r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11115
Expires: Thu, 24 Nov 2022 14:47:14 GMT
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 770d09773b5f304acf141fd66a4862b4
5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5
c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4571
Cache-Control: max-age=86728
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:41:59 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 11:47:27 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3035
Expires: Thu, 24 Nov 2022 12:32:34 GMT
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 11:18:58 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1381
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tOvuqAx+Ku3BogoYZ34DCQmFBxx7WH46dqpqm8Nda+/2soKQEvcSmNkcu7pQHre9c7uO71GGzGM=
x-amz-request-id: JQCVHJAMSNS79NPR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 10:43:22 GMT
age: 3517
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 11:41:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
regionic.info/jmb?p=51352
83.166.138.58301 Moved Permanently 241 B URL HTTP/1.1 regionic.info/jmb?p=51352
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4b15420f18e84875ca32d830640e24db
fd885a6f06e2e2752270e4e5e0158df066212abb
26b964e4168d2d0e11a48b30c4332da3e4ed31b9a7bf6083f73c886d60bf80c6
GET /jmb?p=51352 HTTP/1.1
Host: regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:41:59 GMT
Server: Apache
Location: http://regionic.info/jmb/?p=51352
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 11:11:11 GMT
cache-control: public,max-age=3600
age: 1849
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5836
Cache-Control: max-age=169325
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:00 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:44:05 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
regionic.info/jmb/?p=51352
83.166.138.58301 Moved Permanently 268 B URL HTTP/1.1 regionic.info/jmb/?p=51352
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 737ccc5b83966bf4e96ae79e455edd61
282e5815173b41b78b3e4203c3cd56fc46824a6f
ac03c87988282cc9c9617db2c5ccdf1bd8836536336e79b717316981822df7ea
Analyzer Verdict Alert fortinet Phishing
GET /jmb/?p=51352 HTTP/1.1
Host: regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:42:00 GMT
Server: Apache
X-Redirect-By: WordPress
Upgrade: h2
Connection: Upgrade
Location: http://www.regionic.info/jmb/?p=51352
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
54.148.190.4101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.190.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GLSs8fSGsanQ4fFIqZTFEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zF3uwiymkEPXAvR8PwVoiZ72bYs=
www.regionic.info/jmb/?p=51352
83.166.138.58200 OK 12 kB URL HTTP/1.1 www.regionic.info/jmb/?p=51352
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 59762151a9663fa2abe8d077e1217837
8ac04f748ba73eb7a175fce312303ad63caa019a
979fc82009484e4e4f8e24a2eeaa8cbd71f02bab9a97b32afbd1ee48cc42f31a
Analyzer Verdict Alert fortinet Phishing
GET /jmb/?p=51352 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:00 GMT
Server: Apache
Link: <http://www.regionic.info/jmb/index.php?rest_route=/>; rel="https://api.w.org/", <http://www.regionic.info/jmb/index.php?rest_route=/wp/v2/posts/51352>; rel="alternate"; type="application/json", <http://www.regionic.info/jmb/?p=51352>; rel=shortlink
Upgrade: h2
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.regionic.info/jmb/wp-content/themes/twentyten/style.css
83.166.138.58200 OK 5.9 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/style.css
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (535)
Hash 46b42de88554440913c99c306577b122
2c29e19ea1e71895b1b41138a59173dab15dfea5
2fe9193a48d8bb81f482b0cb299456e793d709bc5e86aee1426705d5e03f3743
GET /jmb/wp-content/themes/twentyten/style.css HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:00 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "5c67-52d39c977a300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5945
Content-Type: text/css
static.bufferapp.com/js/button.js
104.16.138.31301 Moved Permanently 0 B URL HTTP/1.1 static.bufferapp.com/js/button.js
IP 104.16.138.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/button.js HTTP/1.1
Host: static.bufferapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:42:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 24 Nov 2022 12:42:01 GMT
Location: https://static.buffer.com/js/button.js
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f1e0f87862b4ed-OSL
platform.linkedin.com/in.js?ver=6.0.3
23.36.76.121200 OK 163 kB URL HTTP/2 platform.linkedin.com/in.js?ver=6.0.3
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (41594)
Size 163 kB (163353 bytes)
Hash da4721479e3eebb502449a14c05ee952
69891f90cc545992346f3eab81e9aa2ba5834261
8c582baf4cef5b98699f420de88571cc698c5df8b303782be05ee1ddebb014b8
GET /in.js?ver=6.0.3 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Play
expires: Thu, 24 Nov 2022 11:49:25 GMT
cache-control: public, max-age=3600
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
content-length: 163353
x-li-fabric: prod-lva1
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
x-li-uuid: AAXuNSiXCFAdjEiDHxdpVg==
date: Thu, 24 Nov 2022 11:42:01 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
83.166.138.58200 OK 220 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 5960fb646f4ac405f4ec6c2c9ad2a027
0356668a2cf0a15628a6d1d0bea992a4264fc275
6e680f53135a6d4b2b75ffe9c7f687b33c4fe34abc1395e5d0e5acde4aaa595b
GET /jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:12:02 GMT
ETag: "10f-52d39b2efd080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 220
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
83.166.138.58200 OK 332 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash bcb6bcdc3b9f75d9834b745fafbcd2ef
d559a6d33ef73c30d7a546a69e5e6c7843dec4e4
ffee38b18271e25849cfd2ce95e3206b34e15d01aa3c21acf6dd29da55ce60f4
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "437-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 332
Content-Type: text/css
www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
83.166.138.58200 OK 12 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 13 Jul 2022 04:18:35 GMT
ETag: "15b64-5e3a8141f38c3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11681
Content-Type: text/css
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352
151.101.85.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352
IP 151.101.85.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352
Accept-Ranges: bytes
Date: Thu, 24 Nov 2022 11:42:01 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
83.166.138.58200 OK 635 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (1962), with no line terminators
Hash db3c7868bfc439e8374d97ead0d4bdee
9e58e07495cc2d09a4bbcbaeb79f02767b6557c1
c50c163a065576f4e979be7146044b2af003b994aa9be1f967bb2fb06b5cf953
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "7aa-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 635
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
83.166.138.58200 OK 2.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (8058), with no line terminators
Hash bfc3097d6a19406d6f000a8514db8c67
e92f355cf2aa7164c37640acab4d0ac189aef9ec
f453398a652ea2eeae098967a38ce361a0f0daf260fc33b208ecd97aea47ef90
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "1f7a-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2054
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
83.166.138.58200 OK 1.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6065), with no line terminators
Hash af7191bfbee1f7906b91594e564b3b54
d16ecd7e4548743a605d649e90219b4ef69dae01
94e39de77d84991a731ebf77fa6c75641127ce142213b07317536768511b2cbb
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "17b1-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1705
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
83.166.138.58200 OK 777 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash 1ce521270815d9f13c11654b2c940766
b87c4a83005a7e36335cea34c80a29d2bcb5eeae
735a289163641abaa57b850a4b4c2c1734766701aaba58d73fb4107ffe2febb7
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "8c2-52d39c24152c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 777
Content-Type: text/css
www.regionic.info/jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
83.166.138.58200 OK 4.2 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "2bd8-5e1ef8b65c353-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4169
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
83.166.138.58200 OK 381 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash c26c1149a61b90738434f96a6eb566be
60b7efad2c1852b4e66737965e2edd6afc8af2e9
5e3dba55cd599aefa42c63e6726f3c2e95cf14b077c7f1a8195f9788d77207d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "b1f-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 381
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
83.166.138.58200 OK 20 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash a90955a13115bcf2a0a18e5e5051b670
294f5e6ae3a8a187c890d8388356ce631c72f2e0
c66d608e487e67cfc925c3399a0db7438e59d7c48676f44e1266ee20455ec1d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "13706-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19494
Content-Type: application/javascript
www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
83.166.138.58200 OK 31 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "15db1-5e1ef8b65f233-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30908
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3
83.166.138.58200 OK 4.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document, ASCII text, with very long lines (8960)
Hash ddb5e0e67e101b25f75010659ad3f6d6
eef831f9d2e37b5af10d758380844a822e929632
2ff3d1c2cbbe1c09812aa640450044a57965f6525588a11bdf3d1032e251da8b
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "23d3-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4042
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
83.166.138.58200 OK 2.2 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6470), with no line terminators
Hash fa84b21a34f2d58c03aef662ae5abd67
7959d25dde0b746fb99b88728aa9f9b6e24de072
2daef4f3fae6b8a14be7374b5358e2a70ca7b82486627b73f94edfab41f054be
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "1946-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2159
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
83.166.138.58200 OK 7.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (20844)
Hash dbfe5bc7c17594ecb1c525e501da9564
f65f4f1d4f7043b85898ee231dfb9aba3e4220a1
86688bb51a8303ea530de4fafb4c91d3885e0447f7c10b45b3f1eb44091d558a
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "5270-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7677
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
83.166.138.58200 OK 4.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (13599), with no line terminators
Hash c37425cd901572f8f757e6a36627f2c6
e5810a1f9fb0be1ef033a26296ca3bdb38bdecbc
2e6289be6d9fc69faaf37cc4614af6f6ee9b8bff60259d419e08dc2fa19bcf8f
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "351f-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4142
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5249ed0144810e0edaa3f1abe987a6bd
f12ed5b46d728c910bbda5e0bee6ad60c964330c
5f5f62bfa6589930c5bae4a8e7e48b19b2a65a13689993967bb8036b73bad4d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4044
Cache-Control: max-age=137690
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:01 GMT
Etag: "637ebf97-117"
Expires: Sat, 26 Nov 2022 01:56:51 GMT
Last-Modified: Thu, 24 Nov 2022 00:49:27 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
83.166.138.58200 OK 3.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document, ASCII text, with very long lines (11853), with no line terminators
Hash 15522215729c753f7b3723e5abf2028b
ef370e5c588147a02076ea9ff496ff510e36e39f
e9a438f36dc15af555a2bf372a222715f96a8959d62888b386858e53c5c336d3
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "2e4d-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3448
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
83.166.138.58200 OK 16 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type Unicode text, UTF-8 text, with very long lines (56742)
Hash 44ee5d1989ce366ebf46a1977c0b4524
89b21bc7b7fcf4d0ab95df2d0d2aea997ca3fa5e
89eb529dbfefcb00a30a74bf8d13f414f37a27bcfcbe8537b62c1d6ca0f55d7c
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "dec1-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16453
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cc33a13490146ce49e99c32191670774
ec7f40dea918867e36579ac2488a3df2a3ff72f0
dd76b4354a048fc442f1bcca1c1f930a0fbcf076964ae6024b6b9c0f8ae40609
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6368
Cache-Control: max-age=131367
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:01 GMT
Etag: "637e9dd0-117"
Expires: Sat, 26 Nov 2022 00:11:28 GMT
Last-Modified: Wed, 23 Nov 2022 22:25:20 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 24 Nov 2022 11:42:01 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share.js?ver=6.0.3
www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
83.166.138.58200 OK 1.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (2946)
Hash 28214bc78b9edfcfbc9c7b651fb4f56c
fb0847abdb33dd943a2dcda4c4b905fb5cdd116c
11691bc1acc1f3a7ab8ef7c67fb720ca58fb72e52f510009f7b0cbc2589d45e0
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "ba5-5e1ef8b691eb3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1351
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
83.166.138.58200 OK 1.5 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 846d7d2e9ab8ef1cc3045650d90be00c
4fc113ffe22a5cffb328c1ecb77e409c472c4c96
20c45d712b497f79bf178c2d6ee4a5955e6902c6bb7101969289a49bca98b949
GET /jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:07 GMT
ETag: "1918-52d39b6cfa2c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1521
Content-Type: text/css
static.buffer.com/js/button.js
104.16.140.52200 OK 3.6 kB URL HTTP/2 static.buffer.com/js/button.js
IP 104.16.140.52:0
File type ASCII text, with very long lines (9232), with no line terminators
Hash 87b5644921824d0f59eb162acb5c4a87
9bc709b6bfdaa82c2a7ab64add58142a89ab8c0d
5438252fd29d2398479e6186bc6f1c08ac514fa89ec777df70dd11b828925a58
GET /js/button.js HTTP/1.1
Host: static.buffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:01 GMT
content-type: text/javascript
x-amz-id-2: Ez4lz1aR1yMYZHegBAJ5vo0CmbjWEJDT1L7iuTPXlEI15UkH8cOSAh+JlIzIVKpOc5SOw7ZdQLw=
x-amz-request-id: PR1Y3NMPESV3ARMJ
last-modified: Sat, 01 Apr 2017 01:06:37 GMT
etag: W/"c8686dc19498aa717127b1d47a53a912"
cf-cache-status: HIT
age: 778
expires: Thu, 24 Nov 2022 15:42:01 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=CiwyJ7FEjVSw.cyiT2QGjFjJeAEbxQm6mw8im1I.Qr0-1669290121-0-AWcCLWsRzzgs0IbOqHQtsCunOBHxuTuj9WrM7eujbuWn4ZwF/wESlePqc2WJrz9t9HPpKpfekoCe6FrwY+mLuWs=; path=/; expires=Thu, 24-Nov-22 12:12:01 GMT; domain=.buffer.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76f1e0f9af55fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
83.166.138.58200 OK 2.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 30 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 49e12c71bf7fc34e81b089e93cb24e97
6dbacc6dbc4e218bfecd3667027ac60f0f5f2ad8
6716dbbcf4c38a706abf0b7ad4398ca2f1d471c647ea8ef588fe680a1494501a
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "7be-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1982
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
83.166.138.58200 OK 1.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 05e27acef3866d11912ffd5f5a8082e6
21fdfecf0185d7006dda0ca426926b3ed4d2b2b4
91eebabc35aac7ff6bc31bd78f5bba8ae01a1621dbee807f2fe26aec8076db45
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "407-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1031
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
83.166.138.58200 OK 714 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 26 x 13, 8-bit/color RGBA, non-interlaced\012- data
Hash 346c3031219692aa036b3f70a049357e
1be1d28a7fd3c97ec06bd5acc0c1965975904dff
8eed0123cea1bc7373855ce7371d01f5c4bfbf58d0f70d9c9f2b945940f48c61
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "2ca-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 714
Content-Type: image/png
www.tipy.com/button_compact.gif
3.74.170.143301 Moved Permanently 185 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4c555068310076e85908835c721911f5
9ec990aabb4391e139034f68e5e657e0f1d0b74d
568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Thu, 24 Nov 2022 11:42:01 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://www.tipy.com/button_compact.gif
www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
83.166.138.58200 OK 106 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 940x198, components 3\012- data
Size 106 kB (106068 bytes)
Hash ec53ed4bf2c9c19af19954b5f0dd3aaa
0d99b1707f02398171141abf1fd4ef106547cd36
bb16a4f2a4fa5fd5c218dd791144a197269bdf8afbbadabed8c8c10ff0cc71ad
GET /jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Server: Apache
Last-Modified: Thu, 23 May 2013 11:07:30 GMT
ETag: "19e54-4dd60b0398080"
Accept-Ranges: bytes
Content-Length: 106068
Content-Type: image/jpeg
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352
151.101.85.140200 OK 1.1 kB URL HTTP/2 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352
IP 151.101.85.140:0
Hash 610788fd4961c058cee1869f473c374c
43c8308946d4f121b91aae5fb1a688392a234d01
fdc2e23dcb6a6ce8f2ada0e9933e7edbda5f15d450165c71482eb752c7c5ae24
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=51352 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 22 Sep 2014 16:25:05 GMT
etag: "610788fd4961c058cee1869f473c374c"
content-type: application/javascript
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:42:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: private, max-age=3600
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 1074
X-Firefox-Spdy: h2
api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/0.6/load.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: api.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 24 Nov 2022 11:42:01 GMT
content-type: text/html
content-length: 178
location: https://button.flattr.com/loader.js?mode=auto&ver=6.0.3
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7wFRXRxtm%2BIuDvJcOjNPd%2Fu6Mp0rFRV5roFwSZKiLTt%2FCMDr3%2Bt6iM%2BlkiPwisV%2BNoV%2FRC7omb8PSgBpHEXXolBPlrFAw3ebl1pDC8w%2FmqywSJowPoGm1DonhOtOWjc8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f1e0f98a5eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5249ed0144810e0edaa3f1abe987a6bd
f12ed5b46d728c910bbda5e0bee6ad60c964330c
5f5f62bfa6589930c5bae4a8e7e48b19b2a65a13689993967bb8036b73bad4d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4044
Cache-Control: max-age=137690
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:01 GMT
Etag: "637ebf97-117"
Expires: Sat, 26 Nov 2022 01:56:51 GMT
Last-Modified: Thu, 24 Nov 2022 00:49:27 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29c2104c3101e5bb00a672d48a526f77
622fdb8190becf8efdb6b4808f35bd80bce4f489
fbf86a20694d64b44f3179697e3cf4dc983ef47ad7530d5258340bf48c2bb5b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBF86A20694D64B44F3179697E3CF4DC983EF47AD7530D5258340BF48C2BB5B2"
Last-Modified: Wed, 23 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 17:42:01 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 04f5085172af83dbcb8788125f2a361c
2bb1a1b3504e751d63124f8c5b87748247b863ce
9822ca36e4438c81af8c0996b09a1c00ec76f86b15e91cd6487ffa31d9d92095
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 08:43:19 GMT
Expires: Mon, 28 Nov 2022 08:43:18 GMT
Etag: "2bb1a1b3504e751d63124f8c5b87748247b863ce"
Cache-Control: max-age=334276,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f1e0fb28efb529-OSL
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 24 Nov 2022 11:42:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36641e407f4da2b391a09df3edfedad5
9e1b3346707e5af161a2cb6abbca7d4650426a4f
369665c3bcc826b6976320c9b4b272456fdaf12447b150e80f9d228e3b814ccd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "369665C3BCC826B6976320C9B4B272456FDAF12447B150E80F9D228E3B814CCD"
Last-Modified: Tue, 22 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Thu, 24 Nov 2022 17:41:18 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
button.flattr.com/loader.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 button.flattr.com/loader.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /loader.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: button.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 24 Nov 2022 11:42:01 GMT
content-type: text/html
content-length: 178
location: https://flattr.com
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xNf2CWD4fzOgeZJr8lbRDX82aVCs4wIw1b2wltCNpRx7BT9etzJ9AALIaKHBEF441mO3FLp%2Ffm69%2BuKobKnkc6wqoREipX0fQirVIgpOQrAC6ABEgRHlgnpHanRU4QywNJko"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f1e0fb4d0bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 11:42:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cfb61d1d2a4d3e62e410c926cfa4a1ab
5c3f269cd16e9dd6bbb2e32efd46a4b2599ca436
4297b6c45e7dca6f841ae56da1040e1287f2e70c98e5f7fc674a674b59ebc7a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8702
x-amzn-requestid: 9687d5fa-c9f8-4afc-8278-0f0c12b28329
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvx9FQ4oAMFWmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e933f-397fca41442c0d7309395e4b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4cgRxjx6TQRxl4FIKsjrBPDZmhoDgbG72UAMRUnxZBUqV7yCfj3PyQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:44:50 GMT
age: 50231
etag: "5c3f269cd16e9dd6bbb2e32efd46a4b2599ca436"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 50095
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28381329eca6c426a8b05fcdef4aafcc
a1fbb6da386cf2eef8b76a65438cf9c6bd741f7a
4fc8414d39bbaacb1e6575924bd0bbb9373d78b177022f7d3c6457829abffd06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8748
x-amzn-requestid: 864da50a-44bb-4d20-b499-08c2a140871e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtENmoAMFqKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-2705cc956f2c2aa5535533b0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xT0IorkRpXysoYMnugcrV40YaAxoRPjLmkPcv1ElteP_-rNZ1c6fog==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
etag: "a1fbb6da386cf2eef8b76a65438cf9c6bd741f7a"
content-type: image/jpeg
age: 49481
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 15999
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352
76.76.21.123404 Not Found 6.7 kB URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352
IP 76.76.21.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5961)
Hash c013659da4d3346214f38e88b8093942
91d86445a20e13c456e37b9b73a7aba665cae55d
cf7d0b7bf3f04ab7ba71d51ce95ca3e9066101d51514e7e35c21332ffbc34299
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 671995
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 24 Nov 2022 11:42:01 GMT
etag: W/"651f3075366146b56b08e18f09559627"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::dqqjn-1669290121080-cffcd0ad02cf
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 037c0f19435a955d7ed58f65911e8f21
51a54b639617e113bb941d28b59c2571c0ca2e63
c2b15ed9257f220ed83845e1d0b343d21b7df9104c21162ea76b889609b8a404
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9992
x-amzn-requestid: a16f614c-5a5b-4f8b-97cb-c248e0b50753
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvcYEa0IAMFm_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e92b5-3b65b1b17c2a20b44a31aa9f;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:37:57 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OC0uEwrEKZ6UEEg_mpvYcoVBEUSEA_qTttmyRp1xptCRD4Vi4pFbCg==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:23 GMT
etag: "51a54b639617e113bb941d28b59c2571c0ca2e63"
content-type: image/jpeg
age: 49478
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.learningtoolkit.club/link.php?zzz=4
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
83.166.138.58200 OK 5.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:02 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "48b9-5e1ef8b690f13-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5009
Content-Type: application/javascript
www.learningtoolkit.club/link.php?zzz=5
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=5
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=5 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
www.learningtoolkit.club/link.php?zzz=5
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=5
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=5 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6fec2309e46e412fdade462099078446
b155402469fae8f143597d5c62363b82d11ae1c8
3fd90a73f0d129277e7918e1bfaf25e256dbf2b4884fff8750b3427d63455393
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FD90A73F0D129277E7918E1BFAF25E256DBF2B4884FFF8750B3427D63455393"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 17:42:02 GMT
Date: Thu, 24 Nov 2022 11:42:02 GMT
Connection: keep-alive
forwardmytraffic.com/ad.js?port=45
192.102.6.94200 OK 1.6 kB URL HTTP/1.1 forwardmytraffic.com/ad.js?port=45
IP 192.102.6.94:0
Hash 5d2aa03b878016e85969a97457851b1f
3c961375603dcf1ea5fc0c983547681f82e6bd5a
3f62353128c1cad38440cb9a6e3ec31a9599f0741539ca839d989d877aced763
GET /ad.js?port=45 HTTP/1.1
Host: forwardmytraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
www.learningtoolkit.club/link.php?zzz=4
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:41:59 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
104.17.24.14200 OK 1.3 kB URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (3385), with no line terminators
Hash 9dcd98b378b18da87ab0b80928cab48a
2daa54c68961571f76c9cf230f2c469079ba4629
1766ef15d29039deb1168ca7e34a98cc3b094f7a0d74475216c3696af5d6d6b9
GET /ajax/libs/json2/20121008/json2.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 1347
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec8-d39"
Last-Modified: Mon, 04 May 2020 16:11:52 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 95550
Expires: Tue, 14 Nov 2023 11:42:02 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNenX3fE9YVvWDvq2YTCSe4L38V6g0cXdNg5OJGVvCaSBl9Bi1ob3HG8OtVodiIR0MO2wNYKNuMV9vPKQgAUYzeProTUL5%2BvFQz06VETxd6A0aW2HVYGWGTtYfTSOIQeS6kOz7pC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f1e1032cb6b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
button.buffer.com/button/?id=f51637d81d3059c4&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&text=V%20%26%20M%E2%80%99s%20Barber%20Shop%20Bristol%20Barber%20Shop%20Opening%20Occasions%20And%20Reviews&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&utm_medium=buffer_button&utm_campaign=buffer
104.16.140.52301 Moved Permanently 0 B URL HTTP/1.1 button.buffer.com/button/?id=f51637d81d3059c4&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&text=V%20%26%20M%E2%80%99s%20Barber%20Shop%20Bristol%20Barber%20Shop%20Opening%20Occasions%20And%20Reviews&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&utm_medium=buffer_button&utm_campaign=buffer
IP 104.16.140.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /button/?id=f51637d81d3059c4&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&text=V%20%26%20M%E2%80%99s%20Barber%20Shop%20Bristol%20Barber%20Shop%20Opening%20Occasions%20And%20Reviews&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&utm_medium=buffer_button&utm_campaign=buffer HTTP/1.1
Host: button.buffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 11:42:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 24 Nov 2022 12:42:02 GMT
Location: https://button.buffer.com/button/?id=f51637d81d3059c4&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&text=V%20%26%20M%E2%80%99s%20Barber%20Shop%20Bristol%20Barber%20Shop%20Opening%20Occasions%20And%20Reviews&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&utm_medium=buffer_button&utm_campaign=buffer
Set-Cookie: __cf_bm=fmSOb8yBIu8W9ddR3eiGRcM2N5iJw5QR053JyQOSWls-1669290122-0-AY3gKq7PsGX7FWJnMpuy6TTPndCDrtWLPMvFUwRF6ERg++OPqbNFEHAYy5fF902WzuuYoTe++Sre76CR+g5HGLc=; path=/; expires=Thu, 24-Nov-22 12:12:02 GMT; domain=.buffer.com; HttpOnly; SameSite=None
Server-Timing: cf-q-config;dur=6.9999987317715e-06
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 76f1e1036d830b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.tipy.com/button.js
3.74.170.143404 Not Found 232 B IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button.js HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352
151.101.85.140200 OK 1.7 kB URL HTTP/1.1 www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352
IP 151.101.85.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1522)
Hash 4a408b7d64f2c0937eb0d1b944e3229e
e9edc11acdf9d5ae0357b680590d3dc719bf0adc
91aee29aee50d42c1a027a0c9b82f759847e37b6027af3d7b96ccf68db3fe685
GET /button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352 HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1709
Last-Modified: Wed, 30 Jul 2014 19:09:19 GMT
ETag: "ce91c4f683d32f8907f0e97f3fb93696"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: text/html
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 24 Nov 2022 11:42:02 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352
76.76.21.123404 Not Found 2.4 kB URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352
IP 76.76.21.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5961)
Hash 73b12c4023e8354d977273a0de0f3396
0c103f2a9e930f37b384c7b39f858911c3616ea9
b54dc9969f564df978dc2ae213ba575ca081821831e9512d0f3cb1df64a997bb
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=51352 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 671996
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 24 Nov 2022 11:42:02 GMT
etag: W/"651f3075366146b56b08e18f09559627"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::mls6g-1669290122757-02fc9ae09786
X-Firefox-Spdy: h2
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
www.redditstatic.com/button/button-embed.js
151.101.85.140200 OK 983 B URL HTTP/1.1 www.redditstatic.com/button/button-embed.js
IP 151.101.85.140:0
Hash 894ad3ef79db45d25e29d456dc0d4749
44560c5236cc799ab5cb2e9aa39dfe85d2d9b120
d61a96c13920a9de38d7d426dde2c890535856bda84a26845dc0272f05b33e2d
GET /button/button-embed.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 983
Last-Modified: Wed, 22 Oct 2014 17:47:37 GMT
ETag: "f6e79e0098bfda54ca2e0e02da223645"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: application/javascript
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 24 Nov 2022 11:42:02 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
odnaknopka.ru/ok9.js
142.132.202.70200 OK 143 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 01d104f1d2a961f6fc241ec08ba1af54
2e9f73a9137283c94c79bff44fd10f5b1a2738b6
f70c6e0720a4769e224d4ceb25d9908ae0f9da93dac347971cac311be73b1022
GET /ok9.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ETag: 2be3400a9af2621203b9e9fde91ea911
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 831c3970f4878ea185df38bac4de57dc
dbfc08db77716476756df7def8d2831c324428e2
a104aaa57ebdb93eea807d1bd057246aec2d36f9ee3c9b6c982a257c46260974
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126072
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:02 GMT
Etag: "637ea202-116"
Expires: Fri, 25 Nov 2022 22:43:14 GMT
Last-Modified: Wed, 23 Nov 2022 22:43:14 GMT
Server: nginx
Content-Length: 278
buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352
151.101.85.140404 Not Found 13 B URL HTTP/1.1 buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352
IP 151.101.85.140:0
File type ASCII text, with no line terminators
Hash 1e6cd917ed71a1241e4bedc29264bd98
5b65037351caeb0e5a48d963d7ffa88d0271d546
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
GET /button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352 HTTP/1.1
Host: buttons.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/
HTTP/1.1 404 Not Found
Connection: close
Content-Length: 13
Server: Varnish
Retry-After: 0
Content-Type: text/plain
Accept-Ranges: bytes
Date: Thu, 24 Nov 2022 11:42:02 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1624-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1669290123.923434,VS0,VE0
odnaknopka.ru/stat.js
142.132.202.70200 OK 358 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash f5c3d96c1d423c74a127cac2e0a58597
066d46aa9dc0959abb54f2cf805ce9af30c3fde1
8d3d75a202bfeacc981a2bfae3e215e2d137afc6f7d8cc31a955505bf5411bc3
GET /stat.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 11:42:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
83.166.138.58200 OK 794 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash f51375d00e7d0a70c801c6256d432d3b
313aff1fffa73433673203db25ff4154d07511e2
61d00189e16b4ae467e9f3283ccf459d666950277c866c82f337534951b50f51
GET /jmb/wp-content/themes/twentyten/images/wordpress.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/themes/twentyten/style.css
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:02 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "31a-52d39c977a300"
Accept-Ranges: bytes
Content-Length: 794
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
83.166.138.58200 OK 838 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 95f675e77a2c67a004771ee5d7dce1ee
74151d65e20475ac234287288c56ab2f370f502b
6a0b082d7f6c52899ed6d19d85676486c4a9a37894b7e0daaaeaf065929ab026
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:02 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "346-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 838
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 831c3970f4878ea185df38bac4de57dc
dbfc08db77716476756df7def8d2831c324428e2
a104aaa57ebdb93eea807d1bd057246aec2d36f9ee3c9b6c982a257c46260974
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=126072
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637ea202-116"
Expires: Fri, 25 Nov 2022 22:43:15 GMT
Last-Modified: Wed, 23 Nov 2022 22:43:14 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
83.166.138.58200 OK 61 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 138 x 237, 8-bit/color RGB, non-interlaced\012- data
Hash b74ef2596fd00a4b03c23aa91d9c92cf
4f5bc4506d9d95e1999b9088bd2acbe529c20707
ebb9cb51888811438828a39576992f273077047babbb1951c6a666b913fffcad
GET /jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:42:02 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 09 Mar 2012 17:32:38 GMT
ETag: "eda1-4bad2c7649980"
Accept-Ranges: bytes
Content-Length: 60833
Content-Type: image/png
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c036e35e8f60d36284cc31c1f46d013
8a0c007ec3b39a89dcae30393ddf9bfc6955ff0d
1bd20694dbdd9845b9b3b65f5407f39493b65aed9e307e0495affe84b6be80ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BD20694DBDD9845B9B3B65F5407F39493B65AED9E307E0495AFFE84B6BE80AD"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7163
Expires: Thu, 24 Nov 2022 13:41:26 GMT
Date: Thu, 24 Nov 2022 11:42:03 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 252d5293a18da84cc494dd72e1fefed3
52f64c4cfe0b8c7e68d4ac7c1e5d6e483690a136
16356d42f88f6a29cf5df17d9461180869ef8145e5a2d120e65f64c8e11f9e0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6504
Cache-Control: max-age=161346
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637f1265-116"
Expires: Sat, 26 Nov 2022 08:31:09 GMT
Last-Modified: Thu, 24 Nov 2022 06:42:45 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
connect.facebook.net/fr_FR/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/fr_FR/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash 558841bc68c2520beead6e5f7b61a04c
0f84581b8378ed2e70fcd117ffa7dff9c77c50fa
65aeb2863a4442caef1be4926efd9b5b57789b143ef6a76c903c84d243bd1bfe
GET /fr_FR/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 1d63e4788ecb8f4e1e81c076643657e7
ETag: "75b5650f95238177613e1c35a6654268"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Thu, 24 Nov 2022 11:57:19 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: VYhBvGjCUgvurW5fe2GgTA==
X-FB-Debug: khDI2Ie61DiD5aHK2klVbps4BN8f0tAz0uIlfsSkroTmtfUclbCxEvTJvVS1EZVIQxtk1GH2LqD6OvM6ih9eRQ==
X-FB-TRIP-ID: 1679558926
Date: Thu, 24 Nov 2022 11:42:03 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1688
www.regionic.info/favicon.ico
83.166.138.58404 Not Found 513 B URL HTTP/1.1 www.regionic.info/favicon.ico
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash e0640c95d0fc6b7a735a5d2baf676660
e6d90be255108401c93d14421bc8a4d29112b52f
b01e87d193e77bc8cde43397dfb7892b153ce6aab744f4bc6406d854c97e6265
GET /favicon.ico HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=51352
HTTP/1.1 404 Not Found
Date: Thu, 24 Nov 2022 11:42:03 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 18 Apr 2007 14:03:27 GMT
ETag: "201-42e638ce069c0;5ecea8926fca6
Accept-Ranges: bytes
Content-Length: 513
Content-Type: text/html
platform.twitter.com/widgets.js
151.101.84.157200 OK 29 kB URL HTTP/2 platform.twitter.com/widgets.js
IP 151.101.84.157:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 2df2f01e0c50f93a363cd2121f336b8e
f2c4d94859575123d0b1056f0338982eb094c60f
2cf6d15fc44a8c4387114a5a20174ae75515d43840cde361e64bf1a75e676585
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:43:37 GMT
cache-control: public, max-age=1800
content-type: application/javascript; charset=utf-8
etag: "6633f9603c759c40d9b200995454f17c+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:42:03 GMT
x-served-by: cache-iad-kcgs7200106-IAD, cache-bma1667-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 29221
X-Firefox-Spdy: h2
assets.pinterest.com/images/pidgets/pin_it_button.png
151.101.84.84200 OK 909 B URL HTTP/2 assets.pinterest.com/images/pidgets/pin_it_button.png
IP 151.101.84.84:0
File type PNG image data, 40 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash cf5ce2d2dcfa060f6032b0af60d45aa2
7a2370ff54f007a20d64d57c9547736136612869
f942d5999c18b372d0c74273c936fce1723b0761e67d56dfa80abac87eff864e
GET /images/pidgets/pin_it_button.png HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "cf5ce2d2dcfa060f6032b0af60d45aa2"
content-type: image/png
x-cdn: fastly
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-CDN
vary: Origin
cache-control: max-age=86400
date: Thu, 24 Nov 2022 11:42:03 GMT
content-length: 909
X-Firefox-Spdy: h2
resistcorrectly.com/stat
176.9.60.211302 Moved Temporarily 1.2 kB IP 176.9.60.211:0
ASN #24940 Hetzner Online GmbH
Hash b773fb7c0790a38e6452b8543ebc100e
90fea1ce1cbb192b8723a102b51908d4d6e5140b
eb82382fe26639d08bb4f3875a9e59855cf72bf643b9b89813848e8a9ff4b27c
GET /stat HTTP/1.1
Host: resistcorrectly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.12.2
Date: Thu, 24 Nov 2022 11:42:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
Set-Cookie: qwerty_stat=0; expires=Thu, 24-Nov-2022 12:42:03 GMT; Max-Age=3600; path=/
Location: https://hlmiq.com/vu/a/
platform.tumblr.com/v1/share_2.png
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share_2.png
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share_2.png HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 24 Nov 2022 11:42:03 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share_2.png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb3dbeb752bbb4b359b6700cfec713fa
cbf6e69e1463db6bf1824e6b927228832986ad20
66a5b6fdf9927c8dbd250ea1d8dbb228fd442a0d4c6b54e1a9135af4da8433ea
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4465
Cache-Control: max-age=142408
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637ed062-1d7"
Expires: Sat, 26 Nov 2022 03:15:31 GMT
Last-Modified: Thu, 24 Nov 2022 02:01:06 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32132)
Hash 19367efa6245eafdd8c6111a367da696
901ec681692d88afa09c28cee299ba120ca33a8b
cb11ee5a06892d5ffea634705118e1cc48f276c6d18fa20605c9bf5b9c33dc32
GET /ajax/libs/jquery/1.9.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33140
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 01:20:15 GMT
expires: Wed, 22 Nov 2023 01:20:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 210108
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/plusone.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/plusone.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 327d33b72373a953dc7ddef0c6463b48
2fd9b26cb459ff01c3a1dd3507f1c7484cce6ce4
1f9becca80520826519f7908eff9bc2cdf551f9afc5d2a276f9d3c4a55a0e79c
GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Thu, 24 Nov 2022 11:42:03 GMT
expires: Thu, 24 Nov 2022 11:42:03 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "34fae0e5dab49917"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.56.101200 OK 112 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.56.101:0
File type ASCII text, with very long lines (48421)
Size 112 kB (111603 bytes)
Hash 5e4459e5133480a9402794deb5db2a30
903ef820dcbaedabbfb0d4d58042a66e9f313428
4b186f4c3ce80e22e09396c1cf0d86f9bd6304c5bf4ac37d4fd338108709d623
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://button.buffer.com
Connection: keep-alive
Referer: https://button.buffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f1e10558720b51-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6375
Cache-Control: max-age=102524
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 16:10:47 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.tumblr.com/v1/share_2.png
74.114.154.15200 OK 669 B URL HTTP/2 platform.tumblr.com/v1/share_2.png
IP 74.114.154.15:0
File type PNG image data, 62 x 20, 8-bit colormap, non-interlaced\012- data
Hash 13c8dc9016bc818a8dd9c1ec40c7356d
625d1f4e8938c9b26a4b91b2553f6a8a30ab6705
4c51ffd459191da7dcfccef22d342118820e55e040a329a32f2b0ccfeb99f055
GET /v1/share_2.png HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 24 Nov 2022 11:42:03 GMT
content-type: image/png
content-length: 669
last-modified: Fri, 12 Aug 2022 09:28:23 GMT
etag: "62f61d37-29d"
expires: Thu, 24 Nov 2022 12:42:03 GMT
pragma: public
accept-ranges: bytes
cache-control: max-age=3600, immutable
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 51 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash a5aeb8dce52dc81116cc434ff43d3f63
c74721ddc9b87ba5a9deb2a361f44c9293f928b7
333fbf33d55990f58551357644398b7b571c25cd56bc25ad3ea7270571f96118
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 51072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 13:33:11 GMT
expires: Wed, 22 Nov 2023 13:33:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 166132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
142.250.74.174200 OK 35 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (661)
Hash e34312f65ce496d6353eca6a753fc2ed
5cc30bb9afa41832e449018a50023f87a8904e2d
37605c3dbd987f63c1881ab16df9c1babb95d01edf66a0e307e0f211ddde7af3
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 35191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 06:39:15 GMT
expires: Thu, 23 Nov 2023 06:39:15 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 104568
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5839001bc4f086051bdfd0866b0091cf
d1d52f3836b15c1eb7b239981ea9c6964d3b0833
161b46a4e15c7fa0d0dcccc4697acba2b7ffe75fe8b80640e7abbf99df186b84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "161B46A4E15C7FA0D0DCCCC4697ACBA2B7FFE75FE8B80640E7ABBF99DF186B84"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3698
Expires: Thu, 24 Nov 2022 12:43:41 GMT
Date: Thu, 24 Nov 2022 11:42:03 GMT
Connection: keep-alive
connect.facebook.net/fr_FR/sdk.js?hash=26955daa8182853960a4cea47504a166
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/fr_FR/sdk.js?hash=26955daa8182853960a4cea47504a166
IP 157.240.200.14:0
File type ASCII text, with very long lines (18530)
Hash 9ebb8a1e49af6bdb816c87bf2800f0e1
19009e5ce2a42b9fe70ef1662402cce51eea1e24
bfbc7ea5685dd68e13a4731ca1b35c81590edbdd145ae8cb2110b2a6e9aad407
GET /fr_FR/sdk.js?hash=26955daa8182853960a4cea47504a166 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 0f75d9894fa0fd7dde16df2cefacb56a
etag: "6056d9c145754e7cc4f8db8c8b74c477"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 24 Nov 2023 10:36:18 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: nruKHkmva9uBbIe/KADw4Q==
x-fb-debug: FhF2+H8UP8yKmlcPbjTvMD+rIKnHcJYaBRWUeHGC/JhFKL3RoDN+1OjQT7PgWoXl8IKIM0DqKES6izrINLDiGQ==
content-length: 88422
x-fb-trip-id: 1679558926
date: Thu, 24 Nov 2022 11:42:03 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6375
Cache-Control: max-age=102524
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 16:10:47 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
hlmiq.com/vu/a/
142.132.202.70200 OK 1.1 kB IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a2a34a2d5c3a5faa33124cdc87c45624
156dba70d8eecd71ebaddbdee8226ea29ab41f12
7463b97c35eff3a2011afa6fab8c3ad83df342cf08bcb8b7c54281e5b5524915
GET /vu/a/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 11:42:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4018de4e86c4b97c991b6c8449a8be03
425cefbedd5c7752c887a5b81da14d2f975864a3
74e6dce1ddee0c298dc2e0990ba0a2594b04d0f72e36b9ee7bd2d625c382c90f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3753
Cache-Control: max-age=152815
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Etag: "637efbd1-139"
Expires: Sat, 26 Nov 2022 06:08:58 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:25 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 313
hlmiq.com/vu/krug.gif
142.132.202.70200 OK 35 kB IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 64 x 64\012- data
Hash 4c01f48cbe445f3260ced97a71140a40
4d914378ba1aa9fe1b8bc44c381cc103260399cb
519d0ca82b0c49dd4a9de05072353e64e8d65fc8677d936ae5aea476c1397f81
GET /vu/krug.gif HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 11:42:03 GMT
Content-Type: image/gif
Content-Length: 34904
Last-Modified: Thu, 26 Nov 2020 10:21:52 GMT
Connection: keep-alive
ETag: "5fbf81c0-8858"
Accept-Ranges: bytes
developers.google.com/
142.250.74.14301 Moved Permanently 0 B IP 142.250.74.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://developers.google.com/
X-Cloud-Trace-Context: bff0530b5c6100ca14b19b2d212d7b1a
Date: Thu, 24 Nov 2022 11:42:03 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0ebdf9b3f69cf96eb88398a1a174085
a99e2ffad206d1b92a72d6c8339178e801ec81ec
c218550ac43f36f277f28e3d48c17cde71eecc659c76a0a53083a5a0a7bf760e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C218550AC43F36F277F28E3D48C17CDE71EECC659C76A0A53083A5A0A7BF760E"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11717
Expires: Thu, 24 Nov 2022 14:57:20 GMT
Date: Thu, 24 Nov 2022 11:42:03 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.99200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:55:51 GMT
expires: Wed, 22 Nov 2023 10:55:51 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 19 Nov 2022 03:11:36 GMT
content-type: text/javascript
age: 175572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=7001d5b00284990efeec632f5767901136a6ad7e
104.244.42.72200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=7001d5b00284990efeec632f5767901136a6ad7e
IP 104.244.42.72:0
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=7001d5b00284990efeec632f5767901136a6ad7e HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Thu, 24 Nov 2022 11:42:03 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 0af233de3475c003
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 112
x-connection-hash: 805ec0c85eb4efcc4d1843816fb2b28ad52950e0fef5ee81d760ffc9877c11f9
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
151.101.84.157200 OK 2.4 kB URL HTTP/2 platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
IP 151.101.84.157:0
File type ASCII text, with very long lines (7017), with no line terminators
Hash dd0db11eb64751c6c3b8cecfb5b77f2f
b79a753d0bc720adbbd9f566f11764dd0e1cbe2c
c80ffb7bf5d6d523bd483d7eeba3b3334d25ee8d66ddba80eaf448d07da2e2ff
GET /js/button.d2f864f87f544dc0c11d7d712a191c1f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:52 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:42:03 GMT
x-served-by: cache-iad-kiad7000153-IAD, cache-bma1667-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 2362
X-Firefox-Spdy: h2
experience.tripster.ru/partner/geo_detect/
51.250.76.213200 OK 0 B URL HTTP/2 experience.tripster.ru/partner/geo_detect/
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/geo_detect/ HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hlmiq.com/
Origin: https://hlmiq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
content-type: text/html; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,X-Auth-Token,X-CSRF-Token,x-requested-with
access-control-max-age: 84600
vary: Accept-Language
content-language: ru
set-cookie: device_id=52406ab2-fed0-4b29-8f39-a7021f46bd97; Domain=.tripster.ru; expires=Fri, 24 Nov 2023 11:42:03 GMT; HttpOnly; Max-Age=31536000; Path=/
x-request-id: ec7517972e28caee0ee1a0593ead156f
X-Firefox-Spdy: h2
platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
151.101.84.157200 OK 14 kB URL HTTP/2 platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
IP 151.101.84.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32033)
Hash 8d7fd142600eb3ef5b36ec3f2bd0f29b
0a5b4849e35d6fc0e633a190baa10602e42a2942
9935a5e14a7ba38e8b9f3cdf17bcaa8272f3d204096ca1f0ea8fb064b510b451
GET /widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:56 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "53819b01f65edf7b7866e434b2c6ea89+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:42:03 GMT
x-served-by: cache-iad-kiad7000160-IAD, cache-bma1667-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 13993
X-Firefox-Spdy: h2
syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669290123554%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=7001d5b00284990efeec632f5767901136a6ad7e
104.244.42.72200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669290123554%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=7001d5b00284990efeec632f5767901136a6ad7e
IP 104.244.42.72:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669290123554%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=7001d5b00284990efeec632f5767901136a6ad7e HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Thu, 24 Nov 2022 11:42:03 GMT
content-length: 43
x-transaction-id: 015272ab1e8e587d
strict-transport-security: max-age=631138519
x-response-time: 108
x-connection-hash: 805ec0c85eb4efcc4d1843816fb2b28ad52950e0fef5ee81d760ffc9877c11f9
X-Firefox-Spdy: h2
experience.tripster.ru/partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string=
51.250.76.213200 OK 17 kB URL HTTP/2 experience.tripster.ru/partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string=
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Hash 9f2ae1fe8ee3aa06267373b333c9bf6b
fd0218cddead109201940742fe5c34417508b5cb
41af28da02010ba9e07638cc29a56919345749e268b9035da17fa1f56a1948c4
GET /partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string= HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:04 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 14:12:46 GMT
vary: Accept-Encoding
etag: W/"637e2a5e-bf75"
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: f89c6fbc1eaa499e52e6c06e05b9e1a2
X-Firefox-Spdy: h2
experience.tripster.ru/partner/geo_detect/
51.250.76.213200 OK 102 kB URL HTTP/2 experience.tripster.ru/partner/geo_detect/
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Size 102 kB (101462 bytes)
Hash cf2a5290b9851c326d951c128be92ca8
c21fc34dbc139c5f47b5ef402fafaf5d11f8e63d
736f466d109f9ec0bbc9110ddca459ba19bad0661cc59b939f1c24154765b11a
POST /partner/geo_detect/ HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 60
Origin: https://hlmiq.com
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:04 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,X-Auth-Token,X-CSRF-Token,x-requested-with
access-control-max-age: 84600
vary: Accept-Encoding, Accept-Language
content-language: ru
set-cookie: device_id=85232e2f-470d-47e9-99df-d17fa8412c9d; Domain=.tripster.ru; expires=Fri, 24 Nov 2023 11:42:04 GMT; HttpOnly; Max-Age=31536000; Path=/
content-encoding: gzip
x-request-id: ea31041bc376efed5c4d03cfe0a561ca
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1f6d4bb1f98e12%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff3ee9b308323ff2%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1f6d4bb1f98e12%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff3ee9b308323ff2%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1f6d4bb1f98e12%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff3ee9b308323ff2%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D51352&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: oYZP04gw9F+5/L/KEdrnTqW5uQnswiP/RjxxMu7yuuPNGyU0ya8hdlAlK+oASGrHLj8B4K6EUbMZKWzEdCGt3A==
content-length: 0
date: Thu, 24 Nov 2022 11:42:05 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
51.250.76.213200 OK 0 B URL HTTP/2 experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
GET /partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:04 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language
content-language: ru
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: 49575517b3afc1cb3aeaa6a009ec466b
X-Firefox-Spdy: h2
developers.google.com/
142.250.74.14200 OK 0 B IP 142.250.74.14:0
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 10 Nov 2022 18:10:23 GMT
content-type: text/html; charset=utf-8
set-cookie: _ga_devsite=GA1.3.4213466574.1669290124; Expires=Sat, 23 Nov 2024 11:42:04 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-vNMDtkz/pBnky8iVcbbZC22sq5c1ET' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: 91129c40e7866441cbdae3911a6b2237
vary: Accept-Encoding
date: Thu, 24 Nov 2022 11:42:04 GMT
server: Google Frontend
content-length: 22471
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
216.58.207.237200 OK 0 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 216.58.207.237:0
GET /o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 11:42:03 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'nonce-fdbLVJqna2z9nGuIgIhRZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15200 OK 0 B URL HTTP/2 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 24 Nov 2022 11:42:01 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 21 Aug 2022 06:27:38 GMT
vary: Accept-Encoding
etag: W/"6301d05a-60"
expires: Thu, 24 Nov 2022 12:42:01 GMT
pragma: public
content-encoding: br
cache-control: max-age=3600, immutable
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
hyvesgames.nl/forwarded
104.21.86.44301 Moved Permanently 0 B IP 104.21.86.44:0
GET /forwarded HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 24 Nov 2022 11:42:02 GMT
content-type: text/html; charset=iso-8859-1
location: https://hyvesgames.nl/forwarded/
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1z6KRMlG4vEM%2FnahFxGYCX%2BkrZWQu%2BbjJ75thbrfJ2CRr5NCmdu8Qx2bxNOuxILUAkCfc6zbfs7vYs8sVMKM5xVHPSpEGSzYGsECKJ1f%2FJ01us4tz3pMy57QLu0oY5Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f1e1044aed1c02-OSL
X-Firefox-Spdy: h2
hyvesgames.nl/forwarded/
104.21.86.44200 OK 0 B IP 104.21.86.44:0
GET /forwarded/ HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
content-type: text/html
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
last-modified: Thu, 24 Nov 2022 00:31:15 GMT
vary: Accept-Encoding
p3p: CP="IDC DSP DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS UNI NAV INT PRE", CP="NOI DSP COR NID PSA ADM OUR IND NAV COM"
content-security-policy: sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation;
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSgv7%2BlUrY14rXI4lSFNEcfbfNq3eNb6RfD%2BNDWMjDcAeXwbISiu9YEVMVDfQpB97pQJs5%2F9IvvOctUC4MqyVs%2BfGq0NHoFTlWAz4cLtWJMZwrhvYFv1PgY6%2F28BHHxp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f1e104ab5b1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
experience.tripster.ru/partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313
51.250.76.213200 OK 0 B URL HTTP/2 experience.tripster.ru/partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
GET /partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313 HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 11:42:03 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 14:12:46 GMT
vary: Accept-Encoding
etag: W/"637e2a5e-14205"
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: 87f0299050a42cf9428c51bbc91deb6e
X-Firefox-Spdy: h2