| keitaro.top/LBFKWk4T | 104.21.12.150 | 301 Moved Permanently | 0 B |
IP104.21.12.150:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to a *.top domain |
GET /LBFKWk4T HTTP/1.1
Host: keitaro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 15 Jan 2023 01:59:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 15 Jan 2023 02:59:52 GMT
Location: https://keitaro.top/LBFKWk4T
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKqRTH1ShEFZpKc8LbYb%2F%2FyLrmm1lUloUvyN5bLIZPmB3yk0sXdsiQQeyNPemibUSM7r4xIuViv406E6vlk613bJvbTtL6gVHHYElVWhhUlUCONXf9b4aZSPYGvDKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 789b03b848aeb511-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2258cd6b877a3aca8f4c84074e65ac4b 4e46c70941f8e497e8afc8d078644e7f81761a1c faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8156
Expires: Sun, 15 Jan 2023 04:15:48 GMT
Date: Sun, 15 Jan 2023 01:59:52 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash0643dc6b6fed33b3537160b6bb77bcbf aa43bd1fbb30d2219f3285c1ee4991ffb33562c5 f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8524
Expires: Sun, 15 Jan 2023 04:21:56 GMT
Date: Sun, 15 Jan 2023 01:59:52 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashff250d3ef3fa45322bf05039a0122a9f b3e7a2c383bce1bab807dbe1a03c375258b51f1d d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 15 Jan 2023 01:42:04 GMT
content-type: application/json
age: 1068
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashf7bd85a261739c122eefb74ffddaec99 e2e059b0740592e8591d432249aafe5fcb8af23c 71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9471
Expires: Sun, 15 Jan 2023 04:37:43 GMT
Date: Sun, 15 Jan 2023 01:59:52 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lZK3YEyqSBilYTC+pBeV0KbS+9n87bIy2CAjuIkmDX9HKQ5/Yu3+pDHGhvT3YnGZ9tDtgjFA2YA=
x-amz-request-id: YQA9KE2VVJFS6HCF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 15 Jan 2023 01:43:57 GMT
age: 955
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 01:59:52 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 314 B |
IP93.184.220.29:0
Hasheacff5a73e0783d949d0376361197ac3 17627250ce4ad2dac9bf0c42acef887ef3eca8cc 558b770821de8db282151d73d8ac5ed2de2bde7afe0e754a66d4bddd231be84b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4351
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 01:59:53 GMT
Last-Modified: Sun, 15 Jan 2023 00:47:23 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
|
|
| traffscale.g2afse.com/click?pid=98&offer_id=171&l=1670336844&sub1=s8hnpa28ilt&sub4=3 | 34.91.234.242 | 302 Found | 0 B |
URL HTTP/2traffscale.g2afse.com/click?pid=98&offer_id=171&l=1670336844&sub1=s8hnpa28ilt&sub4=3 IP34.91.234.242:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=98&offer_id=171&l=1670336844&sub1=s8hnpa28ilt&sub4=3 HTTP/1.1
Host: traffscale.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=63c347c389833e0001ad1dd5; afoffers={"171":1673742275}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 15 Jan 2023 01:59:53 GMT
content-length: 0
location: https://2020puppweb.com/LVuNT1lF/?subId1=63c35e197613790001ba528e&subId2=98
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63c35e197613790001ba528e; expires=Mon, 15 Jan 2024 01:59:53 GMT; secure; SameSite=None
afoffers={"171":1673747993}; expires=Mon, 15 Jan 2024 01:59:53 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 15 Jan 2023 01:33:45 GMT
age: 1568
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| 2020puppweb.com/LVuNT1lF/?subId1=63c35e197613790001ba528e&subId2=98 | 104.21.79.12 | 302 Found | 0 B |
URL HTTP/22020puppweb.com/LVuNT1lF/?subId1=63c35e197613790001ba528e&subId2=98 IP104.21.79.12:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /LVuNT1lF/?subId1=63c35e197613790001ba528e&subId2=98 HTTP/1.1
Host: 2020puppweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: click-2023-01-15=%2CLVuNT1lF
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 15 Jan 2023 01:59:53 GMT
content-length: 0
location: https://wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source=
set-cookie: click-2023-01-15=%2CLVuNT1lF; expires=Sun, 15 Jan 2023 21:00:00 GMT; path=/
cf-cache-status: DYNAMIC
x-robots-tag: noindex, nofollow
server: cloudflare
cf-ray: 789b03bcf95eb512-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashc01ec61f7ca77158f474b3ab519c12fa fc82ae0fcd73a83a980b75709a08e65239894e4a f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5730
Cache-Control: max-age=117744
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 01:59:53 GMT
Etag: "63c270a7-1d7"
Expires: Mon, 16 Jan 2023 10:42:17 GMT
Last-Modified: Sat, 14 Jan 2023 09:06:47 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
|
|
| wheel-monkey-br.pu020ev.com/img/spinner.png | 172.67.70.112 | 200 OK | 649 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/spinner.png IP172.67.70.112:0
File typePNG image data, 56 x 56, 8-bit colormap, non-interlaced\012- data Hashbab289417c3c054ebdddfdd939fac404 18d526786e43efe29379c9e6189db89e941575ed d20c46876d511930162cf573132a3f2bb0d12d59fb5e1aed89ecfac8f65636f4
GET /img/spinner.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
content-length: 649
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
etag: "61cdc7d1-289"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zMxU98IYpj20DHs4IW4fVK6jhDv3j4xaN748UpaS%2B8N78MBMmd8LZsq%2FKxxJVXPklQuz%2FsCdKprJbd2U5bnLse4KJEolcq4gViKyhoOEUQyISGkt9FqiswwxojrGbhB58XH4RfOnnS7k0XS2Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 789b03c09b4afabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2 | 172.67.70.112 | 200 OK | 66 kB |
URL HTTP/2wheel-monkey-br.pu020ev.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2 IP172.67.70.112:0
File typeWeb Open Font Format (Version 2), TrueType, length 65992, version 1.0\012- data Hash2222f1fd23aa2c08af158311d680ac4a 713bc1f45391eb8c40ce868ba938737a881057b1 6f62f51295d471a285e41bf8063c23b6046ee2770a5c0baa55a5a7ed04251d22
GET /fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2 HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: font/woff2
content-length: 65992
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
etag: "61cdc7d1-101c8"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BzQQxIjSuNzcSJJdhlQ3CbvFjA30vwWU%2FeTT8cHc9AWGfVIsEhLkUUlCiN95bU4Xhj7IZmRuMPQ7NZ1xiBSMxYSVNLmzG8rIeVgA9O7w1F58yAo9mLzlB6f%2FQdqkm1H7gAOaoHuAJPCndvc0fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 789b03c09b4dfabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/fonts/src/fonts/Pinup-Black/Pinup-Black.woff | 172.67.70.112 | 200 OK | 102 kB |
URL HTTP/2wheel-monkey-br.pu020ev.com/fonts/src/fonts/Pinup-Black/Pinup-Black.woff IP172.67.70.112:0
File typeWeb Open Font Format, TrueType, length 102380, version 0.0\012- data Size102 kB (102380 bytes) Hasha9fbc3df134338d218ed9f555c9ecee8 37982d974361917f1ddd6555fef3acae3e6911ce d0071e5cf68a74c19bd55355486916183bff7afa7f1d16aea03e04736aa621e3
GET /fonts/src/fonts/Pinup-Black/Pinup-Black.woff HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: font/woff
content-length: 102380
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
etag: "61cdc7d1-18fec"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPJDayA4rTVlAasj5iaC09BOn4iy1mKoZPT519T4iO22JmEfMk2PCRiyr1cpsFmGXuYmiNzejfZNtqdoSW4R%2BKwNwhJMwt4MkQW2F4iFvsrYA4hrvPldobus0OotBCTzvFMgKAQxU6jTPezmtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 789b03c09b4cfabc-OSL
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 35.161.132.177 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.132.177:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RvpC/gIF1/k1bflYv/E8nw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: G3RZbnD7EBW+ZurnbWsmZBSZuSU=
|
|
| wheel-monkey-br.pu020ev.com/main.css | 172.67.70.112 | 200 OK | 302 kB |
URL HTTP/2wheel-monkey-br.pu020ev.com/main.css IP172.67.70.112:0
File typeASCII text, with very long lines (37203), with no line terminators Size302 kB (302467 bytes) Hashb225546ce5f246fa30c3b97e8ddbc109 4de7ce142295e2414b46666408212d3a953b0d63 dc743f800f7c63a9bfbc1e2cac94f5ef905c94ae37a70656dfc69f5c6b764e26
GET /main.css HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: text/css
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-9153"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVGwonE1eqiDuth4AOUOH2FuQKGFuGQ4nOZGctpTEH1cIgB%2FhjtFDLpSl%2FGRkUjBpY7UXEoOvMQ9WfudFg0CCSDJ%2FF%2B8k6ecBIjlhs2tXLCsmkIZxCus8%2FCprsM7rMvSAHpbP02wJ1kN%2BtGn4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c02b28fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash256e39696ba05f2324bbc49b2a396115 e1cf8b15abd0a20eb1218be517c03459514a59e0 d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Sun, 15 Jan 2023 03:49:53 GMT
Date: Sun, 15 Jan 2023 01:59:54 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash256e39696ba05f2324bbc49b2a396115 e1cf8b15abd0a20eb1218be517c03459514a59e0 d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Sun, 15 Jan 2023 03:49:53 GMT
Date: Sun, 15 Jan 2023 01:59:54 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash256e39696ba05f2324bbc49b2a396115 e1cf8b15abd0a20eb1218be517c03459514a59e0 d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Sun, 15 Jan 2023 03:49:53 GMT
Date: Sun, 15 Jan 2023 01:59:54 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash256e39696ba05f2324bbc49b2a396115 e1cf8b15abd0a20eb1218be517c03459514a59e0 d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Sun, 15 Jan 2023 03:49:53 GMT
Date: Sun, 15 Jan 2023 01:59:54 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cf5b0eb-b905-43ce-8a28-48297c75e980.jpeg | 34.120.237.76 | 200 OK | 3.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cf5b0eb-b905-43ce-8a28-48297c75e980.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4a1c6332b225de08d58bb9cb44f09917 c0d28fb2b2fd6d55cb4c0831a3a08b95b3f7455c 4716dff7ee5c34d5e4ab214571a03b60026d7a69b25cb838f8b6a1fb01f44f02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cf5b0eb-b905-43ce-8a28-48297c75e980.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3777
x-amzn-requestid: aee3b367-d5d1-46da-9aa3-89a6c8d4cab1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ertWFHw8oAMF76A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c15c26-2b00da01705c5717434ac1d3;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 13:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lajUfG_N7T3COcN8a94Oa8CRpKnVF4iPRI8ok9sy1hZLFM8EMwScTw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 18:55:01 GMT
age: 25493
etag: "c0d28fb2b2fd6d55cb4c0831a3a08b95b3f7455c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash74ac30be02dee9dcfeee79a7dc54edff 1368d81de22ea2e4054a3e1a8f01ef337c63e35b 8abc2f276906dfb9ce75c2526d2c2cfa6aea6dbe13f4046de1040cd611cbbc1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9801
x-amzn-requestid: 39d84a20-55f7-4b7c-abc4-9ac1ff100da9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqSkoGCZoAMF1zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0caea-4f7a1cf676335cc83018dc51;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 03:07:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7sYXKj0q744Ymp2GERcHWCIbSMBl0wUnJkV6abo2tv-7EQGwKoKv8g==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:30:06 GMT
age: 80988
etag: "1368d81de22ea2e4054a3e1a8f01ef337c63e35b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash6f82c507da28e1b4557ea7f2bdf0f7fc 4be269ad35497a42bf7fce03d711ddf9496abbb4 f51879b87cb99b4883f320fe4abe44032968c42e32b88dc5f788b40ddc6494db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10558
x-amzn-requestid: 46ac11b3-d99b-4dbf-bc92-8ad5d6664669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enjB8Hb1oAMF3xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bfb20c-2e6a19716318b0650102ba96;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 07:09:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: h3fHTYrXaZWIrm-iiwfejtgOg-rVCgqF7brXVmVbwLY9t1KgPHXwCg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 07:17:31 GMT
age: 67343
etag: "4be269ad35497a42bf7fce03d711ddf9496abbb4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg | 34.120.237.76 | 200 OK | 5.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash5c609c89120eef87bbdd0d8ee5ee18f9 be8e369be0ccc707b904546798aacc9afe413cfa feaa9f41b45aaa71d87008fe3112bc09e41cf6c2c500b4bc1adc125c7c82eee1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4981
x-amzn-requestid: b38d8240-7f85-4fd6-845b-54ddc6da7521
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewH9tHxWoAMFTQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c32057-657c5e342a66713b0f5f8f0b;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XFRrdpdDYEyYq9lFI99gf2mrKB2VRbNmAwbMN9c3wJlbBbc9UTTiaQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 21:51:43 GMT
age: 14891
etag: "be8e369be0ccc707b904546798aacc9afe413cfa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha23d61d610c7b55d943fcb2636a01b65 82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065 28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: eb427fd6-c342-4a22-af45-ecc528cf4a8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: epfDqEAZIAMFudQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0787d-4f61ecd2422081224869da76;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 21:15:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RRMRT2BC5p1x0Vh20ut0Kjbz2mnaNToUIbzIg9oczduvzYCckvFORA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 12:46:14 GMT
age: 47620
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg | 34.120.237.76 | 200 OK | 5.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash90fc5463f271bab652af099cb526f189 805c27d8f82a5eb6583814313c36f5e7699408e5 749dca33aa337b494fb113896bf035bc9dcb17068ecffdf30fc5ac85a4ac5185
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5495
x-amzn-requestid: d76b8f1d-37a2-47ac-9acf-1b0a44a4a5fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqsroF62IAMF-mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0f4b0-67700bfd11f1ad5d0aaab92d;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 06:05:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i1qN9bIaz5ekgkM81KehmDDQpzBULDfPkp-fjEOHiZxFVogDBOIGzg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 14:12:39 GMT
age: 42435
etag: "805c27d8f82a5eb6583814313c36f5e7699408e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc75c5357-d038-4ff3-8b8f-9b5f26db0a5e.jpeg | 34.120.237.76 | 200 OK | 3.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc75c5357-d038-4ff3-8b8f-9b5f26db0a5e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4bda8a71e1e7a2173911de887bcab274 a05c3182c259756d1a5327d5a133320313565fc8 b00ae81aae4e5867010548c35737058b2ccfd9a6a6e2a061c729a71d04a5a1a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc75c5357-d038-4ff3-8b8f-9b5f26db0a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 2965
x-amzn-requestid: 40c45a90-a37a-4266-8160-a1f28e1f1ccd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ej3IeG1GoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63be389c-79eb438c525de999349c4a08;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 04:18:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6_EoyIEs60dBaJn9wuxAFVShqt-8Qb81cOHUFVmtqcE-V3mqLU8nnw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 21:54:18 GMT
age: 14743
etag: "a05c3182c259756d1a5327d5a133320313565fc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/monkey.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/monkey.png IP172.67.70.112:0
GET /img/monkey.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-f304"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A79LhN2yrovT%2F0NdyBkwMndOQMFjT2FO08NhChJyhY9HRclBCRsZKM29FuGjeH6ccDHDmdM6IkS%2F1llToFbrbHERajSsqmyGk5kQrSobnpy9%2B9tLvclFYHuBrIDzl6EzVsdW3IxbGsZ5YbJeLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c09b4bfabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/wheel-win-frame-girl.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/wheel-win-frame-girl.png IP172.67.70.112:0
GET /img/wheel-win-frame-girl.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-53f8"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szxIYa9emIZvx6q%2F4WAH4vziLBuwCymQVeoKBdoNvh%2FfK2Z7lLv%2FWG%2FklxuNV2oPI9pv1ZvvspIZb8Gj4uSQ07RwNWdzXTh5LHY22GkMO3oDlAEN2JVZf8A%2B49Di69hoJyHGKh7KG%2Bs2JxYroA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c09b49fabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source= | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source= IP172.67.70.112:0
GET /?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source= HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: text/html
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOVoF9Zy7a4dvC8%2FBDE5J0Or2WZ5vCdAIAglyvjH6TQRFsYz8XvYcNNXd0hYKFJZ8vKjbBLlk%2BBIJHTKVtFToBuPFteY58DKTHpbBLAR0nLJSAMaYHvaapDQoemIyJcAwOf4QKAZXhVZyiOXeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03be8a7cfabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/bundle.js | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/bundle.js IP172.67.70.112:0
GET /bundle.js HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: application/javascript
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-f74f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOCXdYolnegRgRixpZDyOd9rUmjtGmfOjDwJC6phnaN7TMh88kvRu8pA3GhhKV4ZVpQ74YIEK4Irf6WaPXs%2F2J45QPPdZC1Lx9phwe7fsXr%2BAWgnNJcDafgHmJnJJX9KGPb6D7wLXupk1IY%2BFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c03b2cfabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/subwheel.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/subwheel.png IP172.67.70.112:0
GET /img/subwheel.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-170fd"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2BhvgioFDVWiCHrj9T9vjx5avKsvn5EOBfmGJFcGjpfUJbK4qNdSx2LZ9nNOMr5w5w7Zjet%2BI4wIyMGQfZoLYV1VGUowhtbHxeuCtaUjWHEaTdDYs1RGKcd6IllZWE%2BkZytzObH96ZiDjrYfeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c06b3afabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/wheel-lamps-active.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/wheel-lamps-active.png IP172.67.70.112:0
GET /img/wheel-lamps-active.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-f2e3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0MbiTOj629UMDoyYX%2BWEeY1a8%2FOxF%2F5fcUo25aZGpQrJp4%2BuLMTNn9Fe7vYWPP4h48SkA5VtNEM%2BqdxfygacdTVmcPBLlY14FVFKGEJvlZH%2FB2PepwdPDGXFDtlrqlWN7mGDFxANgZXuKwkYxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c07b3dfabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/wheel-center-girl.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/wheel-center-girl.png IP172.67.70.112:0
GET /img/wheel-center-girl.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-3a3c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWXPZIVKrouqTmI2SOfuBSuO5RQ98BXH0PaN%2Fn5vnn77XLcbCYYwk4EsDYJVmAeEjGBDNv50YwKfQY92dFJHS56peo%2BG2qgiVEWM4J%2FNs6gWHC5PNSxfTdWMFNyrdYQ7vtdchTzH%2FRyi24XQ7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c09b47fabc-OSL
X-Firefox-Spdy: h2
|
|
| keitaro.top/LBFKWk4T | 172.67.132.41 | 302 Found | 0 B |
IP172.67.132.41:0
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to a *.top domain |
GET /LBFKWk4T HTTP/1.1
Host: keitaro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _subid=s8hnpa28hvr; 6f461=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE2OTFcIjoxNjczNzQyMjc1fSxcImNhbXBhaWduc1wiOntcIjJcIjoxNjczNzQyMjc1fSxcInRpbWVcIjoxNjczNzQyMjc1fSJ9.or01HT7Qpsg6oDaR5-GXXKrFX-aUP_4O2k6Ks84pwCQ; _token=uuid_s8hnpa28hvr_s8hnpa28hvr63c347c33699c6.23888823
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 15 Jan 2023 01:59:52 GMT
content-type: text/html; charset=UTF-8
location: https://traffscale.g2afse.com/click?pid=98&offer_id=171&l=1670336844&sub1=s8hnpa28ilt&sub4=3
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa28ilt;Expires=Wednesday, 15-Feb-2023 01:59:52 GMT;Max-Age=2678400;Path=/
6f461=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE2OTFcIjoxNjczNzQyMjc1LFwiMTY4OVwiOjE2NzM3NDc5OTJ9LFwiY2FtcGFpZ25zXCI6e1wiMlwiOjE2NzM3NDIyNzUsXCIzXCI6MTY3Mzc0Nzk5Mn0sXCJ0aW1lXCI6MTY3Mzc0MjI3NX0ifQ.TKv24VUUzYB-u2xUBUHazqZNKmddhsMn21EJOoMZ5R8;Expires=Thursday, 30-Jan-2076 03:59:44 GMT;Max-Age=1673834392;Path=/
_token=uuid_s8hnpa28ilt_s8hnpa28ilt63c35e18d591e7.90719568;Expires=Wednesday, 15-Feb-2023 01:59:52 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BW93JWGR9Ea8lYh6POaC6iquP%2BvpxCYG53OTME6gKMPU9219hlFoFIPJRfHrjUu%2BTcMPfE4yRIUCV77W2X4S%2F7zRvB0gAUFO1oLAN60HQMKcXw0nzotwVsi58B3leQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03ba6dd8b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/logo/logo-casino.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/logo/logo-casino.png IP172.67.70.112:0
GET /img/logo/logo-casino.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/?lang=br&st=LVuNT1lF&s1=63c35e197613790001ba528e&s2=98&s3=&s4=&s5=&pc=30&form_phone={form_phone}&form_email={form_email}&trId=cf1ls69ct2hctalmq7l0&source=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-6d9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqeGMYYeKWH80enGuKyRlmitnqltR5ov7ptGAAdkIHwz8pP9ycWOasNCkgJvkj7PMXvqg2h15FgiP42qVQtZ%2BMg3%2FGMqB7J8jEi%2BhEKVQCfR8Azr0y3Rq8OYZQ9IUKjKl1I3BsLm4Ry4iUTXuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c03b2bfabc-OSL
X-Firefox-Spdy: h2
|
|
| wheel-monkey-br.pu020ev.com/img/wheel-br.png | 172.67.70.112 | 200 OK | 0 B |
URL HTTP/2wheel-monkey-br.pu020ev.com/img/wheel-br.png IP172.67.70.112:0
GET /img/wheel-br.png HTTP/1.1
Host: wheel-monkey-br.pu020ev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheel-monkey-br.pu020ev.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 01:59:53 GMT
content-type: image/png
last-modified: Thu, 30 Dec 2021 14:53:05 GMT
vary: Accept-Encoding
etag: W/"61cdc7d1-29519"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3faJxLgAVt419A6kcdLUF1mNXyVGJjPKiHUHul%2BzLlGQSMtflkzoo8vi5KPG6HUBm85kMbfwti5AQX9Z%2ByS1nZJcM%2BA%2FWrg19sTg5Ip8SNZ%2FVS0ByAmUlygVN%2F7o9JM4gsNBybWuFgVJihzc6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 789b03c07b3efabc-OSL
X-Firefox-Spdy: h2
|
|