TEzG2dQ6LIjcBkomwdjz99X6oSupfFIjKK0oH11ENCBgJ-GZ5soPSObrWweh2emcriqjKxS4fSDpePLNxvm1QDhmnkIGFYp7eKvB5KmOkFlHFs50hMnsQ1rdkabKczL6ewJDaAiny0iChLpOYKvmQbllCjHowr7hg_sJxE7xKi9ZWZr-gRmXsNbnCoewkPI3BqIeTP7H6COsYq4VxFSwlAYAkuL9XvCyphKHRmSIucWSI53YuMFuPYc_OD0L9DX96SeIDiIif6obbhbSqXd4elHEBmEgwe43cQE2WnxUHorpxsSDrUYvR8gLznE3Gi0sCTP4kV6EjEsTZB_uVY=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 omfiydlbmy.com/chicken.gif?z=1955965&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=pGKhWloZ0d_CAlvQblzvkKtgbZpQeXJNqMUXxMXPRt3t3nhMAHEjWuKJzutGU_i7uzfmg6NFpfB9iXF87gprNJA1jWlpx4CoQ62rowYtH4dfJnWahPB9LWfrLE5hU92yf8UBm6vv28U9aZMcXdzkDezpOlJ9NdyKxleFPCByk59HhSb_v4XsPv6oR2ae4vt4G334uC4Ej9C4bDIyAo_OmkhvLQ7U20JFmgZmkRfIXzNYV2oAt2XWyApugZDOKe6EZToxzy0TU6WeZIOKDCnqcCit3F7RMTiD5dk0SyTVD18ZdOdPaA9-6fUWqpNZL-aVca_VpcAAoJ4Vxad98AU-h59_1MYWiM4JBYplPC1OzCBwCJoK_TEzG2dQ6LIjcBkomwdjz99X6oSupfFIjKK0oH11ENCBgJ-GZ5soPSObrWweh2emcriqjKxS4fSDpePLNxvm1QDhmnkIGFYp7eKvB5KmOkFlHFs50hMnsQ1rdkabKczL6ewJDaAiny0iChLpOYKvmQbllCjHowr7hg_sJxE7xKi9ZWZr-gRmXsNbnCoewkPI3BqIeTP7H6COsYq4VxFSwlAYAkuL9XvCyphKHRmSIucWSI53YuMFuPYc_OD0L9DX96SeIDiIif6obbhbSqXd4elHEBmEgwe43cQE2WnxUHorpxsSDrUYvR8gLznE3Gi0sCTP4kV6EjEsTZB_uVY=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1955965&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=pGKhWloZ0d_CAlvQblzvkKtgbZpQeXJNqMUXxMXPRt3t3nhMAHEjWuKJzutGU_i7uzfmg6NFpfB9iXF87gprNJA1jWlpx4CoQ62rowYtH4dfJnWahPB9LWfrLE5hU92yf8UBm6vv28U9aZMcXdzkDezpOlJ9NdyKxleFPCByk59HhSb_v4XsPv6oR2ae4vt4G334uC4Ej9C4bDIyAo_OmkhvLQ7U20JFmgZmkRfIXzNYV2oAt2XWyApugZDOKe6EZToxzy0TU6WeZIOKDCnqcCit3F7RMTiD5dk0SyTVD18ZdOdPaA9-6fUWqpNZL-aVca_VpcAAoJ4Vxad98AU-h59_1MYWiM4JBYplPC1OzCBwCJoK_TEzG2dQ6LIjcBkomwdjz99X6oSupfFIjKK0oH11ENCBgJ-GZ5soPSObrWweh2emcriqjKxS4fSDpePLNxvm1QDhmnkIGFYp7eKvB5KmOkFlHFs50hMnsQ1rdkabKczL6ewJDaAiny0iChLpOYKvmQbllCjHowr7hg_sJxE7xKi9ZWZr-gRmXsNbnCoewkPI3BqIeTP7H6COsYq4VxFSwlAYAkuL9XvCyphKHRmSIucWSI53YuMFuPYc_OD0L9DX96SeIDiIif6obbhbSqXd4elHEBmEgwe43cQE2WnxUHorpxsSDrUYvR8gLznE3Gi0sCTP4kV6EjEsTZB_uVY=&abvar=0&os=0 HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22121123382365866297d24955961d221dfe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACEzegAAAAAAAAAB; Path=/; Expires=Wed, 11 Jan 2023 04:38:05 GMT; Secure; SameSite=None
OACIBLOCK=ACEzegAAAABjlqdA; Path=/; Expires=Wed, 11 Jan 2023 04:38:05 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 13 Dec 2022 04:38:05 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
omfiydlbmy.com/chicken.gif?z=1955964&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=m5g6ICh7uGEmkLns-aL3aLxex44WBqlv2mvwYMnFMDbdiX7P-xtxALgDTmC_lF5H3GgpnV2P7Aw06E-E2fx5Pkl4rCraGQHKWjI2tuedi3TMh5UgbFS9aNHFHRogLwWamlw0vUUWW21T6ZXbIL5Y81eJoBNKwHO-RvmmvOlAFUO8FKv1FDBUvHr2gswrNBZUrlZWm5kQ5wtY9S7Pz9IcCkuw5ANM7VY868Z_9kqUFS8x3_M5h8_qENXjZHoZ8QIJmW4DeF81Jo1ElX-NyqKVOe0VNuWK2mT0VkGT4uq3iV3fA3S6mlfrZb9ZVvOKGX9rVdhEyxGwxYXhQd6OgVCCLjpRk191SNyWJBj3zvjsgC2zlISz0jqWvBdmsN4LVO8tkebnxWUsQd1qNn9Y1T3bJTHLs1XC6VoWxwYcS0-LsqRsqUiYpgHy3N2_Kid72v48ZguUuk3fdYSYZudCPa1eb-9wYihHW-OtQeVrsc2NQ3MVAnUgdpl0N-j90ym0Z1RXt4jgxQqoO-ef8v6GDKQaE83Glrd1HKjcqNzBIRSuOyGlQBDFob2aZCD3DlYDqsZBocwT1THpWnEkO7X8Y1en7GB81TsxvvRy15298PID6SVNNgi2oUecP327xZGBiMSvNi2XSQPQa9mfheZi_iYB6Sd6sueXLNJGY1mQyQfZQlRpJw9cBydtv5ISpDJVK-_IyfM=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 omfiydlbmy.com/chicken.gif?z=1955964&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=m5g6ICh7uGEmkLns-aL3aLxex44WBqlv2mvwYMnFMDbdiX7P-xtxALgDTmC_lF5H3GgpnV2P7Aw06E-E2fx5Pkl4rCraGQHKWjI2tuedi3TMh5UgbFS9aNHFHRogLwWamlw0vUUWW21T6ZXbIL5Y81eJoBNKwHO-RvmmvOlAFUO8FKv1FDBUvHr2gswrNBZUrlZWm5kQ5wtY9S7Pz9IcCkuw5ANM7VY868Z_9kqUFS8x3_M5h8_qENXjZHoZ8QIJmW4DeF81Jo1ElX-NyqKVOe0VNuWK2mT0VkGT4uq3iV3fA3S6mlfrZb9ZVvOKGX9rVdhEyxGwxYXhQd6OgVCCLjpRk191SNyWJBj3zvjsgC2zlISz0jqWvBdmsN4LVO8tkebnxWUsQd1qNn9Y1T3bJTHLs1XC6VoWxwYcS0-LsqRsqUiYpgHy3N2_Kid72v48ZguUuk3fdYSYZudCPa1eb-9wYihHW-OtQeVrsc2NQ3MVAnUgdpl0N-j90ym0Z1RXt4jgxQqoO-ef8v6GDKQaE83Glrd1HKjcqNzBIRSuOyGlQBDFob2aZCD3DlYDqsZBocwT1THpWnEkO7X8Y1en7GB81TsxvvRy15298PID6SVNNgi2oUecP327xZGBiMSvNi2XSQPQa9mfheZi_iYB6Sd6sueXLNJGY1mQyQfZQlRpJw9cBydtv5ISpDJVK-_IyfM=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1955964&pb=a65b5b440ac6f74c3943028b909c90ce1670827085&psp=m5g6ICh7uGEmkLns-aL3aLxex44WBqlv2mvwYMnFMDbdiX7P-xtxALgDTmC_lF5H3GgpnV2P7Aw06E-E2fx5Pkl4rCraGQHKWjI2tuedi3TMh5UgbFS9aNHFHRogLwWamlw0vUUWW21T6ZXbIL5Y81eJoBNKwHO-RvmmvOlAFUO8FKv1FDBUvHr2gswrNBZUrlZWm5kQ5wtY9S7Pz9IcCkuw5ANM7VY868Z_9kqUFS8x3_M5h8_qENXjZHoZ8QIJmW4DeF81Jo1ElX-NyqKVOe0VNuWK2mT0VkGT4uq3iV3fA3S6mlfrZb9ZVvOKGX9rVdhEyxGwxYXhQd6OgVCCLjpRk191SNyWJBj3zvjsgC2zlISz0jqWvBdmsN4LVO8tkebnxWUsQd1qNn9Y1T3bJTHLs1XC6VoWxwYcS0-LsqRsqUiYpgHy3N2_Kid72v48ZguUuk3fdYSYZudCPa1eb-9wYihHW-OtQeVrsc2NQ3MVAnUgdpl0N-j90ym0Z1RXt4jgxQqoO-ef8v6GDKQaE83Glrd1HKjcqNzBIRSuOyGlQBDFob2aZCD3DlYDqsZBocwT1THpWnEkO7X8Y1en7GB81TsxvvRy15298PID6SVNNgi2oUecP327xZGBiMSvNi2XSQPQa9mfheZi_iYB6Sd6sueXLNJGY1mQyQfZQlRpJw9cBydtv5ISpDJVK-_IyfM=&abvar=0&os=0 HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22121123382365866297d24955961d221dfe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACEzxwAAAAAAAAAB; Path=/; Expires=Wed, 11 Jan 2023 04:38:05 GMT; Secure; SameSite=None
OACIBLOCK=ACEzxwAAAABjlqdA; Path=/; Expires=Wed, 11 Jan 2023 04:38:05 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 13 Dec 2022 04:38:05 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
urimnugocfr.com/aas/r45d/vki/1955969/tghr.js
62.122.171.6200 OK 27 kB URL HTTP/2 urimnugocfr.com/aas/r45d/vki/1955969/tghr.js
IP 62.122.171.6:0
Hash 636c83d8e735ea7bbd8bed434fe1416e
e53029eab8c8bb371fe1ee4e396ccadda1fd81fe
97e0da888c963a81e77e22680c72faa121ed579ca9c35570d4dabd5a5df46e33
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1955969/tghr.js HTTP/1.1
Host: urimnugocfr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-10f52"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
urimnugocfr.com/solid.gif?z=1955969&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 urimnugocfr.com/solid.gif?z=1955969&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1955969&abvar=0 HTTP/1.1
Host: urimnugocfr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cuevana3.nu
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 79 kB URL HTTP/2 use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Hash 5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cuevana3.nu
Connection: keep-alive
Referer: https://cuevana3.nu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: font/woff2
content-length: 79100
x-amz-id-2: TMjVB5yfYI/IuTLzDrXv/u1+jLhnRBXeZCqyNBDm8aR/lZKCWkC/v59DRbdffeFF1FVlrmD58NU=
x-amz-request-id: DCNKRCE4YBF06VV6
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjGTdE9qb8bxlrvtGPwrIwMEQdyee%2FmbXgXyJ4bIdUZ35BHbX3jrgrf7%2F5xuCzGo77YcyRNfEkfBetiKy%2Bh8sDYi%2FxtIN9LtkwMii1fgdhThE9jHyp9zKAYF8aGY9Uw7b0KGfoWc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4bd4e1772f6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
urimnugocfr.com/get/1955969?zoneid=1955969&jp=_cl0lsidi41x8bso5a7fh6d&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4894573456000644
62.122.171.6200 OK 336 B URL HTTP/2 urimnugocfr.com/get/1955969?zoneid=1955969&jp=_cl0lsidi41x8bso5a7fh6d&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4894573456000644
IP 62.122.171.6:0
Hash 3401724d0dcfddcdc082bb7745903843
7546ebf3cfb8253a1999b8dfeffef1d4c35de3f4
343f610b5a6417dd1a26f57690f443d86352307ad8c15ec263a1dc7f6a1c2c5f
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1955969?zoneid=1955969&jp=_cl0lsidi41x8bso5a7fh6d&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4894573456000644 HTTP/1.1
Host: urimnugocfr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22121123388203937e01834cd68778580f3b; Path=/; Expires=Tue, 12 Dec 2023 04:38:06 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
image.tmdb.org/t/p/w1280//8aCek7W6BovH7M4enWjqrGptvQ8.jpg
138.199.37.231200 OK 243 kB URL HTTP/2 image.tmdb.org/t/p/w1280//8aCek7W6BovH7M4enWjqrGptvQ8.jpg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Size 243 kB (243394 bytes)
Hash cfc3e546bdb120bd070b786ed61a59f4
2a8bd78763d5aefb5caeae4a908851f0e941972a
4dc42b902c8ade4a2ad4f51c998dae44e16b400ea7a4c34ca78427817d633221
GET /t/p/w1280//8aCek7W6BovH7M4enWjqrGptvQ8.jpg HTTP/1.1
Host: image.tmdb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: image/jpeg
content-length: 243394
server: BunnyCDN-DE1-863
cdn-pullzone: 775336
cdn-uid: 29af4e0e-bcbd-4fcb-8635-74ddc38a1ebf
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "6272bdd6-3b6c2"
last-modified: Wed, 04 May 2022 17:54:30 GMT
cdn-storageserver: NY-427
cdn-requestpullsuccess: True
cdn-fileserver: 267
perma-cache: HIT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-cachedat: 11/19/2022 23:50:12
cdn-edgestorageid: 1054
cdn-status: 200
cdn-requestid: d2cac4d74d413a9047136753fbd802be
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
whairtoa.com/?rb=z1vcHjJLnMnZAwVoJUKXaUIXtWsDda87GZb-VRullEie5DApiguY9DCUSM4hcqJeg-FbQzhm06iaToj2Gc5gtMdIuPM81Bf9GkAU4eSQCcWMLTVXICYVeGrzrZY91r9uoA3_3ZpDEgWYTh7oNxq0d--CF-D01x-oe2eJ8QiKezQDkrktRX_h30G0VgEyDk5F_fVOKTLMuuK3LVFAx1xRPytDvVluP6XGBsSxIgs8oB4%3D&request_ab2=96001&zoneid=4907445&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=8&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=26f50476-6bfc-46de-ac5e-39eec394b2d1&userId=2a54f9d6df0143ddb000cc307bc55d45&m=link
139.45.197.238200 OK 1.7 kB URL HTTP/1.1 whairtoa.com/?rb=z1vcHjJLnMnZAwVoJUKXaUIXtWsDda87GZb-VRullEie5DApiguY9DCUSM4hcqJeg-FbQzhm06iaToj2Gc5gtMdIuPM81Bf9GkAU4eSQCcWMLTVXICYVeGrzrZY91r9uoA3_3ZpDEgWYTh7oNxq0d--CF-D01x-oe2eJ8QiKezQDkrktRX_h30G0VgEyDk5F_fVOKTLMuuK3LVFAx1xRPytDvVluP6XGBsSxIgs8oB4%3D&request_ab2=96001&zoneid=4907445&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=8&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=26f50476-6bfc-46de-ac5e-39eec394b2d1&userId=2a54f9d6df0143ddb000cc307bc55d45&m=link
IP 139.45.197.238:0
File type JSON data\012- , ASCII text, with very long lines (2209), with no line terminators
Hash 9480a341995f1f785e6702ea13184064
2c981d07b458ac2ad9c489b02775918c11caecf7
a6d9b2c7f3dc13c702498243a50ed89ace416746c5fbc2342360524e54ea6eab
Analyzer Verdict Alert quad9 Sinkholed
GET /?rb=z1vcHjJLnMnZAwVoJUKXaUIXtWsDda87GZb-VRullEie5DApiguY9DCUSM4hcqJeg-FbQzhm06iaToj2Gc5gtMdIuPM81Bf9GkAU4eSQCcWMLTVXICYVeGrzrZY91r9uoA3_3ZpDEgWYTh7oNxq0d--CF-D01x-oe2eJ8QiKezQDkrktRX_h30G0VgEyDk5F_fVOKTLMuuK3LVFAx1xRPytDvVluP6XGBsSxIgs8oB4%3D&request_ab2=96001&zoneid=4907445&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=8&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=26f50476-6bfc-46de-ac5e-39eec394b2d1&userId=2a54f9d6df0143ddb000cc307bc55d45&m=link HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cuevana3.nu/
Origin: http://cuevana3.nu
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Dec 2022 04:38:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 8d208a4f1b101cf8fc6c743acd278b4a
Access-Control-Allow-Origin: http://cuevana3.nu
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=2a54f9d6df0143ddb000cc307bc55d45; expires=Tue, 12 Dec 2023 04:38:06 GMT; path=/
oaidts=1670819886; expires=Tue, 12 Dec 2023 04:38:06 GMT; path=/
syncedCookie=true; expires=Mon, 19 Dec 2022 04:38:06 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
banquetunarmedgrater.com/advertisers.js
173.233.137.44200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cuevana3.nu/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Dec 2022 04:38:06 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 274ec1855dff3ac6b1a61cfb5ad495c1
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8ded6ac6190af627000ae157e90713b9
cc26770dce4b0d3279fedb1659e7410ab5602e43
01f8aac7f31d97562c60dffe17242c2a067a04d63b145b6c000bdaac644aa4bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=98202
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Etag: "63958cc8-1d7"
Expires: Tue, 13 Dec 2022 07:54:48 GMT
Last-Modified: Sun, 11 Dec 2022 07:54:48 GMT
Server: nginx
Content-Length: 471
nanouwho.com/9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://cuevana3.nu/
Origin: http://cuevana3.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 12 Dec 2022 04:38:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://cuevana3.nu
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 18c366127b83331f9a63e2f928b0342f
427447cc0c6669c9c1053675f3423800dc03974a
585108ba23cec313a1cd9713dcb2a9e76070ba821baa08c42efecd97d376e4d3
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Dec 2022 04:38:06 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 16 Dec 2022 00:48:26 GMT
ETag: "427447cc0c6669c9c1053675f3423800dc03974a"
Last-Modified: Mon, 12 Dec 2022 00:48:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3513
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7783c4c1fda5b51d-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b14162cab0131ca3a7e7c1c6d72c77f3
87a1ae365bc2a459c323770eb9632d28649b2b1b
759526e8274b5fa52e1a46496e286cc04466a27c41a8f20de6aee1b756feb87c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.sedoparking.com/templates/bg/arrows-1-colors-3.png
205.234.175.175200 OK 82 kB URL HTTP/2 img.sedoparking.com/templates/bg/arrows-1-colors-3.png
IP 205.234.175.175:0
File type PNG image data, 3024 x 2000, 8-bit/color RGBA, non-interlaced\012- data
Hash b68c0210cadb1e12efc4557d7e49e48e
ad24ed2b2d5d166d07fbf0680693c88fb56fcb4b
e7ff091c85669b175de49d629d7d77bd20cd08d2c16ae74deef2ab06aec5854d
GET /templates/bg/arrows-1-colors-3.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apialfa.tomatomatela.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: image/png
content-length: 82231
access-control-allow-origin: *
cache-control: max-age=604800
expires: Mon, 19 Dec 2022 04:38:06 GMT
x-cfhash: "b68c0210cadb1e12efc4557d7e49e48e"
x-cff: B
last-modified: Wed, 22 Apr 2020 09:38:21 GMT
x-cf3: M
cf4age: 0
x-cf-tsc: 1668185124
cf4ttl: 31536000.000
x-cf2: H
server: CFS 0215
x-cf-reqid: b0d90438ddd37c3662e791b1cefaec13
x-cf1: 11696:fA.arn1:cf:cacheN.arn1-01:H
accept-ranges: bytes
X-Firefox-Spdy: h2
nanouwho.com/9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5014433&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=10&sah=1002&drf=&hil=1&ist=0&oaid=2a54f9d6df0143ddb000cc307bc55d45 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 218
Origin: http://cuevana3.nu
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: http://cuevana3.nu
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f85d8ddaf7c220b1fb8261fff7a0ac46
access-control-expose-headers: X-Sc
x-sc: 6L5KTzkMunYG2TENt1fAYY4wwfK8HjwKUmNihMFFlMKkZ-aBsKPRsrta8GrWcJgtI-934HH2ZvqyoNHHIYVbQ6SYskI=
set-cookie: scm=1; expires=Tue, 12 Dec 2023 04:38:06 GMT; secure; SameSite=None
OAID=2a54f9d6df0143ddb000cc307bc55d45; expires=Tue, 12 Dec 2023 04:38:06 GMT; secure; SameSite=None
oaidts=1670819886; expires=Tue, 12 Dec 2023 04:38:06 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a41c1c2a6aad29835a33369555bbe359
4e104748d3d8c3237d58e03b6f7493fcc9182142
a0495e2ab6ed55134a4bf56eb85252977c6978eb965b14724d47e3c979f25ab4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apialfa.tomatomatela.com/search/tsc.php?200=Mzk4MjM1NTIy&21=OTEuOTAuNDIuMTU0&681=MTY3MDgxOTg4NmMzZDY5OTcwZGQwZDE1MTc1ZjgxZGE3OTkxM2RiMzFm&crc=787b820643a8465b0a7053251425e51096602362&cv=1
91.195.240.94200 OK 0 B URL HTTP/2 apialfa.tomatomatela.com/search/tsc.php?200=Mzk4MjM1NTIy&21=OTEuOTAuNDIuMTU0&681=MTY3MDgxOTg4NmMzZDY5OTcwZGQwZDE1MTc1ZjgxZGE3OTkxM2RiMzFm&crc=787b820643a8465b0a7053251425e51096602362&cv=1
IP 91.195.240.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=Mzk4MjM1NTIy&21=OTEuOTAuNDIuMTU0&681=MTY3MDgxOTg4NmMzZDY5OTcwZGQwZDE1MTc1ZjgxZGE3OTkxM2RiMzFm&crc=787b820643a8465b0a7053251425e51096602362&cv=1 HTTP/1.1
Host: apialfa.tomatomatela.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 12 Dec 2022 04:38:06 GMT
server: NginX
x-cache-miss-from: parking-7887f445cc-87z4x
x-powered-by: PHP/8.1.9
content-length: 0
X-Firefox-Spdy: h2
omfiydlbmy.com/get/1955964?zoneid=1955964&jp=_cliwt8ia2bklnh7ze6t1h2&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487198572406327
62.122.171.6200 OK 12 kB URL HTTP/2 omfiydlbmy.com/get/1955964?zoneid=1955964&jp=_cliwt8ia2bklnh7ze6t1h2&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487198572406327
IP 62.122.171.6:0
Hash 8924524801e7186311b67afc8bb7d62b
cf6f6dd60167f77f889d0b989184622d8a13d7d2
56a30671be0f781afa1240dd58c4d5888f9e26ba2f28c03ca79755f1736731a9
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1955964?zoneid=1955964&jp=_cliwt8ia2bklnh7ze6t1h2&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487198572406327 HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22121123382365866297d24955961d221dfe; Path=/; Expires=Tue, 12 Dec 2023 04:38:05 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s2.googleusercontent.com/s2/favicons?domain=https://1fichier.com/?w7kyfw9mq9861t9cr55b
142.250.74.97301 Moved Permanently 355 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://1fichier.com/?w7kyfw9mq9861t9cr55b
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash dd4d26a52ab8c899fcc9e495d0161750
a3d6ab095c000931e330b38dfe45f766b40ef6ae
d716cf7495a1479c80d4b1df2ce97bfd929e9469046e837643829ba57e853afa
GET /s2/favicons?domain=https://1fichier.com/?w7kyfw9mq9861t9cr55b HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?w7kyfw9mq9861t9cr55b&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 355
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
Hash 9971ce482d809f571d8a873cd2d6b416
f19d60c99f2f03af184fdade0564a33f17430203
413a0e106d67851faf9d3015ddd4b0ec651c427dbce59b5b5c90898aaf25fa57
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 12 Dec 2022 02:41:08 GMT
expires: Mon, 12 Dec 2022 04:41:08 GMT
cache-control: public, max-age=7200
age: 7018
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0
142.250.74.97301 Moved Permanently 821 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (644), with CRLF, LF line terminators
Hash 799c3adf6ea3c96815f9fdf1f54bdd6c
f2a0ab61b42d6e96dafdcea834dc14e91c3d6a9d
1ecb75fb4188397d6e465b8695645d1da2550e4c8344c6393a4ed5c324d5b82e
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0 HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 821
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
142.250.74.132200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.132:0
Hash 6b83074760237f5b61f0bdfab656fb1e
f0808eac4c9d16d8b790295e348edee7396f6fed
0296af672ac40d771fa29f671e1545ed6392a32f652f9d8c647a3bdd1aaf8710
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apialfa.tomatomatela.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 04:38:06 GMT
cache-control: private, max-age=3600
etag: "14181701328128387770"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ
142.250.74.97301 Moved Permanently 465 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 5d3345d710509f13782862dd0b802ddf
31103a220a0ebb08baf98b40549bb8f376cd80c8
2f2e443912993309ec21a55d4bf560590a7ecd8797c873565ee0f03d48db381a
GET /s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 465
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0
91.195.240.94200 OK 7.6 kB URL HTTP/2 apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0
IP 91.195.240.94:0
Hash f0df55bd456794f2779e9201f7f9e490
117cff7ad9f57f845af88548c392a9491fa73209
a37685052f5c1462ff8a1eb4e13e78d38d79d7e4732d8d2a2e3c21a61944411a
GET /ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2RrS2xQejdSK0hqVFU2cjYvdXdHQWhiNGFBaG55aWpyaU9jMWx3MGM1RVQrczFvS04veVROT2hMTWc4NVRJbnkxcWs1MTkwRktuYW1DRU9EZThrNFZiWFVkTHViZEZmNG9yT2ZvVTJvU090THo3MnJNSnZDeDUrRmhlai9DN3ErV3d2NGdNdmt0L2liZFFQeHhsR3Nmd2ltemw1U2kydy93NUYrZDdPekNGVVUvWDZESEtqeVhkcGJ0WkExQjZvZjBqdmgxem9RcnBicFpGbVJ6MVlRSzhueTNQSjR1T2luNzF0UDNhZjQwTStBPT0 HTTP/1.1
Host: apialfa.tomatomatela.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 12 Dec 2022 04:38:06 GMT
pragma: no-cache
server: NginX
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QM8xk/5SPDTBCe7fTK5dVoN8GvUqqiSuKJ4N9IwglgaqlYegro8TI4pr9yHoqfsh0ekbc8rHxNamB1YEzPz1IQ==
x-cache-miss-from: parking-7887f445cc-dv59s
x-powered-by: PHP/8.1.9
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0
142.250.74.97301 Moved Permanently 565 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (388), with CRLF, LF line terminators
Hash 7cdff13e32dc22600e8b5a9f8489778a
e39c9a7f8d1776324238742c96627abfd04bb9e6
9c60732e0aabc59c47c296a1c881a444bd26f347717017c2466c3eea0a71899e
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0 HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 565
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cuevana3.nu/wp-content/themes/cuevana/assets/js/main.js?ver=0.84948900%201670819859
188.114.97.1200 OK 5.5 kB URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/assets/js/main.js?ver=0.84948900%201670819859
IP 188.114.97.1:0
File type Unicode text, UTF-8 text, with very long lines (1538)
Hash 6fb021d4a31b8f64c3e58ce48b944edf
5b6c1ffb96341fe7ab09bdf814933a9b571662e0
97c4d2117c451b8d0b97afa8dcc6d0b54e3f16ac5a12773275bfccab63c126d0
GET /wp-content/themes/cuevana/assets/js/main.js?ver=0.84948900%201670819859 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 17 Dec 2022 16:42:43 GMT
last-modified: Fri, 30 Sep 2022 02:06:30 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qxwc4jmAYwsBfhnBe8LOJAYz6DHbzHLmJDQ3vbtRzmopVStdUhyJ2bHOtd4ueZlByWZP0Ng6IRwzMDaHAO3T5AWT3%2FRm%2FVyGn46cKNE%2BREWohh8spYQrtVX30UamPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b868b7b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0
142.250.74.97301 Moved Permanently 821 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (644), with CRLF, LF line terminators
Hash e542ffc76945dfd232b5bf32b6a28495
ea51bf74c096f479520864542c62504f4316f18c
cfc6f7aff2185f1357a2e423177bcb02b3506647f54f8c6541da8e4576120827
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0 HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 821
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=M2ZZdHVZWUxWTWs0NXJNUzBsMmZvbm94U2hMOEN5QTd2RFhGMkNCMkwvVmZoRFFQUzlEcE0zT0pnRjUvSUxEcQ
142.250.74.97301 Moved Permanently 448 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=M2ZZdHVZWUxWTWs0NXJNUzBsMmZvbm94U2hMOEN5QTd2RFhGMkNCMkwvVmZoRFFQUzlEcE0zT0pnRjUvSUxEcQ
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e0dd01989594492152ed4ec4512b3411
dd6d5b172cd65957ac258d5d3f5b4dafa1663e7f
4159f7f1ac5ef98e24fb0df971bc543e7b2cb56bb8da076f309e9360e4978376
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=M2ZZdHVZWUxWTWs0NXJNUzBsMmZvbm94U2hMOEN5QTd2RFhGMkNCMkwvVmZoRFFQUzlEcE0zT0pnRjUvSUxEcQ HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=M2ZZdHVZWUxWTWs0NXJNUzBsMmZvbm94U2hMOEN5QTd2RFhGMkNCMkwvVmZoRFFQUzlEcE0zT0pnRjUvSUxEcQ&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ
142.250.74.97301 Moved Permanently 465 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 023caa1e5b77140d55c22310713d1f9a
5084dc5df50d7f62b1dd8f60c16aa492dc3f4dc3
1d7f17fb37a5b505198bc23daff0654c880d8349a74b3a872eed2be7a307e00c
GET /s2/favicons?domain=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 465
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK
142.250.74.97301 Moved Permanently 618 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (441), with CRLF, LF line terminators
Hash 5661a6ed75b7ab6c3f8ad2fe3e2706c7
dfc559ed8869bf0f6535d6323859b8fa3a01969c
66dd582b15dfcabe043a43ed5a35912df74d135d0f8451b3fa5feaf75ba23635
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 618
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXBrRTU4dDdJWHhyc2ZJVHAzdFptK3JnY2xUcS9UZnQxTDhFSUY5VHE2Ulk2UUhDcFF3RjZEQloyVzY2ejIrN2t0MEJ4VE1CUFI1eC9yUmxZOVd2cEpkRldHR0UwRjk5YVJqS2RvbW8wSmh5M0luajJsU1o3UkN4UGdsV1M4b0dT
142.250.74.97301 Moved Permanently 618 B URL HTTP/2 s2.googleusercontent.com/s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXBrRTU4dDdJWHhyc2ZJVHAzdFptK3JnY2xUcS9UZnQxTDhFSUY5VHE2Ulk2UUhDcFF3RjZEQloyVzY2ejIrN2t0MEJ4VE1CUFI1eC9yUmxZOVd2cEpkRldHR0UwRjk5YVJqS2RvbW8wSmh5M0luajJsU1o3UkN4UGdsV1M4b0dT
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (441), with CRLF, LF line terminators
Hash fe3ed60f6e0b912700792021fcb1e007
96dc290564679b195844daa2e70113b683e7e3b5
4b38e233d123c8dcb955dde41f6bb398e9e5d93e7db2ca07a70a518957298a33
GET /s2/favicons?domain=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXBrRTU4dDdJWHhyc2ZJVHAzdFptK3JnY2xUcS9UZnQxTDhFSUY5VHE2Ulk2UUhDcFF3RjZEQloyVzY2ejIrN2t0MEJ4VE1CUFI1eC9yUmxZOVd2cEpkRldHR0UwRjk5YVJqS2RvbW8wSmh5M0luajJsU1o3UkN4UGdsV1M4b0dT HTTP/1.1
Host: s2.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXBrRTU4dDdJWHhyc2ZJVHAzdFptK3JnY2xUcS9UZnQxTDhFSUY5VHE2Ulk2UUhDcFF3RjZEQloyVzY2ejIrN2t0MEJ4VE1CUFI1eC9yUmxZOVd2cEpkRldHR0UwRjk5YVJqS2RvbW8wSmh5M0luajJsU1o3UkN4UGdsV1M4b0dT&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 12 Dec 2022 05:08:06 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 618
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1407464173&t=pageview&_s=1&dl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&ul=en-us&de=UTF-8&dt=Mira%20el%20epidosio%206%20de%20Rick%20y%20Morty%20%7C%20temporada%202%20online%20gratis%20en%20Cuevana%203&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1055402743&gjid=1949121819&cid=770933194.1670819885&tid=UA-209818749-2&_gid=1446624411.1670819885&_r=1>m=2oubu0&z=497234918
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1407464173&t=pageview&_s=1&dl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&ul=en-us&de=UTF-8&dt=Mira%20el%20epidosio%206%20de%20Rick%20y%20Morty%20%7C%20temporada%202%20online%20gratis%20en%20Cuevana%203&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1055402743&gjid=1949121819&cid=770933194.1670819885&tid=UA-209818749-2&_gid=1446624411.1670819885&_r=1>m=2oubu0&z=497234918
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1407464173&t=pageview&_s=1&dl=http%3A%2F%2Fcuevana3.nu%2Fver-el-episodio%2Fepisodio-6-de-rick-y-morty-temporada-2%2F&ul=en-us&de=UTF-8&dt=Mira%20el%20epidosio%206%20de%20Rick%20y%20Morty%20%7C%20temporada%202%20online%20gratis%20en%20Cuevana%203&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1055402743&gjid=1949121819&cid=770933194.1670819885&tid=UA-209818749-2&_gid=1446624411.1670819885&_r=1>m=2oubu0&z=497234918 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://cuevana3.nu
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://cuevana3.nu
date: Mon, 12 Dec 2022 04:38:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2
142.250.74.97200 OK 273 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 4879b4bfc581cab5b5c803866211a36e
e1705c1fa9103a1a9f82a1bb5cd44c8e45bd520a
6ad1ffb79c80d41ec978dd45defe97ee70d0e2efd01bfe678198248819d1b98a
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 273
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 22:54:06 GMT
expires: Mon, 12 Dec 2022 21:54:06 GMT
cache-control: public, max-age=82800
age: 20640
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%231967D2
142.250.74.97200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%231967D2
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash aa3a2f86d22121bff6d29639ccf1a157
bb7bbcdc7c5391dd50b78233fefd3216df8b452e
867d889f103b1a4ce8d5d9dc67d027656ecb34002ca254a290e8ff7d64c8ee6d
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%231967D2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 22:54:06 GMT
expires: Mon, 12 Dec 2022 21:54:06 GMT
cache-control: public, max-age=82800
age: 20640
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13837
Expires: Mon, 12 Dec 2022 08:28:43 GMT
Date: Mon, 12 Dec 2022 04:38:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd461612b-42b2-433e-a7bb-3c7766300b84.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd461612b-42b2-433e-a7bb-3c7766300b84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a60507a78441aa0b04e41dafa9c275e1
2127078ca6592ca13b9abc4d9d44126b8e895138
2109d498bd1eeb8f7f2c2d955bbd08c3af831d787313897b28e515f530a53971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd461612b-42b2-433e-a7bb-3c7766300b84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5522
x-amzn-requestid: 03c0580a-d837-4e5e-a846-35cd992c8b6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2zE2aIAMFaaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-13d8f55d5362bd0d6f92f444;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WdHJRLihTEkginfhZvha3oCcjCasVs-WiiQwaE5bpHfddyx_yuUw6g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:34:48 GMT
age: 25398
etag: "2127078ca6592ca13b9abc4d9d44126b8e895138"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 21eb88f40afd0bb66fdf8413994ef404
d6d6804120d4c8a7f33425ce99cc7801286a39c8
78340bbac6950c4f7006182b173a0a0b93518412c65a4192d9977ffb92250f20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9bdec4-23b4-47d9-b623-556f664c1757.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7304
x-amzn-requestid: 454b4968-df15-4b5a-bb09-85c75f1e476e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2yFTmoAMFWsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-417e7a746455cbee1a61e421;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4m6uqrN4OsMQdfz5iUoBvoOHVWHmA_YsCvz45GSjtZCJSmqduuKXAA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:34:48 GMT
age: 25398
etag: "d6d6804120d4c8a7f33425ce99cc7801286a39c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86bce3d677c0dd541440ebf38920020d
f11e21b6ad97e07b1d7103ad40a2e158e06fda73
9e23bc16cd1402d9124ebb9e625a5580f677ca9e008d3e04dc95080072fd1df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7104
x-amzn-requestid: b1117224-be51-4e21-8b3b-01e5485f0af0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2yH4loAMFuWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-1382e1a6710239ec629eedb8;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A--8wjYJWCj_JD6eaj3FoD0dLarj6gvH2uQrmsEDLgPwZdQgtUmaoA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:34:48 GMT
age: 25398
etag: "f11e21b6ad97e07b1d7103ad40a2e158e06fda73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13837
Expires: Mon, 12 Dec 2022 08:28:43 GMT
Date: Mon, 12 Dec 2022 04:38:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b29987-02fd-4d31-922b-982bc01fc707.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b29987-02fd-4d31-922b-982bc01fc707.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c6b849c6f129763fdb8cb8e204c4061
85c2634af4069eed597ee1c3d469234f948ffe30
e3199deebec60704cfcc2ade400cf7a676cc29571604904decf72fdae77218af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b29987-02fd-4d31-922b-982bc01fc707.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11031
x-amzn-requestid: 69574045-a0a8-43d6-9d8d-55882e45da77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAEM0HIWIAMFaJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d85-6815de4f3eec22984800e99b;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L8bSONyZ4Sppy_T6TZjFUz19FsRQRqRGALg4Ttr1cuHPYJxdZwk9VA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:13:54 GMT
age: 23052
etag: "85c2634af4069eed597ee1c3d469234f948ffe30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccb6f5a22e2436f35e44eb111ecba475
646216151e3c1aa66f30c323f0ad19b713dc6b90
0855d5b41708252c6bdb88382c64c6ed89721523d430333a5816b85f9e901b4b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 692cfc2b-ef1e-432b-adc6-cbe71b948ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD7HFCOIAMFk1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d13-6e956e071331a1560d4f6f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:35:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _oHlFqzoduZMveEpKAjhlrpdCQqdAOU-UrcM8DWwXR70K1e7xYA2Qw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:35:15 GMT
etag: "646216151e3c1aa66f30c323f0ad19b713dc6b90"
content-type: image/jpeg
age: 25371
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13837
Expires: Mon, 12 Dec 2022 08:28:43 GMT
Date: Mon, 12 Dec 2022 04:38:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde328206-b913-49f3-9a85-6ccf3ddb1dee.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde328206-b913-49f3-9a85-6ccf3ddb1dee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03a041f97f828bf7e3cb9af23202d164
66360922920cdf1a9412930d5fd0339fe4845b6d
63f96ad2555a107107efcade18fdeb4cc9f2aaf65650c6945b300a9ff41f6655
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde328206-b913-49f3-9a85-6ccf3ddb1dee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5979
x-amzn-requestid: 929d1f96-64db-4280-8b90-852246063c37
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD33GQJIAMF4Ng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cfe-79604f955b788ac9319e2e3e;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lkyT46jQIc9ZPYgCyWS2l5HBQIIHqSlJ4Lu3DrOQHf-JbrSK_zQ6_g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:34:55 GMT
age: 25391
etag: "66360922920cdf1a9412930d5fd0339fe4845b6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13837
Expires: Mon, 12 Dec 2022 08:28:43 GMT
Date: Mon, 12 Dec 2022 04:38:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b15a4989aefac89ff5e03c444cf0a8c0
da92bc0874b7beecbe255074ebb13b13fe43ec16
71a3c022e201a5122beb86d015f5507f6e348fddbceccfae8f74afae2d893f67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1
139.45.197.242200 OK 124 kB URL HTTP/2 nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1
IP 139.45.197.242:0
Size 124 kB (123779 bytes)
Hash 318349291e1d5cb3c622502a16fcd252
44a009655242e41d22958decfe6ccb74e0b4bf0c
43c36c70209bb06271f4e4abd57932c09c1b65936ded573bd6f8f76516f2f885
Analyzer Verdict Alert quad9 Sinkholed
GET /27/11a99959c11b6755664b3df2c6eb7de1 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 07 Dec 2022 09:08:16 GMT
expires: Wed, 06 Jan 2083 09:08:16 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0&size=16
142.250.74.100200 OK 525 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0&size=16
IP 142.250.74.100:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e7490fb45f75e701e6f881c482f41d0
eb49f737486f87c9155563697b47d5ed3b788fae
d3528057ed6f6e5ef6d921c1eda6c1f2ca0524c33c83619143967a8bb6c7e4ff
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=Mzl1NXQxSnN5WlMwek0yY2NUUDl0NXdFTEkvT3BQd0RKN0RUMFJrTjh5dGlhUUFlYlY2NjljWE8wVEJ1VWxNaXlYYms2a01xd3krMTlLRk91MUduWVh2SERUWmxFOWg2c1ozZjl5SG5LSlh5QmtCWjBCZHpMQnFIWGJnTmJzaG5lWTdVT0NRR2VGclowRE0zV1lYU1ZnPT0&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://img.sedoparking.com/templates/logos/sedo_logo.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 525
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Mon, 26 Nov 2018 03:13:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/npsimzsztibg&size=16
142.250.74.36200 OK 628 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/npsimzsztibg&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 14, 8-bit colormap, non-interlaced\012- data
Hash a025a7d0ad9c9dcb11225d8ff891e2ab
7e31fbedf07c440553337ef9ccede378ff1723c3
1475fd2e3e237b87f41c35f27cb33d944b63b847c34909129eec1d7a9bf99f6e
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/npsimzsztibg&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://uptobox.com/assets/images/utb.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 628
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Wed, 27 Jun 2018 16:00:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?w7kyfw9mq9861t9cr55b&size=16
142.250.74.100200 OK 777 B URL HTTP/2 t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?w7kyfw9mq9861t9cr55b&size=16
IP 142.250.74.100:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash ea70b34ee38dc7e303778a47d2b46a13
58ae85c0048f4e0580992b0b8f5e5c3aa73fa499
62d589b58a50dbcc9fb91095fdddcde6a20574f085e60492b1fbbd2be693682a
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?w7kyfw9mq9861t9cr55b&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://1fichier.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 777
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/vrvyij07bboy&size=16
142.250.74.36200 OK 628 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/vrvyij07bboy&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 14, 8-bit colormap, non-interlaced\012- data
Hash a025a7d0ad9c9dcb11225d8ff891e2ab
7e31fbedf07c440553337ef9ccede378ff1723c3
1475fd2e3e237b87f41c35f27cb33d944b63b847c34909129eec1d7a9bf99f6e
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://uptobox.com/vrvyij07bboy&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://uptobox.com/assets/images/utb.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 628
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Wed, 27 Jun 2018 16:00:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?14bi5bw5y0ungrotpk06&size=16
142.250.74.36200 OK 777 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?14bi5bw5y0ungrotpk06&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash ea70b34ee38dc7e303778a47d2b46a13
58ae85c0048f4e0580992b0b8f5e5c3aa73fa499
62d589b58a50dbcc9fb91095fdddcde6a20574f085e60492b1fbbd2be693682a
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?14bi5bw5y0ungrotpk06&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://1fichier.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 777
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0&size=16
142.250.74.100200 OK 525 B URL HTTP/2 t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0&size=16
IP 142.250.74.100:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e7490fb45f75e701e6f881c482f41d0
eb49f737486f87c9155563697b47d5ed3b788fae
d3528057ed6f6e5ef6d921c1eda6c1f2ca0524c33c83619143967a8bb6c7e4ff
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBQmx5b2ZqemljRFk1RmUybGphTUI2ZFhTWTNzZkUwOXAza0NTSktMWW9vQ1pWSXViY2JaOEdPazE4bjBVS2NMUXhlRWUwWWhxU0ZjdGNIT0dBWFI5U2ZxMU1lTWFjQzJQald2ZjJYU0pPNy94ZEdXcE1BeW82TkR4Umt5a3BwOUloZmFsdlI4T0sxejJjOGFCMWIrbEltcFZCSFRNYkxPNEc4VG4wWGkxQUc0ZEF5SVV1MDRpY0xRWFZXSENDQ2FJbFdDS01JSWJlMHM4UjhJZWxKa1FQZ29ONVFwQXYxQVR6ZHIwc2poQUxXaytZbFBVbzNqTlBCYlRPS25IY3JlTXByOVdlUW5PRVRWZElxSWNPUUNUaDNRWC9OMW5kb3FkUWhkcFJRbFF4a0o1R1YzYVZLM2V2ZHREQnpEcjg4Mi9RPT0&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://img.sedoparking.com/templates/logos/sedo_logo.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 525
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Mon, 26 Nov 2018 03:13:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK&size=16
142.250.74.36200 OK 525 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e7490fb45f75e701e6f881c482f41d0
eb49f737486f87c9155563697b47d5ed3b788fae
d3528057ed6f6e5ef6d921c1eda6c1f2ca0524c33c83619143967a8bb6c7e4ff
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://apialfa.tomatomatela.com/ir/player.php?h=bHJMRW1oTVhldDJJZnZnUE10V3NBTHR0alNycDZ1OHpHeFNQeDhKRlNNenVHeVRjWmtUOGQvT0h1b0doTFZHNXlpNDc5WTVzNWxFKzIxU0pTZmhhR1paeHdYZVNEWXFoOGdpYkw1QnA1ckNsSWpuVmljcDM4RWZiUDZFRUpTMXlYWGVpck1yRXFKdTg0UDVIZ0FiZ0NuSmpaWlJhQjJ4Wk5iaVhwV3p6M2IyMm5mRXl2cEtKRFpVM2VEaWFpVnlK&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://img.sedoparking.com/templates/logos/sedo_logo.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 525
date: Mon, 12 Dec 2022 04:38:06 GMT
expires: Mon, 19 Dec 2022 04:38:06 GMT
cache-control: public, max-age=604800
last-modified: Mon, 26 Nov 2018 03:13:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvamEzSGQ2SENka0VJdXpJUzRKbVorS2JCcEFMalh4WUFhcWJrbllGaWlsUGszbldETGtGVDZSK2hqTW1URlJMTnc9PQ&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ&size=16
142.250.74.100404 Not Found 726 B URL HTTP/2 t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ&size=16
IP 142.250.74.100:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://api.cuevana3.me/fembed/?h=aUJjeGt5eWFpaGV5Szc2RGQ0OVdvaDJ3Q1hjSHlwTTJqRjhTNzBzRkxNcHIxUW9GNGxYTkJTSTFtbDl3enFwaEJ4d0czRlhKR1hDd3BHUjd2bkVPbFE9PQ&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cuevana3.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 12 Dec 2022 04:38:06 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 04:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cuevana3.nu/wp-content/plugins/wp-postratings/js/postratings-js.js?ver=1.90
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-content/plugins/wp-postratings/js/postratings-js.js?ver=1.90
IP 188.114.97.1:0
GET /wp-content/plugins/wp-postratings/js/postratings-js.js?ver=1.90 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 08:43:46 GMT
last-modified: Fri, 30 Sep 2022 02:06:29 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 330857
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdB0iD0aFU1GQ1jcHX9UqIjXMIfJWVnlQAPWNRPzQeokOAZ9L3jYFnSy7vScJj8gzFxnhzvJe4mzX9Y%2Broqvl4zECZJx2k8qnjAnyAMeylYrbLAdZjVv42WUYERqqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b858a8b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cuevana3.nu/wp-content/themes/cuevana/assets/img/latino.svg
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/assets/img/latino.svg
IP 188.114.97.1:0
GET /wp-content/themes/cuevana/assets/img/latino.svg HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 14:48:30 GMT
last-modified: Fri, 30 Sep 2022 02:06:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 308974
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2hRm82n%2FHN3OCcZpMfFmEIwPAoG6aDP6bX1XGekbMWdqnf%2B1KDIRY%2BSTYsDtDLWsaPSTYsyqCAnIoVuOZaYRAjJuwPkl16cxvTdWNU3BH1O6xUnioaO%2BjY1Skw28Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b858afb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cuevana3.nu/wp-includes/css/classic-themes.min.css?ver=1
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-includes/css/classic-themes.min.css?ver=1
IP 188.114.97.1:0
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 08:43:46 GMT
last-modified: Sun, 13 Nov 2022 01:43:42 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 330858
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oOZfPchTbqPp1NT8bAA%2BLfvvDDc1KXRe1jj8aKZW2MBKGkF1sjNH4xKOmdxqc05%2BURhLKtiOfc1X5wZVwQHVbQFqSdz7EDKaW3Oo%2FxE1wApGnhuia6ZYtIMnVyMDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b868b6b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cuevana3.plus/perversas.jpg
104.21.89.109301 Moved Permanently 0 B URL HTTP/2 cuevana3.plus/perversas.jpg
IP 104.21.89.109:0
GET /perversas.jpg HTTP/1.1
Host: cuevana3.plus
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Mon, 12 Dec 2022 04:38:05 GMT
location: https://cuevana3.nu/perversas.jpg
cache-control: max-age=3600
expires: Mon, 12 Dec 2022 05:38:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWrxCKtKInqBV%2FAtefFwfA%2B8H9B5EIqv%2B7NBlYB1FQOSueAD39zWzy0zk%2Bs4fuU711TnGpREIvBz0g4qjgCyazd3BwxBHu7KWefgPjV0u3oi2yQ9VeAAdpfat6XIrN%2B4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7783c4b9d8a7b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
urimnugocfr.com/get/1955969?zoneid=1955969&jp=_cljy3aaf7uv6qnbn8197gi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583423316326553
62.122.171.6200 OK 0 B URL HTTP/2 urimnugocfr.com/get/1955969?zoneid=1955969&jp=_cljy3aaf7uv6qnbn8197gi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583423316326553
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1955969?zoneid=1955969&jp=_cljy3aaf7uv6qnbn8197gi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583423316326553 HTTP/1.1
Host: urimnugocfr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:06 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2212112338c7bcfe55f7e94696b096dba9d5; Path=/; Expires=Tue, 12 Dec 2023 04:38:06 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cuevana3.nu/wp-content/plugins/wp-postratings/css/postratings-css.css?ver=1.90
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-content/plugins/wp-postratings/css/postratings-css.css?ver=1.90
IP 188.114.97.1:0
GET /wp-content/plugins/wp-postratings/css/postratings-css.css?ver=1.90 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:04 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 08:43:46 GMT
last-modified: Fri, 30 Sep 2022 02:06:29 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 330858
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJakrn%2Fda%2F%2FC1%2Bcy2%2FBzJ0POrXsrVvP6lItl94qXH3afI3FY2%2FQ6QlJwzJICTWo02NhDcHbjTA5M32LZ0N96Y3m2ODNV5OTTNNtEf7fGZaXWU51Y1wFBKAzPE5tSFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b868b5b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cuevana3.nu/wp-content/themes/cuevana/style.css?ver=0.84948900%201670819859
188.114.97.1200 OK 0 B URL HTTP/2 cuevana3.nu/wp-content/themes/cuevana/style.css?ver=0.84948900%201670819859
IP 188.114.97.1:0
GET /wp-content/themes/cuevana/style.css?ver=0.84948900%201670819859 HTTP/1.1
Host: cuevana3.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 19 Dec 2022 04:38:07 GMT
last-modified: Tue, 06 Dec 2022 13:00:45 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGpjRVgkUjY%2BTyAhyEHzGJRWV70vvtSzrezuyDdI1xOxtF6z8F7NV093hvbD9QC3qLys5bCh6t30jx4otBncLdzMHsPhoDaeaIjZ0dVNp6jhbgCwYH8NUinlgFU0qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7783c4b858b0b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
omfiydlbmy.com/get/1955965?zoneid=1955965&jp=_cl5uib7ipjzab92m0z1cfy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020473362837000
62.122.171.6200 OK 0 B URL HTTP/2 omfiydlbmy.com/get/1955965?zoneid=1955965&jp=_cl5uib7ipjzab92m0z1cfy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020473362837000
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1955965?zoneid=1955965&jp=_cl5uib7ipjzab92m0z1cfy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020473362837000 HTTP/1.1
Host: omfiydlbmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cuevana3.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 04:38:05 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2212112338b99b59ebc306473dbaad02a8b8; Path=/; Expires=Tue, 12 Dec 2023 04:38:05 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2